PropertyOne
Product Features Pricing About
Sign in Book a demo
PropertyOne
Product Features Pricing About Sign in
Book a demo
Legal

Privacy Policy

PropertyOne (Novola SAS) · Last Updated: February 22, 2026

Novola SAS ("we", "us", or "our"), a company incorporated in France, operates the multi-entity financial operations platform PropertyOne via https://ppty.one (the "Service"). This Privacy Policy outlines how we process personal data collected from our platform users and infrastructure configurations.

Data Controller vs. Data Processor

Novola SAS acts as the Data Controller for account registration, billing, and system configuration data. For any tenant identities, lease documentation, IBANs, and raw banking ledger data imported into the workspace by our clients, Novola SAS acts strictly as a Data Processor governed by a Data Processing Agreement (DPA). The DPA allocates liability between Novola SAS and the client for the personal data of the client's own tenants, employees, and counterparties processed within their workspace.

01Infrastructure & Sovereignty

All core customer databases, ledger assets, and parsing pipelines are deployed exclusively within AWS Region eu-west-3 (Paris, France). Data is encrypted at rest using AES-256 and in transit via TLS 1.3 to fulfil European technical requirements.

This sovereignty commitment applies to core storage and processing infrastructure. Certain limited data categories are shared with subprocessors located outside the EU/EEA for specific functions described in Section 4; those transfers are governed by the safeguards described there.

02Legal Basis for Processing

We process personal data under the following legal bases (Article 6 GDPR):

  • Performance of a contract · account provisioning, workspace configuration, and delivery of the Service, including automated reconciliation and rent invoicing.
  • Legal obligation · retention of accounting and audit-trail records as required under French commercial law (see Section 6).
  • Legitimate interests · securing the Service, preventing fraud, and maintaining the immutable audit trail, balanced against data subjects' rights and freedoms.
  • Consent · where applicable, for optional communications outside the scope of essential service delivery.

03Data Collection & Usage

We restrict data collection to essential components required to fulfil our contractual processing obligations:

  • Account Management: Name, enterprise email address, professional role, and workspace parameters.
  • Financial Operations Data: Multi-entity holding structures, local IBAN configurations, bank statement ledger imports, and VAT profiles used for automated reconciliation.
  • Immutable Audit Trail: Cryptographic logs recording system interaction timestamps, edits, and matching confirmations to guarantee defensible reporting.

04Subprocessors, International Transfers & Email Automation

We do not broker or monetize application datasets. We share limited data subsets with verified technical infrastructure providers, strictly as necessary to operate the Service:

  • Infrastructure: Amazon Web Services (AWS eu-west-3, France). Core databases and ledger data remain in-region.
  • Transactional Email Delivery: Postmark (Wildbit LLC, a subsidiary of ActiveCampaign, Inc., United States), used to dispatch action-triggered system messages (alerts, verification codes, and automated rent invoicing) to recipients designated by the client. This involves an international transfer of recipient contact details and message content to the United States.

International transfer safeguards: Transfers of personal data to Postmark are governed by the European Commission's Standard Contractual Clauses (SCCs), supplemented by technical and organisational measures. Where a subprocessor is certified under the EU-U.S. Data Privacy Framework, that certification serves as an additional safeguard. We do not treat physical proximity to eu-west-3 as a substitute for a valid transfer mechanism, and the sovereignty commitment in Section 1 does not extend to data necessarily shared with this subprocessor to deliver transactional email.

Subprocessor changes: We maintain a current list of subprocessors and will notify workspace administrators at least 14 days in advance of onboarding a new subprocessor with access to client data, via email and/or in-app notice, and provide a mechanism to object as set out in the DPA.

05Cookie-Less Framework

PropertyOne values data minimisation and architectural clean-slating. The Service runs a fully cookie-less architecture. We do not place tracking, marketing, behavioural analytic, or non-essential persistent cookies into client browser sessions. Local storage parameters are restricted exclusively to active session authentication tokens.

06Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy:

  • Account & billing data: retained for the duration of the client relationship, plus statutory limitation periods thereafter.
  • Accounting records and immutable audit trail: retained for ten (10) years from creation, in accordance with French commercial bookkeeping requirements (Code de commerce, Art. L123-22).
  • Ledger, lease, and tenant data imported by clients: retained for the duration of the applicable client workspace and deleted or returned in accordance with the DPA upon termination, subject to the accounting retention period above where the data forms part of financial records.
  • Data following account closure: deleted or anonymized within 90 days of closure, except where longer retention is required by law.

07Data Protection Officer

Novola SAS has designated a Data Protection Officer responsible for oversight of our data protection obligations. The DPO can be reached at dpo@ppty.one, in addition to our general privacy desk referenced in Section 9.

08Security & Breach Notification

In the event of a personal data breach affecting client data, Novola SAS will notify affected workspace administrators without undue delay, and in any event within 72 hours of becoming aware of the breach where feasible, providing the information necessary for the client to meet its own notification obligations as Data Controller.

09Rights & Recourse

As a European entity, Novola SAS fully recognises all data subject provisions under the General Data Protection Regulation (GDPR). Users retain complete authority to:

  • request access to their personal data;
  • request structural rectification of inaccurate data;
  • request clean, portable data export;
  • request total account eradication (erasure);
  • object to processing based on legitimate interests;
  • request restriction of processing in defined circumstances;
  • withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

Administrative updates can be routed directly to our privacy desk at privacy@ppty.one. Users also have the right to lodge a complaint with the French supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), at www.cnil.fr, or with the supervisory authority of their EU member state of residence.

10Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified to workspace administrators by email and/or in-app notice at least 14 days before taking effect. The "Last Updated" date at the top of this Policy reflects the most recent revision.

On this page

  1. Infrastructure & Sovereignty
  2. Legal Basis for Processing
  3. Data Collection & Usage
  4. Subprocessors & Transfers
  5. Cookie-Less Framework
  6. Data Retention
  7. Data Protection Officer
  8. Security & Breach Notification
  9. Rights & Recourse
  10. Changes to this Policy
PropertyOne

The operating system for a property portfolio's money and paperwork.

Product
Overview Features Pricing ChangelogSoon
Company
About Careers Contact BlogSoon
Resources
Help centerSoon GuidesSoon APISoon StatusSoon
Legal
Privacy Terms Trust Center DPA
© 2026 PropertyOne. All rights reserved. Global · multi-entity · IBAN & local bank formats
PropertyOne

See your portfolio on PropertyOne.

A 30-minute walkthrough with our team, mapped to how your firm actually operates. No generic slides.

  • Your structure, live. We stand up a sample of your holding companies, assets and leases.
  • Invoicing and reconciliation in action. Watch recurring rent invoices and bank matching run end to end.
  • A clear next step. Pricing sized to your firm, and what onboarding would look like.

We'll only use your details to arrange your demo. No spam, no sharing.

PropertyOne

Talk to us.

Questions about PropertyOne, pricing, or whether it fits how your firm operates? Send us a note and we'll get back to you within one business day.

Prefer email? Reach us directly at hello@ppty.one.

We'll only use your details to reply. No spam, no sharing.