Legal

Acceptable use policy

Last updated: 29 May 2026 · Version 1.0

This Acceptable Use Policy (“AUP”) describes the permitted and prohibited uses of the idRent platform operated by Moverelocacion, S.L. (“Move”). It is an integral part of the Terms of service and applies to all Users.

Non-compliance with this policy may result in immediate suspension, contract termination, reports to public authorities and/or damages claims.

1. Prohibited conduct — general

The following is strictly prohibited:

1.1. Fraud and impersonation

• Uploading falsified, altered or tampered documents.
• Providing false, inaccurate or misleading personal, financial or employment information.
• Impersonating another person, organisation or public entity.
• Creating multiple, fake or throwaway accounts to bypass measures or layers of the platform.
• Using another person's account or credentials without their express authorisation.

1.2. Prohibited content

You may not upload, post or transmit content that:

• Infringes intellectual or industrial property rights.
• Is defamatory, slanderous, abusive, obscene, pornographic, violent or hate-inciting (racist, xenophobic, homophobic, etc.).
• Harasses, threatens or intimidates identifiable persons or groups.
• Promotes illegal activities (drug, weapon or human trafficking, etc.).
• Contains third-party personal data without consent (especially national ID numbers, medical data, third-party banking data).
• Violates sector-specific regulation (child protection, IP, data protection, etc.).

1.3. Technical abuse

• Reverse-engineering, decompiling or disassembling the Platform.
• Scraping, crawling, mass automated copying or data mining.
• Bypassing or attempting to bypass authentication, rate- limiting, captchas or other security measures.
• Exploiting vulnerabilities without prior notice (see section 4 on responsible disclosure).
• Uploading executable files (.exe, .sh, .bat), scripts (.js, .php), HTML with active code, or any executable content that could compromise the Platform or other Users.
• Generating abnormally high load or attempting denial-of- service attacks (DoS / DDoS).
• Using bots, automated tools or any system to interact with the Platform without our prior written authorisation.

1.4. Spam and unsolicited communications

• Sending mass, unsolicited or advertising communications to other Users or landlords through the Platform.
• Using landlord or guarantor data obtained through the Platform for purposes other than the specific tenancy.
• Collecting emails, contact data or other third-party data to build databases outside the contractual purpose.

1.5. Unauthorised resale and commercial use

• Reselling access to your account or to the Platform.
• Sublicensing, renting, lending or transferring your account to third parties.
• Using the Platform to provide paid services to third parties (e.g. using it as an internal real-estate tool without a specific partner contract).
• Extracting the public or private Platform database for competitive purposes.

1.6. Unlawful use

• Any Platform use that breaches applicable law (criminal, civil, commercial, tax, labour, immigration, tenancy).
• Using the Platform for money laundering, terrorist financing or any other criminal activity.

2. Prohibited conduct — specific to tenants

• Uploading identity or income documentation that does not belong to you (others' ID, payslips, work contracts).
• Editing files to reflect income, dates or data that are not real.
• Sharing your verified profile in a way that misleads third parties to believe you've been verified for a condition different from reality.
• Designating as a guarantor a person who has not expressly consented.

3. Prohibited conduct — specific to landlords

• Accessing tenant profiles without being authorised by the tenant or without holding the private link generated by them.
• Downloading, copying or redistributing the documentation you access for purposes other than evaluating the specific tenancy.
• Sharing the private link with unauthorised third parties.
• Requesting document access from tenants with a manifest intent not to sign the contract.
• Using tenant data for commercial purposes, marketing or transfers to third parties without a legal basis.

4. Security research — responsible disclosure

If you discover a security vulnerability in the Platform, we ask you to disclose it responsibly:

• Report to: hi@idrent.iowith subject “Security disclosure”.
• Do not exploit the vulnerability beyond the minimum proof of concept needed to demonstrate it.
• Do not access other Users' data. If you incidentally do, do not retain it and notify us immediately.
• Do not publish the vulnerability before we have remedied it or a reasonable period has elapsed (minimum 90 days) after notification.

We undertake to:

• Acknowledge receipt of your report within 5 business days.
• Keep you informed about the fix progress.
• Not take legal action against researchers acting in good faith following this policy.
• Publicly acknowledge your contribution if you wish (Hall of Fame).

5. Reporting violations by other users

If you believe another User is breaching this policy or the Terms, report it at hi@idrent.io with the following information:

• Your identification.
• Identification of the offending user (email, profile slug, etc., to the extent you know).
• Description of the violation.
• Evidence (screenshots, links, dates).

We will investigate each report in good faith and take appropriate measures within reasonable timeframes. Investigations are confidential.

6. Consequences of non-compliance

Depending on the severity and recurrence of the breach, we may apply the following measures individually or cumulatively:

1. Written warning with cure period.
2. Temporary suspension of the account or specific features.
3. Immediate removal of infringing content.
4. Immediate account block without notice, keeping data during the grace period set out in the Terms.
5. Permanent cancellation of the account without refund.
6. Notification to affected landlords where appropriate to protect other users.
7. Report to public authorities (police, AEPD, public prosecutor) where facts constitute a crime or administrative infringement.
8. Damages claim through civil courts.

For serious violations (document falsification, identity impersonation, Platform attacks) measures 4, 5, 7 and 8 apply directly without prior warning.

7. Modifications

We may modify this policy where justified. Material changes will be notified by email at least 30 days in advance. Minor changes take effect upon publication of the new version.

8. Contact

For any query about this policy:

• Email: hi@idrent.io
• Security reports: hi@idrent.iowith subject “Security disclosure”.