Legal

Privacy Policy

Effective date: 11 June 2026 · Last updated: 11 June 2026

VeoTrust (“VeoTrust,” “we,” “us,” or “our”) is a property intelligence platform that helps people verify a property before they rent or buy. We generate point-in-time reports based on official public sources. We are based in Barcelona, Spain, and we take privacy seriously — both yours and that of third parties whose information may appear in public registries.

This Privacy Policy explains what personal data we collect, why, on what legal basis, how long we keep it, and what rights you have. It applies to our website veotrust.com and all reports and services we provide (together, the “Services”).

Data controller

IAMT Music 2021 SCP · c/ Suïssa 8, 2-1, 08023 Barcelona, Spain · NIF ESJ05494513

Contact for privacy matters: privacy@veotrust.com

We comply with the EU General Data Protection Regulation (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD). Our supervisory authority is the Agencia Española de Protección de Datos (AEPD, www.aepd.es).

1. The most important things to know

Our reports are point-in-time snapshots. A VeoTrust report reflects publicly available data at the moment it is generated. We do not monitor properties, listings, owners or tenants afterwards. We are not a real estate agency and we are not a party to any transaction.
We collect very little about you — typically your email address and the property you ask us to check.
We never sell your personal data. We do not share your contact details with agents, landlords, or anyone else unless you explicitly ask us to.
Reports may contain limited data about third parties(such as a property owner’s name from the Land Registry). We process such data strictly for your individual check, keep it private to your report, and redact it after a fixed period. See Section 5.
We use cookieless analytics. We do not run advertising trackers, which is why you do not see a cookie banner on our site.

2. What data we collect about you, and why

2.1. Data you give us

Data	When	Purpose	Legal basis
Email address	When you request a free or paid report	To deliver your report and service messages about it	Performance of a contract (Art. 6(1)(b) GDPR)
Email address (marketing)	Only if you tick the separate opt-in box	Occasional product and market updates	Consent (Art. 6(1)(a)) — withdrawable any time via the unsubscribe link
Name, phone, message	If you contact us or request advisory services	To respond and provide the requested service	Performance of a contract / pre-contractual steps
Property details and listing URL	When you request a check	To generate your report	Performance of a contract
Payment confirmation	When you purchase a report	To process your order	Performance of a contract; legal obligations (invoicing)
Tenant profile data (income range, employment status, household, pets, document readiness)	Only if you use the optional Tenant Application feature	To calculate your application strength and, only with your separate explicit consent, to generate a profile you choose to share with a landlord or agent	Consent (Art. 6(1)(a)) for both processing and any sharing

Payment card details are never stored by VeoTrust. Payments are processed by Stripe; we receive only a confirmation and the data needed for invoicing.

2.2. Data collected automatically

We collect minimal technical data needed to run a secure service: IP address, browser type, pages visited, timestamps, and error logs. We retain these logs for up to 90 days for security, fraud prevention and debugging (legal basis: legitimate interest, Art. 6(1)(f)).

Our website analytics are cookieless and privacy-friendly: we measure aggregate page visits without tracking cookies, cross-site identifiers or advertising pixels. This is why no cookie consent banner is required. We use only strictly necessary technical storage (for example, to keep you signed in), which does not require consent.

2.3. What we do NOT collect

We do not intentionally collect special-category data (health, biometrics, religion, etc.), precise geolocation of users, or data about minors. Our Services are intended for users aged 18 and over. Please do not submit such data; if we discover it, we will delete it.

3. What we use your data for

To generate and deliver the reports you request;
To operate, secure and improve the Services (using aggregated or anonymised data wherever possible);
To process payments and meet our legal obligations (tax, accounting);
To respond to your questions and provide advisory services you request;
To send you marketing emails only if you opted in, with an unsubscribe link in every message.

We do not use your data for automated decisions that produce legal or similarly significant effects on you (Art. 22 GDPR). Our scores assess properties and listings, not people — with one exception: the optional Tenant Application feature scores the strength of your own application at your request and under your control; it is a tool for you, is not shared without your explicit consent, and produces no automated decision about you by us or anyone else.

4. Our snapshot principle

Every VeoTrust report is a snapshot: it reflects the public data available on the date of generation, clearly shown on the report. We do not track properties, listings, owners, landlords or tenants over time, we do not maintain dossiers, and we do not update old reports in the background. If you want a current view, you can request a new report, which is generated fresh from the sources at that moment.

This principle is central to how we minimise data: we collect what is needed for your specific check, we use it for that check, and we let it go on a fixed schedule (see Section 6).

5. Third-party data in reports (property owners, landlords, sellers)

To check a property properly, official sources may return limited personal data of people connected to it — for example, the owner’s name from a Nota Simple (Land Registry extract) or an insolvency status from the Public Insolvency Registry. These individuals are not our users, so we want to be transparent about how we handle their data:

Legal basis. We process this data under legitimate interest (Art. 6(1)(f) GDPR): the legitimate interest of a prospective buyer or tenant in verifying the legal status of a specific property before committing money to it. Access to Spanish Land Registry data itself requires a stated legitimate interest under Article 221 of the Spanish Mortgage Law, and registrars assess each request. Our processing is limited to exactly this purpose.
Private to your report. Third-party data appears only inside the private report of the client who ordered that specific check. It is never published, never indexed by search engines, never shown in samples, rankings or aggregated statistics, and never used to build profiles of individuals.
Limited retention. Twelve (12) months after a report is generated, names and identification numbers of third parties are automatically redacted from the stored report. The analytical conclusions remain; the personal data does not.
Right to object. If you are a property owner, landlord or seller and believe your data appears in a VeoTrust report, you may object or request erasure by writing to privacy@veotrust.com. We will verify your identity and respond within 30 days, redacting your data from the relevant report where the law requires or where your rights prevail.

6. How long we keep data

We keep personal data only as long as needed for the purpose it was collected for, in line with GDPR Art. 5(1)(e) and Spanish LOPDGDD rules (including the “blocking” mechanism of Art. 32 LOPDGDD where applicable):

Data	Retention
Account & report history	While your account is active, plus 12 months of inactivity; then reports are anonymised and account data deleted
Email (service)	Same as account
Email (marketing)	Until you unsubscribe or withdraw consent
Third-party data inside reports	Redacted 12 months after report generation (Section 5)
Tenant profile data	6 months after last activity, or immediate deletion at your request
Technical logs	Up to 90 days
Invoices and billing records	6 years (Spanish tax and commercial law) — kept blocked, used only for legal obligations
Advisory correspondence	Duration of the engagement plus 3 years (limitation periods)

Deletion is automated on these schedules. Where Spanish law requires pre-deletion “blocking,” data is isolated and accessible only for legal claims before final erasure.

7. Who we share data with

We do not sell or rent personal data. We share data only with:

Service providers (processors) that help us run the platform — hosting and database (e.g., Vercel, Neon), payment processing (Stripe), email delivery (e.g., Resend), AI processing for report generation. Each processes data under our instructions and a data processing agreement, and only to provide their service to us.
Official sources — when we request registry extracts (e.g., Nota Simple) for your check, the request is made to the official registry; we share only what is needed to identify the property.
A landlord or agent — only at your explicit request, if you choose to send them your tenant profile, and only after your separate, specific consent for that exact sharing.
Authorities — if required by law, court order, or to protect rights and safety, within the limits of applicable law.

Some providers may process data outside the EEA (for example, in the United States). Where that happens, transfers are protected by recognised safeguards: an adequacy decision (such as the EU–US Data Privacy Framework, where the provider is certified) or the EU Standard Contractual Clauses. Details are available on request at privacy@veotrust.com.

8. Your rights

Under GDPR and LOPDGDD you have the right to:

Access the personal data we hold about you, and receive a copy (portability);
Rectify inaccurate data;
Eraseyour data (“right to be forgotten”), subject to legal retention duties (e.g., invoices);
Restrict or object to processing, including any processing based on legitimate interest;
Withdraw consent at any time (e.g., marketing emails, tenant profile), without affecting prior lawful processing;
Not be subject to automated decision-making with legal or similarly significant effects — we do not perform such processing.

To exercise any right, email privacy@veotrust.com. We will verify your identity and respond within 30 days (extendable by law for complex requests, in which case we will tell you).

If you believe we have not resolved your concern, you may lodge a complaint with the Agencia Española de Protección de Datos (AEPD) — www.aepd.es — or with your local EU supervisory authority.

9. Security

We protect data with industry-standard measures: encryption in transit (TLS) and at rest, role-based access controls, access logging for sensitive data, isolated payment processing (PCI-compliant provider; we never store card numbers), and regular review of our security posture. In the event of a personal data breach likely to result in a risk to your rights, we will notify the AEPD within 72 hours and inform affected users where the risk is high, as required by Art. 33–34 GDPR.

10. What VeoTrust is not

For clarity, and because it matters for how data flows:

VeoTrust is not a real estate agency and does not broker, negotiate or intermediate transactions through its reports;
VeoTrust reports are informational analyses of public-source data, not legal advice, valuations for official purposes, or guarantees of any kind;
VeoTrust does not maintain databases of property owners, landlords or tenants — third-party data exists only transiently inside individual private reports, as described in Section 5.

11. Children

Our Services are not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact privacy@veotrust.com and we will delete it.

12. Changes to this Policy

We may update this Policy as the Services or the law evolve. The current version is always at veotrust.com/legal/privacy, with the effective date at the top. For material changes that affect your rights, we will give notice by email or a site banner at least 30 days in advance where feasible. Continued use of the Services after the effective date constitutes acceptance.

13. Contact

Privacy questions and rights requests: privacy@veotrust.com
General contact: office@veotrust.com
Postal address: IAMT Music 2021 SCP, c/ Suïssa 8, 2-1, 08023 Barcelona, Spain

← veotrust.com