Privacy Policy
Last updated: June 9, 2026
Licid ('we', 'us', 'our') is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR).
1. Data Controller
2. Data We Collect
| Name, email address, phone number | Creating and managing your account |
| Password | Authentication — stored securely, never readable |
| Role (tenant or landlord) | Platform access and functionality |
| Tenant profile: occupation, income range, household members, profile photo | Displaying your profile to landlords |
| Property listings: address, photos, price, description | Publishing your rental listing |
| Bid amounts and motivation letters | Matching tenants with landlords |
| Messages between landlord and tenant | Communication via the platform |
| Scheduled interview date and time | Facilitating video call interviews between landlords and tenants |
| Video call session timestamps (start and end) | Verifying whether a scheduled interview took place |
| IP address and technical session data | Security, fraud prevention and service reliability |
3. Sharing Data with Other Platform Users
Licid is a two-sided platform that connects tenants and landlords. To enable this, certain personal data is visible to other users of the platform:
| Tenant profile (name, occupation, income range, household members, profile photo) | Visible to landlords when reviewing bids on their listing |
| Bid amount and motivation letter | Visible to the landlord of the listing you bid on |
| Messages | Visible to the landlord or tenant you are communicating with |
| Landlord name and listing information | Visible to tenants browsing or bidding |
Email addresses, phone numbers, IP addresses, passwords and technical security data are never visible to other users, unless you voluntarily share them yourself.
Landlords and tenants are responsible for how they use information they receive through the platform. Licid does not control what happens to data shared off-platform.
4. Legal Basis
| Account data, profile data (including profile photo), bids | Performance of a contract (Art. 6(1)(b) GDPR) |
| Messages between users | Performance of a contract (Art. 6(1)(b) GDPR) |
| Interview scheduling data and video call session timestamps | Performance of a contract (Art. 6(1)(b) GDPR) |
| Technical and security data | Legitimate interest (Art. 6(1)(f) GDPR) |
| Fraud prevention and platform safety | Legitimate interest (Art. 6(1)(f) GDPR) |
| Marketing emails (if opted in) | Consent (Art. 6(1)(a) GDPR) |
5. Data Retention
We retain your personal data for as long as your account is active. Below are our standard retention periods:
| Account and profile data | Duration of active account + 30 days after deletion |
| Messages and bid history | Duration of active account + 30 days after deletion |
| Technical and security logs | 90 days |
| Database backups | 30 days |
| Inactive accounts (no login) | 2 years, then notified and deleted |
We may retain certain data for longer periods where required by law, to resolve disputes, or to investigate fraud or misuse.
6. Third-Party Processors
We work with carefully selected service providers (processors) who process personal data on our behalf, based solely on our instructions. All processors are bound by data processing agreements. We share personal data only to the extent strictly necessary for the service in question. We work with providers in the following categories: platform hosting and infrastructure, transactional email delivery, technical monitoring, business communication, and video call infrastructure. For video call interviews, we use Whereby (Whereby AS, Norway). When a landlord and tenant join a video call interview via the platform, their IP address and audio/video streams are processed by Whereby. Whereby is a processor established outside the EEA — see section 7 for how we ensure appropriate safeguards.
We do not sell your personal data to third parties. We do not use your data for advertising purposes.
7. International Data Transfers
Where we transfer personal data to processors located outside the European Economic Area (EEA), we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) as approved by the European Commission. We take steps to ensure that any international transfer meets the requirements of the GDPR. Specifically, video call interviews are powered by Whereby (Whereby AS, Norway). Norway is part of the EEA, so this transfer does not require additional safeguards under the GDPR.
8. Your Rights (GDPR)
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
9. Automated Decision-Making
Licid does not use automated decision-making or profiling that produces legal or similarly significant effects for users, as referred to in Article 22 GDPR.
10. Cookies
We currently use only essential cookies required for the platform to function:
| Name | Category | Purpose | Duration |
|---|---|---|---|
| Session cookie | Essential | Keeps you logged in during your visit | Session |
| Cookie preference | Essential | Remembers your cookie consent choice | 1 year |
We intend to introduce analytics cookies (such as Google Analytics) in the future. We will update this policy and request your consent before doing so. You can manage your cookie preferences at any time using the cookie settings at the bottom of the page.
11. Security
We take the security of your personal data seriously. Our platform communicates exclusively over encrypted connections (HTTPS/TLS). Passwords are stored in hashed form and are never readable. Access to personal data is restricted to authorised personnel only. We regularly evaluate and update our security measures, and make contractual security arrangements with all third parties who process data on our behalf.
To prevent fraud, misuse and manipulation of bids, we may analyse log data, IP addresses and usage data. This processing is based on our legitimate interest in providing a safe and reliable platform.
12. Data Breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours, in accordance with Article 33 GDPR. If the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay, as required by Article 34 GDPR.
13. Minimum Age
Licid is intended for users aged 18 and over. We do not knowingly collect personal data from persons under the age of 18. If we become aware that a user is under 18, we will delete their account and associated data.
14. Off-Platform Communication
Once a landlord and tenant connect through the platform and begin communicating outside of Licid (for example, by phone or private messaging), Licid has no control over and is not responsible for the processing of personal data that takes place via those external means of communication. We encourage all users to handle each other's personal data with care and in accordance with applicable data protection laws.
15. Complaints
If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
16. Changes to This Policy
We may update this policy from time to time. We will notify registered users by email of any material changes. The date at the top of this page indicates when it was last updated.
17. Contact
For any privacy-related questions, contact us at: Email: [email protected]