CasaPay Privacy Policy

Last Updated: October 7, 2025

1. Introduction

Welcome to CasaPay. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

CasaPay provides frictionless rental payment solutions, enabling tenants to rent properties without traditional deposits through our secure verification and virtual card services.

This Privacy Policy applies to:

• Our website at casapay.com
• Our mobile applications (iOS and Android)
• All related services, features, and content offered by CasaPay

By using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

CasaPay is operated by two entities depending on your location:

For users in the United Kingdom:

• CasaPay Ltd
• Company Registration Number: 14806725
• Registered Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

For users in the European Union:

• CasaPay OÜ
• Registry Code: 16781169
• Registered Address: Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 5, 10117, Estonia

For the purposes of applicable data protection legislation, the relevant CasaPay entity acts as the "data controller" of your personal data.

3. Data Protection Contact

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Email: support@casapay.com
• Phone: +44 20 4579 5890
• Postal Address: 71-75 Shelton Street, London WC2H 9JQ, United Kingdom

4. Information We Collect

4.1 Information You Provide to Us

When you register for and use CasaPay, we collect the following categories of personal data:

4.2 Information We Collect Automatically

When you use our website or applications, we automatically collect:

4.3 Information We Do NOT Collect or Store

CasaPay does not collect, store, or have access to:

• Biometric data (fingerprints, facial recognition data, etc.)
• Social Security Numbers or National Insurance Numbers
• Bank account login credentials
• Payment card details (card numbers, CVV, etc.)
• Your precise GPS location

5. How We Use Your Information

We process your personal data for the following purposes:

5.1 Contract Performance

• Creating and managing your CasaPay account
• Processing your tenant verification
• Facilitating rental payments through our platform
• Providing customer support

5.2 Legal Obligations

• Complying with anti-money laundering (AML) regulations
• Fulfilling Know Your Customer (KYC) requirements
• Responding to lawful requests from authorities
• Maintaining records as required by financial regulations

5.3 Legitimate Interests

• Improving and developing our services
• Detecting and preventing fraud
• Ensuring network and information security
• Analysing usage patterns to enhance user experience

5.4 Consent

• Sending marketing communications (where you have opted in)
• Using cookies and similar technologies for analytics

6. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

7. Sharing Your Information

7.1 Third-Party Service Providers

We share your personal data with carefully selected third parties who help us provide our services:

7.2 Analytics and Marketing Partners

We use the following services to understand how users interact with our platform:

7.3 When We May Disclose Your Data

We may also share your information:

• With your consent — when you have given us permission
• For legal reasons — to comply with legal obligations, court orders, or lawful requests from authorities
• To protect rights — to enforce our terms and protect our rights, property, or safety
• Business transfers — in connection with a merger, acquisition, or sale of assets (you will be notified)

7.4 International Transfers

Your data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreement (IDTA)
• Adequacy decisions where applicable

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

After the retention period expires, we securely delete or anonymise your data.

9. Your Rights

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:

9.1 Right of Access

You can request a copy of the personal data we hold about you.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your data in certain circumstances, such as when it is no longer necessary for the purpose it was collected.

9.4 Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

9.5 Right to Data Portability

You can request to receive your data in a structured, commonly used format to transfer to another service.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

9.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects. CasaPay does not currently make fully automated decisions without human involvement.

9.8 Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@casapay.com. We will respond to your request within one month. This period may be extended by two further months where necessary, considering the complexity and number of requests.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption: Data encrypted in transit (TLS 1.2+) and at rest
• Access Controls: Role-based access limited to authorised personnel
• Infrastructure Security: Secure cloud hosting with regular security audits
• Monitoring: Continuous monitoring for suspicious activities
• Employee Training: Regular data protection training for staff
• Incident Response: Established procedures for handling data breaches

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and keep your login credentials confidential.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience on our platform.

11.1 Types of Cookies We Use

11.2 Managing Cookies

You can manage your cookie preferences through:

• Your browser settings
• Our cookie consent banner (where applicable)

Please note that disabling certain cookies may affect the functionality of our services.

12. Children's Privacy

CasaPay services are intended for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18 years old.

If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information as quickly as possible. If you believe we have inadvertently collected data from a minor, please contact us immediately at support@casapay.com.

13. Third-Party Links

Our website and applications may contain links to third-party websites, services, or applications that are not operated by CasaPay. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email and/or prominent notice on our platform
• Where required by law, obtain your consent

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

15. Complaints

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with a supervisory authority:

For UK users:

• Information Commissioner's Office (ICO)
• Website: ico.org.uk
• Helpline: 0303 123 1113

For EU users:

• Your local Data Protection Authority
• For Estonia: Andmekaitse Inspektsioon — aki.ee

We would appreciate the opportunity to address your concerns before you contact a supervisory authority. Please reach out to us first at support@casapay.com.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

CasaPay

• Email: support@casapay.com
• Phone: +44 20 4579 5890
• Address: 71-75 Shelton Street, London WC2H 9JQ, United Kingdom

This Privacy Policy is compliant with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), and applicable data protection laws. It is designed to meet the requirements of Apple App Store and Google Play Store for apps that collect and process personal data.