PropertyOne (Novola SAS) · Last Updated: February 22, 2026
Novola SAS ("we", "us", or "our"), a company incorporated in France, operates the multi-entity financial operations platform PropertyOne via https://ppty.one (the "Service"). This Privacy Policy outlines how we process personal data collected from our platform users and infrastructure configurations.
Novola SAS acts as the Data Controller for account registration, billing, and system configuration data. For any tenant identities, lease documentation, IBANs, and raw banking ledger data imported into the workspace by our clients, Novola SAS acts strictly as a Data Processor governed by a Data Processing Agreement (DPA). The DPA allocates liability between Novola SAS and the client for the personal data of the client's own tenants, employees, and counterparties processed within their workspace.
All core customer databases, ledger assets, and parsing pipelines are deployed exclusively within AWS Region eu-west-3 (Paris, France). Data is encrypted at rest using AES-256 and in transit via TLS 1.3 to fulfil European technical requirements.
This sovereignty commitment applies to core storage and processing infrastructure. Certain limited data categories are shared with subprocessors located outside the EU/EEA for specific functions described in Section 4; those transfers are governed by the safeguards described there.
We process personal data under the following legal bases (Article 6 GDPR):
We restrict data collection to essential components required to fulfil our contractual processing obligations:
We do not broker or monetize application datasets. We share limited data subsets with verified technical infrastructure providers, strictly as necessary to operate the Service:
International transfer safeguards: Transfers of personal data to Postmark are governed by the European Commission's Standard Contractual Clauses (SCCs), supplemented by technical and organisational measures. Where a subprocessor is certified under the EU-U.S. Data Privacy Framework, that certification serves as an additional safeguard. We do not treat physical proximity to eu-west-3 as a substitute for a valid transfer mechanism, and the sovereignty commitment in Section 1 does not extend to data necessarily shared with this subprocessor to deliver transactional email.
Subprocessor changes: We maintain a current list of subprocessors and will notify workspace administrators at least 14 days in advance of onboarding a new subprocessor with access to client data, via email and/or in-app notice, and provide a mechanism to object as set out in the DPA.
PropertyOne values data minimisation and architectural clean-slating. The Service runs a fully cookie-less architecture. We do not place tracking, marketing, behavioural analytic, or non-essential persistent cookies into client browser sessions. Local storage parameters are restricted exclusively to active session authentication tokens.
We retain personal data only as long as necessary for the purposes described in this Policy:
Novola SAS has designated a Data Protection Officer responsible for oversight of our data protection obligations. The DPO can be reached at dpo@ppty.one, in addition to our general privacy desk referenced in Section 9.
In the event of a personal data breach affecting client data, Novola SAS will notify affected workspace administrators without undue delay, and in any event within 72 hours of becoming aware of the breach where feasible, providing the information necessary for the client to meet its own notification obligations as Data Controller.
As a European entity, Novola SAS fully recognises all data subject provisions under the General Data Protection Regulation (GDPR). Users retain complete authority to:
Administrative updates can be routed directly to our privacy desk at privacy@ppty.one. Users also have the right to lodge a complaint with the French supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), at www.cnil.fr, or with the supervisory authority of their EU member state of residence.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified to workspace administrators by email and/or in-app notice at least 14 days before taking effect. The "Last Updated" date at the top of this Policy reflects the most recent revision.