Skip to content
Back to blog

Are Digital Deposits Legal?

Legal framework for digital deposits in France and Europe: consent, customer disclosure, GDPR compliance, and best legal practices.

HT
Holdyy Team
5 min

The question comes up regularly from property owners and managers considering digitizing their deposit management: is a deposit via bank pre-authorization legal? The answer is yes. But like any process involving personal and financial data, it operates within a specific legal framework that must be respected.

Here is what the law says, what you need to know, and how Holdyy keeps you compliant effortlessly.

The Legal Framework in France and Europe

Bank pre-authorization is a recognized mechanism governed by European payment services regulations. It is based on the Payment Services Directive 2 (PSD2), which regulates all electronic transactions within the European Union.

In France, the rental deposit, whether physical or digital, is governed by the Civil Code and lease-related provisions. The law does not impose any specific format for security deposits in vacation rentals. A check, a bank transfer, or a pre-authorization are all legally valid means to secure a deposit.

Bank pre-authorization is a payment instrument recognized by European regulations. It offers the same legal guarantees as a deposit check, with superior traceability.

Customer Consent: A Clear Obligation

The central point of a digital deposit's legality is informed customer consent. Before any pre-authorization, the tenant must be explicitly informed of:

  • The exact amount reserved on their bank card
  • The duration for which the pre-authorization remains active
  • The capture conditions : under what circumstances the amount may be charged
  • The release conditions : when and how the pre-authorization will be lifted

This consent does not require a handwritten signature. Digital acceptance, the act of entering banking information after reading the terms, constitutes valid consent under both French and European law.

Is a Signature Required?

No. Under French law, a signature is not required to validate a deposit for vacation rentals. Voluntarily entering banking details on a secure form, after acknowledging the displayed conditions, constitutes acceptance. This logic is identical to any online purchase.

GDPR Compliance

Any digital deposit involves processing personal data: name, email, payment information. The General Data Protection Regulation (GDPR) imposes strict obligations.

  • Legal basis : the processing is based on the performance of a contract (the reservation) and the explicit consent of the customer
  • Data minimization : only the data strictly necessary for the pre-authorization is collected
  • Right of access and deletion : the tenant can request access to their data or its deletion at any time
  • Retention period : data is only kept for the time necessary to manage the deposit and meet legal retention requirements

GDPR does not prohibit digital deposits. It simply requires that data processing is transparent, proportionate, and secure.

PCI-DSS Certification: Banking Data Security

Banking data is the most sensitive information in the deposit process. That is why Holdyy never handles it directly. All card data processing is delegated to Stripe, certified PCI-DSS Level 1 : the highest security level in the payment industry.

In practice, this means:

  • Card numbers never pass through Holdyy servers
  • Every transaction is protected by AES-256 encryption and 3D Secure 2 protocol
  • Independent security audits are regularly conducted on Stripe infrastructure
  • AI-powered fraud detection (Stripe Radar) blocks suspicious transactions in real time

Legal Best Practices

To ensure flawless compliance, we recommend the following practices:

  • Display your terms clearly : the amount, duration, and capture conditions must be visible before validation
  • Maintain written proof : every pre-authorization should be documented with a timestamp and the accepted conditions
  • Communicate transparently : inform the tenant at every step: creation, authorization, release, or capture
  • Justify every capture : in case of damage, document the evidence (photos, inspection report) before capturing the amount
  • Respect timelines : release the pre-authorization as soon as the checkout inspection is complete

How Holdyy Ensures Compliance by Design

Holdyy was built so that legal compliance is integrated into every step of the process, with no additional effort on your part.

  • Terms automatically displayed : every deposit link presents the amount, duration, and conditions to the tenant before any validation
  • Consent tracked : the tenant's acceptance is timestamped and recorded in an immutable audit log
  • No banking data stored : Stripe handles all card data processing
  • Complete history : every operation (creation, authorization, capture, release) is documented with date, time, and details
  • Automatic notifications : the tenant is notified at every status change of their deposit

Compliance is not optional. It is a requirement built into the very architecture of Holdyy

Create your free account and manage your deposits in full legal compliance, without compromising on simplicity.

Also discover:See pricingSee use caseslegal

Read next

February 26, 20266 min

The Real Cost of Online Security Deposits: Commission vs Subscription

Per-transaction commission or fixed subscription? Calculate the true cost of your online deposit solution based on your booking volume.

February 26, 20264 min

Vehicle Rental Deposits: Secure Your Rentals

How to use a digital deposit for short-term vehicle rentals, test drives, and premium vehicles.