OwnerTransfer
DonateSign inList an asset

Legal

Privacy Policy

Effective 30 May 2026

OwnerTransfer ("we", "us", "our") operates ownertransfer.com, a matched-exchange platform for transferring ownership of real assets. This policy explains what personal data we collect, why, who we share it with, how long we keep it, and the rights you have. We are the data controller for the personal data described here.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have questions, contact us at privacy@ownertransfer.com.

Data we collect

We collect the following categories of personal data:

  • Account data — your name, email address, and password (managed by our authentication provider), and the phone number you provide at onboarding.
  • Identity verification data — government-issued identity documents and, where applicable, a selfie/liveness image, used to verify you are who you say you are before you can list or transact.
  • Listing and transaction data — the assets you list, descriptions, photographs, ownership evidence you upload, what you want in return, your messages with counterparties, agreements, and the Transfer Commitment Certificates you are party to.
  • Payment data — we do not store card or bank details. Payments are processed by our payment providers; we retain a record of payments, amounts, currency, and status.
  • Technical and usage data — your IP address (used to determine your region and for security/rate-limiting), device and browser information, and pages you interact with.

How we use your data, and our legal bases

We use your personal data to:

  • Provide the service — create your account, run the matching engine, enable verified contact, facilitate agreements, and issue certificates (legal basis: performance of our contract with you).
  • Verify identity and prevent fraud and abuse — including identity checks and moderation of listings and evidence (legal bases: legal obligation and our legitimate interests in a trustworthy marketplace).
  • Process payments — listing fees, certificate fees, and commission (legal basis: performance of our contract with you).
  • Communicate with you — transactional emails and in-app notifications about your account and activity (legal basis: performance of our contract and legitimate interests).
  • Secure the platform — rate-limiting, bot protection, and audit logging (legal basis: legitimate interests and legal obligation).

Who we share data with

We share personal data only with service providers ("processors") who act on our instructions, and with other users only as the service requires (for example, your display name and listing are visible to other users; your phone number is shared only when the match-gate conditions are met and you choose to reveal it). Our processors include:

  • Authentication — Clerk, for sign-in, sessions, and account management.
  • Database and hosting — Neon (database) and Vercel (application hosting and file storage for photos, documents, and certificates).
  • Payments — Paystack and Stripe, who process payments and are independent controllers for the payment data they hold.
  • Identity verification — Smile Identity, where available, for document and liveness checks.
  • Email — Resend, for transactional email delivery.
  • Security and infrastructure — Upstash (rate-limiting) and an IP-geolocation provider (region detection).

We do not sell your personal data, and we do not use it for third-party advertising.

International transfers

Some of our processors are located outside the UK, including in the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.

How long we keep data

We keep personal data for as long as your account is active and as long as needed to provide the service. Identity documents are retained only as long as necessary for verification and fraud-prevention obligations. Records of agreements, certificates, and payments are retained for the period required to meet our legal and accounting obligations. When data is no longer needed, we delete or anonymise it. Critical records are soft-deleted first, then permanently removed.

Your rights

Under UK GDPR you have the right to access your data, to have it corrected or erased, to restrict or object to processing, to data portability, and to withdraw consent where we rely on it. To exercise any of these, email privacy@ownertransfer.com. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

Security

We protect your data with encryption in transit and at rest, access controls, private storage for sensitive documents, signature-verified webhooks, immutable audit logging, and rate-limiting. No system is perfectly secure, but we work to protect your data and to notify you and the ICO of any breach where required.

Cookies

We use a small number of strictly-necessary cookies to keep you signed in and to protect the platform. See our Cookie Policy for details.

Children

OwnerTransfer is for adults. You must be at least 18 years old to use the platform, and we do not knowingly collect data from children.

Changes and contact

We may update this policy from time to time; the "last updated" date above reflects the current version. For any privacy question or request, contact privacy@ownertransfer.com.

Terms of ServiceCookie Policy