ZoomyRoom
Get the app
Privacy Policy

Privacy Policy

Effective 1 June 2026 · Mobile Application & Platform

1. Who We Are

Red Software Development Ltd, trading as ZoomyRoom, is the data controller responsible for your personal data. We are registered in England and Wales with our registered office at 124 City Road, London, EC1V 2NX.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you download, install, and use the ZoomyRoom mobile application (“App”) available on the Apple App Store and Google Play Store, and any related services we provide through the App.

This policy applies to all users of the App, including Sublettors (people listing rooms), Renters (people searching for rooms), and visitors. It should be read alongside our Terms and Conditions.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

If you have any questions about this policy or your data, contact us at:

Email: privacy@zoomyroom.com

Post: Red Software Development Ltd, 124 City Road, London, EC1V 2NX

2. Data We Collect

2.1 Data You Give Us

When you create an account, use the App, or communicate with us, you may provide:

2.2 Data We Collect Automatically

When you use the App, we automatically collect:

2.3 Data from Other Sources

3. How and Why We Use Your Data

The table below sets out each purpose for which we process your personal data, the categories of data involved, the legal basis under UK GDPR, and how long we keep it.

Purpose

Data Used

Legal Basis

Retention

Create and manage your Account

Account data, profile data

Contract (Art. 6(1)(b))

Duration of Account + 2 years

Display Listings in the App and enable enquiries

Listing data, profile data, enquiry data

Contract (Art. 6(1)(b))

Duration of Listing + 12 months

Publish Listings as public URLs accessible outside the App (see Section 4)

Listing data including address, photos, descriptions, pricing

Consent (Art. 6(1)(a)) and Legitimate interest (Art. 6(1)(f))

Duration of Listing + 12 months

Personalise search results and show nearby Listings

Search preferences, location data, usage data

Contract (Art. 6(1)(b))

Duration of Account

Send personalised Listing alerts and re-engagement messages

Search preferences, contact details, interaction history

Consent (Art. 6(1)(a))

Until consent withdrawn

Renter Concierge service (onboarding, support, recommendations)

Name, contact details, search preferences, communication data, acquisition source

Legitimate interest (Art. 6(1)(f))

Duration of Account + 2 years

Landlord/Sublettor outreach and activation

Publicly available listing data, contact details from public sources

Legitimate interest (Art. 6(1)(f))

7 days if unclaimed; 2 years if activated

Marketing, advertising, and promotional campaigns (see Section 5)

Listing data, photos, reviews, testimonials, aggregated usage data

Consent (Art. 6(1)(a)) and Legitimate interest (Art. 6(1)(f))

See Section 5

App analytics and improvement

Usage data, device data, log data, analytics data

Legitimate interest (Art. 6(1)(f))

26 months (anonymised indefinitely)

Review solicitation

Name, contact details, interaction history

Legitimate interest (Art. 6(1)(f))

Duration of Account

Fraud prevention, safety, and abuse detection

Account data, usage data, IP address, device identifiers

Legitimate interest (Art. 6(1)(f))

Duration of Account + 2 years

Legal compliance and dispute resolution

All categories as required

Legal obligation (Art. 6(1)(c))

As required by law

Where we rely on legitimate interest as the legal basis, we have carried out a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You can request a copy of our legitimate interest assessments by contacting us. You have the right to object to any processing based on legitimate interest at any time (see Section 9).

Where we rely on consent, you can withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

4. Public Listing URLs and Indexing

To maximise the visibility of Listings and help Sublettors find Renters, we may make Listing content publicly accessible via individual web URLs (for example, zoomyroom.com/listing/12345). These public Listing pages may include:

These public URLs may be:

4.1 Sublettor Consent and Control

By creating a Listing on the App (or by claiming a pre-created Listing), you consent to that Listing being published as a public URL and shared as described above. This consent is given at the point of Listing creation or activation and forms part of the service we provide.

You can control the visibility of your Listing at any time:

Pre-created Listings that have not been claimed are not published as public URLs. They are visible only within the App during the 7-day activation window.

4.2 Renter Data on Public Pages

Public Listing URLs do not display any Renter personal data. The number of interested Renters may be shown in aggregate form (for example, “12 people interested”) but individual Renter names, contact details, and search preferences are never published on public pages.

5. Marketing, Advertising, and Promotional Use of Your Data

As set out in our Terms and Conditions (Section 11.3), by using the App you grant us a licence to use your data for marketing and promotional purposes. This section explains how we exercise that licence and your rights in relation to it.

5.1 What We May Use

5.2 Third-Party Marketing Partners

We may share your data with third-party advertising platforms, marketing service providers, and media partners solely for the purpose of executing marketing campaigns on ZoomyRoom’s behalf. These partners include:

All third-party marketing partners process data under data processing agreements that require them to protect your data and use it only for purposes we specify. We do not sell your personal data to third parties.

5.3 Direct Marketing Communications

We may send you marketing communications by email, SMS, WhatsApp, push notification, or in-app messaging. These may include:

For electronic marketing communications (email, SMS, WhatsApp), we rely on your consent, which we collect during registration or through the App. You can withdraw consent and opt out at any time by:

Push notifications can be controlled through your device’s notification settings.

5.4 Retention of Marketing Data

User Content incorporated into published marketing materials (such as a social media post featuring your Listing photo) at the time of Account deletion or Listing removal may remain in circulation. Upon request, we will make commercially reasonable efforts to remove your identifiable content from future marketing materials, though we cannot guarantee removal from third-party platforms or cached content.

Anonymised and aggregated data used in marketing does not constitute personal data and may be retained and used indefinitely.

6. Who We Share Your Data With

We do not sell your personal data. We share data with the following categories of recipients, only to the extent necessary for the purposes described in this policy:

6.1 Other App Users

When a Renter enquires about a Listing, the Sublettor sees the Renter’s name and message. Renters see Listing details and the Sublettor’s display name and profile photo. Only information necessary for the enquiry process is shared between Users within the App.

6.2 The Public (via Public Listing URLs)

As described in Section 4, certain Listing data is published on public URLs accessible outside the App, indexable by search engines, and shareable on social media and third-party websites.

6.3 Our Operations Team

Our growth team and Renter Concierge team, including team members who may be based in various locations, have access to relevant User data as necessary to perform their roles. This includes Listing management, Sublettor outreach, Renter onboarding, and concierge support. All team members are bound by confidentiality obligations and receive data protection training.

6.4 Service Providers

We use third-party service providers who process data on our behalf under data processing agreements. The categories of providers we use, and examples of the types of services they provide, include:

We regularly review our service providers and their data processing practices. All providers are contractually required to process your data only on our instructions, implement appropriate security measures, and not use your data for their own purposes beyond what is necessary to provide the service to us.

6.5 App Stores

Apple and Google receive certain data in connection with your download, installation, and use of the App, in accordance with their respective developer terms and privacy policies.

6.6 Legal and Regulatory

We may disclose your data where required by law, regulation, court order, or governmental request, or where reasonably necessary to protect the rights, property, or safety of ZoomyRoom, our Users, or the public. This includes sharing data with law enforcement, regulatory bodies, or legal advisers.

6.7 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom where our operations team and service providers are based.

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR, including:

You may request a copy of the safeguards we use by contacting us at privacy@zoomyroom.com.

8. Data Retention

We keep your personal data only for as long as necessary for the purposes set out in Section 3, or as required by law. Our specific retention periods are:

When personal data is no longer needed, we securely delete or irreversibly anonymise it.

9. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights. You can exercise any of them by contacting us at privacy@zoomyroom.com.

Right of access (Article 15): You can request a copy of all personal data we hold about you. We will provide this in a commonly used electronic format within one month.

Right to rectification (Article 16): You can ask us to correct any inaccurate or incomplete data. You can also update most of your data directly through the App settings.

Right to erasure (Article 17): You can ask us to delete your personal data. We will do so unless we have a legal obligation or legitimate reason to retain it. Deleting your Account through the App will trigger erasure of your data in accordance with our retention schedule.

Right to restrict processing (Article 18): You can ask us to restrict the processing of your data in certain circumstances, such as while we verify the accuracy of your data or assess an objection you have raised.

Right to data portability (Article 20): You can request a copy of the data you provided to us in a structured, commonly used, machine-readable format (such as JSON or CSV), and you can ask us to transmit it to another controller where technically feasible.

Right to object (Article 21): You can object to processing based on legitimate interest (including profiling) at any time. You can also object to direct marketing at any time, and we will stop immediately.

Right to withdraw consent: Where we process your data based on consent (such as marketing communications or public Listing URLs), you can withdraw consent at any time through the App settings or by contacting us. Withdrawal does not affect processing that took place before withdrawal.

Rights related to automated decision-making (Article 22): We do not currently make any decisions based solely on automated processing that produce legal or similarly significant effects on you. If this changes, we will update this policy and provide appropriate safeguards.

We will respond to your request within one month. If your request is complex or we receive a large number of requests, we may extend this by up to two further months, and we will inform you of the extension and the reasons for it.

We may ask you to verify your identity before processing your request to protect your data from unauthorised access.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: ico.org.uk

Telephone: 0303 123 1113

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Cookies, SDKs, and Tracking Technologies

10.1 In the App

The App uses software development kits (SDKs) and similar technologies to collect usage data. These include:

You can limit tracking through your device settings:

10.2 On Our Website

Our website (including public Listing pages) uses cookies and similar technologies:

Essential cookies: Required for the website and public Listing pages to function. These cannot be disabled.

Analytics cookies: Help us understand how visitors use our website, which pages are popular, and how Users find us. We use these to improve the website and the App.

Marketing cookies: Used to deliver relevant advertising, measure campaign performance, and enable retargeting. These may be set by third-party advertising partners.

You can manage cookie preferences through the cookie consent banner on our website, or by adjusting your browser settings. Disabling certain cookies may affect website functionality.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we will notify you and the ICO without undue delay if a data breach occurs that poses a high risk to your rights and freedoms, as required by UK GDPR.

12. Children’s Privacy

The App is not intended for anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from anyone under 18, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@zoomyroom.com.

13. Third-Party Links and Services

The App may contain links to third-party websites, services, or applications (such as WhatsApp, mapping services, or social media). These are governed by their own privacy policies, not ours. We encourage you to review the privacy practices of any third-party service before providing them with your data. We are not responsible for the privacy practices of any third party.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App (for example, via a push notification or in-app banner) and, where required by law, seek your renewed consent before processing your data in new ways.

The “Effective Date” at the top of this policy indicates when it was last updated. We encourage you to review this policy periodically. Your continued use of the App after a material update constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data:

Red Software Development Ltd

Trading as ZoomyRoom

Address: 124 City Road, London, EC1V 2NX

Email: privacy@zoomyroom.com

Support: support@zoomyroom.com

To exercise your data rights or make a complaint, you may also contact the ICO:

Information Commissioner’s Office

Website: ico.org.uk

Telephone: 0303 123 1113

Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF