Users of Yorlet (“Yorlet”, “we”, “our”, and “us”) trust us when they come to our website or use our Services. This privacy statement is to further that trust by being transparent with our privacy practices regarding personal information (as defined below) that we collect, use, share and secure.

We are committed to protecting your privacy, so we have taken our time to develop a Privacy Policy that covers how we collect, use, disclose and store your information. The collection and use of data is essential to our ability to provide our Services and to keep the Services safe. Please take a minute to familiarise yourself with this policy as it applies to all interactions you have with Yorlet’s products and Services.

‍Defined Terms

“Personal Data” refers to any information associated with an identified or identifiable individual, which can include data that you provide to us, and that we collect about you during your interaction with our Services (such as device information, IP address, etc.).

“Services” refers to the products, services, devices, and applications that we provide under the Yorlet Services Agreement (“Business Services”) or the Yorlet Consumer Terms of Service (“End User Services”); websites (“Sites”) like yorlet.com and onemove.io; and other Yorlet applications and online services. We provide Business Services to entities (“Business Users”). We provide End User Services directly to individuals for their personal use.

Depending on the context, “you” might be an End Customer, End User, Representative, or Visitor:

• End Users. When you use an End User Service, such as using OneMove, we refer to you as an “End User.”
• End Customers. When you are not directly transacting with Yorlet, but we receive your Personal Data to provide Services to a Business User, including when you make a purchase from a Business User on a Yorlet Payment page or receive payments from a Business User, we refer to you as an “End Customer.”
• Representatives. When you are acting on behalf of an existing or potential Business User—perhaps as a company founder or account administrator for a Business User we refer to you as a “Representative.”
• Visitors. When you interact with Yorlet by visiting a Site without being logged into a Yorlet account, or when your interaction with Yorlet does not involve you being an End User, End Customer, or Representative, we refer to you as a “Visitor.” For example, you are a Visitor when you send a message to Yorlet asking for more information about our Services.

1. The Personal Data we collect and how it is used and shared

1.1 End Users

We provide End User Services when we offer Services directly to individuals for their personal use (for example, OneMove).

a. Personal Data we collect about End Users

Using OneMove. When you create and use a OneMove account, we collect Personal Data that enables us to provide you with a consistent and convenient experience across Yorlet’s Services and participating Business Users. This may include:

• Identity and contact information, such as your name, email address, phone number, and postal address.
• Account credentials, such as your username and password, and security information associated with your account (e.g., authentication logs or multi-factor authentication data).
• Saved profile information, including any details you choose to store for future rental applications, tenancy management, or interactions with Business Users.
• Technical information, such as device details, IP address, browser information, and interaction data collected through cookies or similar technologies when using OneMove or other Yorlet applications.
• Usage information, including your activity within OneMove, settings, preferences, and how you engage with Services that integrate OneMove.

You may choose to store additional Personal Data within OneMove to streamline your future interactions. Where data is optional, this will be clearly indicated.

b. How we use and share Personal Data of End Users

Services. We use your Personal Data to operate, maintain, and provide OneMove and other End User Services. This includes creating and maintaining your account, enabling you to store and reuse information, providing customer support, ensuring the security of your account, and improving the functionality and performance of our Services.

Our Business Users. When you use OneMove to interact with a Business User, for example, by submitting pre-filled information to a letting agent or landlord, we may share the relevant Personal Data with the applicable Business User to fulfil your request. We share only the information necessary for the Business User to provide the service or complete the process you initiate.

Advertising. We may use aggregated or pseudonymised information for audience measurement and analytics to improve our advertising practices. We do not sell your Personal Data. Where required, we obtain your consent before using cookies or similar technologies for targeted advertising or personalisation.

1.2 End Customers

End Customers are individuals whose Personal Data we receive because a Business User uses Yorlet to provide services to them, including tenancy-related interactions or payment processing. End Customers do not necessarily have a direct relationship with Yorlet.

a. Personal Data we collect about End Customers

Rental Applications. When a Business User uses Yorlet to collect or manage rental applications, we process the Personal Data submitted to them. This may include identity information, contact details, employment information, references, financial information, and any documents uploaded as part of an application.

Tenancies. When Business Users manage tenancies through Yorlet, we receive Personal Data relating to tenancy agreements, communications, rent schedules, maintenance requests, and other records required to administer a tenancy.

Transactions. When payments are initiated or processed through Yorlet, we collect transaction-related information, which may include payment method details (such as card type and expiry date), billing information, transaction identifiers, and payment amounts. Sensitive payment data (such as full card details) is handled securely through our payment partners and is never stored in full by Yorlet.

Identity and Verification. Where Business Users request identity verification, background checks, or fraud prevention analysis, we may receive and process documents such as identity cards, bank statements, or proof of address, as well as verification outcomes from our identity partners.

b. How we use and share Personal Data of End Customers

Our Business Users. We process Personal Data on behalf of Business Users to help them accept applications, conduct referencing, manage tenancies, communicate with End Customers, fulfil regulatory obligations, and carry out other activities for which they use Yorlet Services. Business Users determine the purposes for which they use your Personal Data, and we act as a processor on their behalf.

Payment processing. We use Personal Data to process and facilitate payments, handle refunds, prevent fraud, comply with financial regulations, and work with payment partners as necessary to complete a transaction.

Identity and Verification services. We use Personal Data to perform or facilitate identity verification, anti-fraud checks, or regulatory screening requested by a Business User. This may involve sharing Personal Data with verification partners who conduct the checks on behalf of Yorlet and the Business User.

1.3 Representatives

Representatives act on behalf of Business Users such as founders, employees, administrators, or individuals responsible for managing or setting up a Business User’s account.

a. Personal Data we collect about Representatives

Registration and contact information. When a Business User creates or manages an account with us, we collect the Representative’s details, such as name, email address, phone number, job title, and login credentials.

Identity information. We may collect documentation or verification information when required to authenticate a Business User, prevent fraud, or comply with legal or financial regulations. This may include identity documents, proof of authority, and records of your communications with us.

b. How we use and share Personal Data of Representatives

Business Services. We use Representative Personal Data to provide, maintain, and improve our Business Services; communicate about accounts, billing, and compliance; support onboarding and account management; and ensure the security and integrity of our systems.

Advertising. We may use aggregated or business-focused data to improve the relevance of marketing communications directed at Business Users. Any direct marketing to Representatives will comply with applicable marketing and consent requirements, and you may opt out at any time.

1.4 Visitors

Visitors interact with Yorlet without logging into an account, for example, by browsing our Sites or making general enquiries.

a. Personal Data we collect about Visitors

When you browse our Sites, we may collect:

• Information you provide directly, such as when you fill out a contact form, request a demo, or subscribe to updates.
• Technical and usage information, including IP address, device information, browser type, operating system, pages visited, referral paths, and interaction data collected via cookies or similar technologies.
• Cookie and tracking information, where permitted, including preferences and usage patterns that help us understand how Visitors use our Sites.

You can manage or disable non-essential cookies via your browser settings or through cookie controls where offered on our Sites.

b. How we use and share Personal Data of Visitors

Personalisation. We use Visitor data to tailor your experience, improve site navigation, provide relevant content, and remember your cookie preferences or browsing choices.

Advertising. Where permitted, we may use cookies or third-party tools to measure the effectiveness of our advertising and to provide more relevant adverts. We will request consent where required before using cookies for advertising purposes.

Engagement. We use Visitor data to respond to your queries, provide information about our Services, maintain site security, detect fraud or misuse, and analyse how Visitors interact with our Sites so we can improve performance and user experience.

2. Legal bases for processing Personal Data

Where the GDPR or other applicable data protection laws apply, we process Personal Data only when we have a valid legal basis. The legal bases we rely on may include:

2.1 Performance of a Contract

We process Personal Data where it is necessary to provide the Services you request, or to take steps at your request before entering into a contract. This applies, for example, when operating OneMove, processing tenancy-related information, or handling payments.

2.2 Legitimate Interests

We process Personal Data where doing so is necessary for our legitimate interests and those interests are not overridden by your fundamental rights and freedoms. These interests include maintaining and improving our Services, personalising user experiences, preventing fraud, ensuring network and information security, and supporting our Business Users in providing their services.

2.3 Consent

In some cases, we rely on your consent—for example, for optional cookie-based advertising, for certain communications, or when you choose to store additional data in OneMove beyond what is required. You can withdraw your consent at any time.

2.4 Compliance with Legal Obligations

We may process Personal Data to meet our legal obligations, including obligations under financial regulations, anti-money laundering and fraud prevention laws, and applicable reporting requirements.

2.5 Public Interest

In limited circumstances, we may process Personal Data to perform tasks carried out in the public interest, such as verifying identity as required by certain regulatory regimes.

3. How Long We Retain Personal Data

We retain Personal Data only for as long as necessary for the purposes for which it was collected, including to comply with legal, regulatory, accounting, or reporting obligations.

3.1 End Users and Representatives

We retain account information for as long as your account remains active. If you choose to deactivate your account, we will delete or anonymise Personal Data within a reasonable period, unless retention is required by law or necessary for ongoing legitimate business interests (e.g., fraud prevention or security).

3.2 End Customers

We retain Personal Data processed on behalf of Business Users according to the instructions of those Business Users and in line with our contractual obligations. In many cases, retention periods are determined by legal and regulatory requirements applicable to landlords, letting agents, or other Business Users.

3.3 Visitors

We retain Visitor data collected through cookies and similar technologies in accordance with our Cookie Policy, and for no longer than is necessary for analytics, security, or personalisation purposes.

3.4 Legal and Regulatory Requirements

In certain cases, we may be required to retain specific data for set periods—for example, financial transaction records or identity-verification evidence required by anti-fraud or anti-money laundering regulations.

4. Changes to This Privacy Policy

As Yorlet continues to develop, we may decide to revise this privacy policy from time to time. The most current version will govern our use of your information and will always be at https://www.yorlet.com/legal/privacy, and older versions are available upon request. If we make changes that we think will substantially alter your rights, we will notify you by posting a notice on our website. You agree to accept any changes or revisions to this privacy policy by continuing to use Yorlet.

5. Contact Us

We’d love to hear your questions, concerns and feedback about this privacy policy. If you have suggestions for us, let us know at [email protected].