Aluseg — Privacy Policy (RGPD/GDPR)
Version 1.0 — [DATE] DRAFT FOR LEGAL REVIEW — NOT YET IN FORCE
This Policy explains how personal data is processed on the Aluseg platform (app.aluseg.com), operated by Quotidiano Tagarela LDA, registered office [REGISTERED ADDRESS], NIPC [NIPC] ("Aluseg", "we"). Privacy contact: [PRIVACY EMAIL] [DPO not designated — CONFIRM whether one is required/desired].
1. The two roles we play (read this first)
Aluseg is used by landlords to manage rentals and by tenants and guarantors invited by those landlords.
- Aluseg as controller. For landlord account data, billing, platform security, service communications, and improvement of the service, Aluseg is the data controller.
- Aluseg as processor. For the personal data of tenants, prospective tenants and guarantors that a landlord collects and manages through the platform (identification, documents, income data, verification reports), the landlord is the controller and Aluseg processes that data on the landlord's behalf and instructions, under the Data Processing Addendum in the Landlord Terms. Tenants should address requests about their application first to their landlord; we assist landlords in answering them, and we honour requests addressed to us to the extent of our role.
2. What data we process
A. Landlord/account data (Aluseg = controller): name, email, phone, password (hashed), legal/billing details (legal name, NIF, address, IBAN, entity type, ID document type), plan and payment status (via Stripe — we do not store full card numbers), settings, support communications, technical logs (IP, timestamps, device/browser), usage events.
B. Tenant & guarantor data (Aluseg = processor for the landlord): identification data (name, date/place of birth, nationality, ID document, NIF, NISS), contact data, current address, household information provided, professional and financial data (employer, contract type, payslips, IRS tax return/settlement note, credit-responsibility map, bank statements, pension or activity documents), uploaded document files and their metadata, verification results (extracted facts, scores, evidence notes, red flags, report codes), e-signature ceremony data (codes verified, timestamps, document hashes, IP), and communications in the flow.
C. Website data: strictly necessary cookies and similar (session/authentication, language preference, theme preference, security). We do not use advertising or cross-site tracking cookies. [CONFIRM before adding analytics.]
3. Purposes and legal bases
| Purpose | Data | Legal basis |
|---|---|---|
| Provide the platform to landlords (account, features, support) | A | Contract performance (Art. 6(1)(b)) |
| Billing, invoicing, accounting | A | Legal obligation (Art. 6(1)(c)); contract |
| Process tenant/guarantor files, documents, leases, signatures on landlords' instructions | B | Processor on landlord's instructions; the landlord's basis is typically pre-contractual steps/contract (Art. 6(1)(b)) and legitimate interests in tenant selection (Art. 6(1)(f)) [landlord's responsibility] |
| Verificação Aluseg: automated document reading (OCR/AI), cross-checks, indicative scores | B | Processor on landlord's instructions; safeguards in §5 |
| Platform security, abuse prevention, audit trails | A, B, C | Legitimate interests (Art. 6(1)(f)) — keeping the service and its data safe |
| Service communications (transactional emails, alerts) | A, B (contact) | Contract; legitimate interests |
| Product improvement with aggregated/de-identified data | A, C | Legitimate interests; anonymised where possible |
| Marketing to landlords (if any) | A (email) | Consent or existing-customer e-mail rule, with opt-out [CONFIRM practice] |
We do not sell personal data and we do not use tenant documents to train our own or third parties' AI models. [CONFIRM: keep this promise enforced in provider settings — see §6.]
4. Where the data lives
Primary application data and documents are stored with Supabase in an EU region database and storage. The application is hosted by [Hostinger / HOSTING PROVIDER — CONFIRM REGION]. Backups follow the same safeguards.
5. Automated analysis (important for tenants and guarantors)
When a landlord orders a Verificação Aluseg, submitted documents are processed automatically: text is extracted by OCR, and AI models extract facts (e.g. net income, contract type), cross-check documents (e.g. payslips vs. tax return) and flag inconsistencies. The output is indicative scores and notes delivered to the landlord.
Safeguards: (i) no decision about the tenancy is taken by Aluseg or solely by automated means — the landlord takes the decision with human judgment; (ii) the report shows what could not be determined instead of guessing; (iii) tenants/guarantors are informed in the flow and can obtain human review, express their point of view and contest results (via the landlord, and via [PRIVACY EMAIL] for analysis errors); (iv) a re-analysis can be run on corrected documents; (v) reports expire (90 days) and are superseded by newer ones. To the extent Article 22 GDPR applies, the safeguards above implement the required protections; the landlord, as controller of the selection decision, must not treat the score as an automatic decision. [LAWYER: confirm Art. 22 analysis.]
6. Processors and subprocessors we use
| Provider | Role | Location/transfer safeguard |
|---|---|---|
| Supabase | Database, storage, authentication | EU region; [DPA — SCCs where applicable] |
| [Hostinger] | Application hosting | [CONFIRM region/entity] |
| Stripe | Payments, billing | EU/US — EU-US Data Privacy Framework / SCCs |
| Resend | Transactional email | US — DPF/SCCs [CONFIRM] |
| n8n ([self-hosted at n8n.musko.io / n8n GmbH cloud — CONFIRM]) | Document-processing workflow orchestration | [EU — CONFIRM] |
| OpenAI [and/or Google (Gemini), Mistral AI — CONFIRM current engine list] | AI document reading/extraction for the Verificação | US/EU — DPF/SCCs; API data not used for model training per provider terms [VERIFY setting]; documents transit via short-lived links and are not retained by us at the provider beyond processing [VERIFY provider retention] |
| Google Maps Platform | Address autocomplete (addresses typed by users) | Google Ireland/US — SCCs |
We will update this list before adding a subprocessor that processes tenant data; landlords are notified per the DPA.
7. Retention
- Account data: for the life of the account; deleted or anonymised within 90 days of account closure, except records we must keep (e.g. billing: 10 years under Portuguese tax law).
- Tenant/guarantor files and documents: controlled by the landlord — kept while the landlord keeps them in the account and deleted with the account per the DPA. Landlords should delete files of rejected applicants when no longer necessary [landlord duty].
- Verification reports: validity 90 days; retained (with supersession/revocation status) while the landlord's account keeps them, as evidence of the service performed.
- E-signature audit trails: retained for the limitation period applicable to the signed document, as evidence.
- Security logs: up to [12] months.
8. Security
Encryption in transit (TLS); encrypted storage at the infrastructure level; per-account isolation enforced by row-level security in the database; signed, short-lived links for document access; role-restricted internal access; audit trails on sensitive flows (signature, verification); secrets management and least-privilege service credentials. No system is 100% secure; we notify breaches as legally required (to controllers, authorities and data subjects as applicable).
9. Your rights
You have the rights of access, rectification, erasure, restriction, portability and objection, and the right to withdraw consent where processing is based on consent. Tenants/guarantors: for data in a landlord's account, the landlord is the controller — we will route your request or assist them in answering it within the legal deadlines. Requests: [PRIVACY EMAIL]. You may also complain to the supervisory authority: CNPD — Comissão Nacional de Proteção de Dados (www.cnpd.pt).
10. Cookies
We use strictly necessary cookies: authentication/session (Supabase auth), language (locale), interface theme, security/anti-abuse, and Stripe's cookies during checkout. These do not require consent under the ePrivacy rules as implemented in Portugal, but we inform you here. If we ever add analytics or non-essential cookies, we will ask for consent first via a cookie banner. [CONFIRM no analytics are present before publishing.]
11. Children
The platform is not directed at minors under 18 and we do not knowingly process their data, except where they lawfully appear in a household context entered by a landlord or tenant.
12. Changes
We will post updates here and, for material changes affecting you, notify by email or in-product notice. Version history available on request.
[DRAFT — for review by Portuguese counsel before publication. Items in [BRACKETS] must be completed/verified.]