Beta

You're using an early beta version of Mietto. Features and data may change during this testing period.

Mietto / Privacy Policy

Privacy Policy

Last updated: June 2025

This policy explains how Mietto collects, uses and protects your personal data in accordance with Regulation (EU) 2016/679 (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

Mietto
[Company legal name] — [Registered address]
Email: privacy@mietto.app

Items in brackets must be completed before this policy is published.

2. Personal Data We Collect

Depending on how you use Mietto, we may process the following categories of personal data:

A

Account data

Name, email address, hashed password, account type (landlord / tenant), preferred language, registration date.

B

Property & tenancy data

Rental property address, monthly rent amount, tenancy start/end dates, tenancy status.

C

Payment records

Month and year of payment, amount, payment status (pending / approved / rejected), rejection reason if applicable, uploaded proof-of-payment files (PDF, JPG, PNG).

D

Technical & usage data

Browser timezone (stored as a session cookie to display correct timestamps), session data, and server-side access logs.

E

Communications

In-app notifications and transactional emails (invitation, payment confirmation, rent reminders, account alerts). We do not send marketing emails.

3. How and Why We Use Your Data

Purpose Data used Legal basis (GDPR Art. 6)
Providing the rent management service A, B, C Art. 6(1)(b) — performance of a contract
Sending transactional emails & notifications A, E Art. 6(1)(b) — performance of a contract
Complying with financial record-keeping obligations B, C Art. 6(1)(c) — legal obligation
Security, fraud prevention & abuse detection A, D Art. 6(1)(f) — legitimate interests
Generating PDF reports & payment statements A, B, C Art. 6(1)(b) — performance of a contract

4. Data Retention

  • Account data — retained until you delete your account. After deletion, identifiable information is removed within 30 days.
  • Payment records & uploaded receipts — retained for 7 years from the payment date, in line with EU financial record-keeping requirements.
  • Email verification tokens — automatically deleted 24 hours after creation.
  • Invitation tokens — automatically expire after 7 days.
  • Server logs — retained for up to 90 days for security purposes.

5. Sharing Your Data

We do not sell your personal data. We share data only in the following limited circumstances:

  • Between landlord and tenant — when a landlord invites a tenant or a tenant submits a payment, relevant data (name, email, payment status) is visible to both parties as part of the service.
  • Email delivery provider — transactional emails are sent via an SMTP/email service provider. Only the recipient's email address and message content are transmitted.
  • Hosting infrastructure — your data is stored on servers located within the European Economic Area (EEA).
  • Legal obligation — we may disclose data if required to do so by law, court order, or competent authority.

6. Cookies & Local Storage

Mietto uses the following browser storage mechanisms:

Session cookie (essential)

Required to keep you logged in. Deleted when you close the browser or log out.

client_tz cookie (functional)

Stores your browser's IANA timezone so we display dates and timestamps correctly. Refreshed every 24 hours. Contains no personal identifier.

localStorage (functional)

Stores your dark/light mode preference (theme) and whether you have dismissed the beta notice (mietto_beta_dismissed). Stays in your browser until you clear it manually.

We do not use advertising cookies, tracking pixels, or any third-party analytics scripts.

7. Your Rights Under GDPR

As a data subject, you have the following rights. To exercise any of them, contact us at privacy@mietto.app. We will respond within 30 days.

Right of access (Art. 15)

Request a copy of all personal data we hold about you.

Right to rectification (Art. 16)

Ask us to correct inaccurate or incomplete data.

Right to erasure (Art. 17)

"Right to be forgotten" — request deletion of your data where no legal obligation requires us to keep it.

Right to restriction (Art. 18)

Ask us to suspend processing while a dispute is resolved.

Right to portability (Art. 20)

Receive your data in a machine-readable format (CSV export is available for payment records directly in the dashboard).

Right to object (Art. 21)

Object to processing based on our legitimate interests.

No automated decision-making: Mietto does not use your data for automated profiling or decisions that produce legal effects (Art. 22 GDPR).

8. Complaints

If you believe we are not handling your data in accordance with GDPR, you have the right to lodge a complaint with your national supervisory authority:

  • Greece: Hellenic Data Protection Authority (HDPA) — www.dpa.gr
  • Germany: Federal Commissioner for Data Protection (BfDI) — www.bfdi.bund.de
  • Other EU/EEA countries: Find your authority at edpb.europa.eu

We would, however, always appreciate the opportunity to resolve any concern directly — please contact us first at privacy@mietto.app.

9. Changes to This Policy

We may update this policy as the service evolves. If we make a material change (e.g. processing data for a new purpose), we will notify registered users by email at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

Back to home | Terms of Service →
📣

What's new

Mietly is now Mietto 🎉

See what's new
🍪

We use essential cookies to keep you signed in and remember your preferences. Privacy Policy

M

Loading