Privacy Policy
Last updated: 13 May 2026
Newlo Ltd ("Newlo", "we", "us", "our") operates the Newlo mobile application and website at newlo.app (together, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the rights you have over it.
By using Newlo, you agree to the practices described in this policy.
1. Who we are
Newlo Ltd is a company registered in England and Wales.
If you have any questions about this policy or your data, contact us at contact@newlo.app.
For UK data protection purposes, Newlo Ltd is the data controller of the personal information we process about you.
2. Information we collect
We collect the following types of information:
2.1 Information you give us
- Account information: name, email address, password, date of birth.
- Profile information: photos, biographical text, neighbourhood, job, nationality, religion, languages spoken, sexuality, drinking habits, prompts/answers, interests, and similar profile details you choose to share.
- Listings: if you post a flatmate listing, the details you provide (room type, area, photos, description, price).
- Hangouts: events you create or request to join, including title, description, time, location.
- Messages: the content of messages you send to other users through the Service.
- Communications with us: any emails or messages you send to us directly.
2.2 Information collected automatically
- Device information: device type, operating system, app version, language settings.
- Usage information: how you interact with the Service (screens visited, features used, time spent).
- Approximate location: based on your IP address, used to ensure relevant matches and connections.
2.3 Information from third parties
- If you sign in using a third-party service (e.g. Apple, Google), we receive basic profile information from that service as permitted by you.
3. How we use your information
We use your information to:
- Provide, operate, and improve the Service.
- Match you with other users based on shared interests, location, and preferences.
- Enable messaging, hangouts, and other social features.
- Verify your identity and prevent fraud, abuse, or other harmful behaviour.
- Send you service-related communications (e.g. password resets, account notifications, important changes to the Service).
- Send you marketing communications (only with your consent — you can unsubscribe at any time).
- Comply with legal obligations.
- Investigate and respond to reports of policy violations.
Legal basis for processing (UK GDPR)
We process your personal data under one or more of the following legal bases:
- Contract: to provide you with the Service you have signed up for.
- Legitimate interests: to operate, improve, and secure the Service, and to communicate with you about it.
- Consent: for optional features such as marketing communications.
- Legal obligation: where we are required to process data by law.
4. How we share your information
We do not sell your personal information. We share it only in the following circumstances:
4.1 With other users
Your profile information, photos, and posts are visible to other Newlo users in line with the Service's design (e.g. profile is visible to people you match with, listings are visible to people browsing the marketplace, hangouts are visible to people who can browse them).
4.2 With service providers
We use trusted third-party services to operate Newlo. They only process your data on our behalf and under contract:
- Supabase — database and authentication hosting
- Resend — transactional email delivery
- Apple App Store / Google Play — app distribution
- Other infrastructure providers as needed
4.3 Legal and safety
We may disclose your information where required by law, regulation, or legal process, or where we believe in good faith that disclosure is necessary to:
- Protect the rights, property, or safety of Newlo, our users, or the public.
- Detect, prevent, or address fraud, abuse, or security issues.
- Comply with a court order, subpoena, or legal request.
4.4 Business transfers
If Newlo is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and provide choices before your information becomes subject to a different privacy policy.
5. Data retention
We retain your personal information for as long as your account is active or as needed to provide the Service.
If you delete your account, we will delete your personal information within a reasonable time, except where:
- We need to retain it to comply with a legal obligation.
- We need to retain it to resolve disputes or enforce our agreements.
- Information has been shared with other users (e.g. messages) — this may remain visible to those users.
- Data has been anonymised — anonymised data may be retained indefinitely.
6. Your rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access: request a copy of the data we hold about you.
- Right to rectification: ask us to correct inaccurate or incomplete data.
- Right to erasure: ask us to delete your data ("right to be forgotten").
- Right to restrict processing: ask us to limit how we use your data.
- Right to data portability: receive your data in a structured, commonly used format.
- Right to object: object to certain types of processing, such as direct marketing.
- Right to withdraw consent: where we rely on your consent, you can withdraw it at any time.
To exercise any of these rights, contact us at contact@newlo.app. We will respond within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
7. Security
We take reasonable technical and organisational measures to protect your personal data, including encryption in transit, secure password storage, and access controls.
No system is 100% secure, however. We cannot guarantee absolute security. If you suspect your account has been compromised, contact us immediately at contact@newlo.app.
8. International transfers
Your data may be processed in countries outside the UK by our service providers. Where this happens, we ensure appropriate safeguards are in place (such as UK GDPR-compliant data transfer agreements).
9. Children
Newlo is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal information, please contact us at contact@newlo.app and we will delete it.
10. Cookies and tracking
We use minimal cookies and similar technologies, primarily for authentication and to keep you signed in. We do not use third-party advertising cookies.
11. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email before they take effect. The "Last updated" date at the top of this policy shows when it was most recently revised.
12. Contact us
If you have any questions, concerns, or requests regarding your personal data, please contact us:
Newlo Ltd
Email: contact@newlo.app
Website: newlo.app