PropFlow AI — Privacy Policy

The UK General Data Protection Regulation (UK GDPR), together with the Data Protection Act 2018, is the UK law that governs how organisations collect, store and use personal data. It is enforced by the Information Commissioner's Office (ICO).

There are three main elements you should know about:

• Any personal data we process must rely on a valid lawful basis (consent, contract, legitimate interest, legal obligation, vital interests or public task).
• Any data we hold must be kept safe and secure, processed only for the purposes we have told you about, and retained for no longer than is necessary.
• You have the right to access, rectify, erase, restrict, port and object to processing of your data, and to complain to the ICO at any time.

Our company's registered name is PropFlow AI Ltd (trading as “PropFlow”).

The company registration number is [COMPANY NUMBER TO BE INSERTED] with the registered address at [REGISTERED ADDRESS TO BE INSERTED].

For the purposes of UK GDPR:

• When you interact with us as a prospective or existing customer (landlord, letting agent, property manager, tradesperson, or their staff), PropFlow AI Ltd is the data controller of your personal data.
• When you interact with the Platform as a tenant, applicant, guarantor, next-of-kin contact or referee of a PropFlow customer, PropFlow AI Ltd generally acts as a data processor on behalf of the landlord, letting agent or property manager who holds your tenancy or application. That organisation is the data controller and will have its own privacy notice. PropFlow AI Ltd may also be a joint controller for the limited purposes of platform security, fraud prevention and cross-organisation duplicate detection.

We obtain your personal information when you visit our Platform, send us an email, call us, message us on WhatsApp or SMS, or interact with our staff in person. You might share your personal details with us, for example, when you:

• Contact us and request information about the company and our services.
• Ask us to provide you with a demo, trial or paid subscription.
• Register as a user on the Platform (as a landlord, agent, property manager, tradesperson, tenant or applicant).
• Submit a tenancy application, viewing request or enquiry via a public property listing, QR code or invitation link sent to you by a landlord or agent.
• Verify your identity or mobile number via WhatsApp, SMS or email.
• Upload compliance documents, photos, safety certificates, or ID documents to the Platform.
• Receive communications from landlords, property managers or tradespeople through the Platform's messaging features (WhatsApp, SMS, email or in-app).
• Register for our email notifications or marketing communications.
• Participate in one of our surveys, interviews or user-research sessions.
• Interact with us on social media or report an issue with the Platform.

In addition, we receive personal data from third parties where necessary to deliver the service, for example: from landlords or agents who invite you to apply for a property; from Stripe following a payment; from Twilio following message delivery; and from public sources such as postcodes.io and Companies House to validate the information supplied to us.

The information we collect depends on your role on the Platform. It may include (but is not limited to):

• Identity and contact data: your name, date of birth, email address, telephone number (stored in E.164 international format), postal address, preferred contact channel.
• Account and authentication data: login credentials, password hashes, email/WhatsApp verification codes, session cookies, two-factor authentication state.
• Role and organisation data: your role (landlord, property manager, tenant, tradesperson, housing officer, PropFlow admin, etc.), the organisation you belong to, and your permissions within it.
• Property and tenancy data: addresses and details of properties you own, manage, rent or have applied for; tenancy start and end dates; rent amounts; deposit amounts; guarantor details; next-of-kin contacts.
• Application data: the contents of any tenancy application you submit, including income, affordability, employment status, right-to-rent status, previous addresses, landlord references, household composition, and supporting documents.
• Financial and billing data: for PropFlow customers — subscription tier, billing contact, VAT number, and payment status. Card payment details are handled directly by Stripe and are not stored on PropFlow servers. Monetary values on the Platform are stored as integers in pence.
• Compliance documents: gas safety, electrical safety (EICR), energy performance (EPC), legionella, HMO licences, PAT certificates and similar, together with the issue and expiry dates.
• Photographs and floorplans uploaded to the Platform.
• Communication content and metadata: messages exchanged through the Platform (WhatsApp, SMS, email, in-app), timestamps, read receipts, delivery status and attachments.
• Special category data (only where relevant, typically for social-housing applicants and for safeguarding): health and disability information, ethnic origin (for Equality, Diversity and Inclusion monitoring), and safeguarding risk information. This is only collected where necessary and is subject to the additional safeguards set out in section D.
• Right-to-rent status: PropFlow stores a confirmation flag that the right-to-rent check has been completed by the landlord or agent. We do not store the underlying identity documents.
• Usage and technical data: Internet Protocol (IP) address, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device identifier, online identifier, approximate location derived from IP, the length of your visit on the Platform and which pages or features are accessed.
• Product telemetry: which features you use, when you log in, message volumes, agent-automation events, and error/trace identifiers attached to every request to help us diagnose issues.

If you wish to stop receiving platform updates or marketing emails from us, you can unsubscribe via the link at the bottom of any marketing email, update your notification preferences in your account settings, or contact us at support@propflow.ai.

We do not sell your data to third parties at any time.

We rely on the following lawful bases under UK GDPR Article 6 (and, for special category data, Article 9):

• Performance of a contract (Art. 6(1)(b)) — to create and administer your PropFlow account, set up your organisation, manage properties and tenancies, issue invoices, process subscription payments, deliver the messaging, compliance, applications and payment features of the Platform, and provide customer support.
• Legitimate interests (Art. 6(1)(f)) — to maintain network and data security; prevent fraud, abuse, scams and duplicate registrations across organisations; monitor platform performance and reliability; improve the usability and functionality of PropFlow; train our staff; provide in-app support and guidance; inform you about updates, new features or changes to our terms; and, where appropriate, send business-to-business marketing to PropFlow customers.
• Consent (Art. 6(1)(a) and, for special category data, Art. 9(2)(a)) — to send marketing emails to individual subscribers who have opted in; to collect sensitive data on social-housing application forms (health, disability, ethnic origin); to share communication history with a new landlord when a tenant transfers between managed properties; and to place non-essential cookies on the Platform.
• Legal obligation (Art. 6(1)(c)) — to retain records required by HMRC and UK tax law, anti-money-laundering rules, right-to-rent obligations, tenancy deposit protection rules, and to respond to lawful requests from regulators, courts or law enforcement.
• Vital interests and substantial public interest (Art. 6(1)(d), Art. 9(2)(g)) — to process safeguarding and risk-assessment information for social-housing tenants where this is necessary to protect an individual's life, safety or wellbeing, and to enable local authorities and registered social-housing providers to meet their statutory duties.
• Usage data — usage data is used to improve the usability, reliability and functionality of PropFlow, to detect abuse, and to provide contextual in-app training and support.

We do not sell your personal data. We only share your personal data with third-party service providers where necessary to deliver the Platform (see section F), with your landlord, agent or property manager (where they are the controller of your data), or where we are required to do so by law, regulation or a valid legal request.

We keep your personal information only for as long as necessary to provide the services and support you require, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.

Typical retention periods:

Where commercial or tax law requires longer retention, the storage period for certain data may be up to 10 years. Retention periods may also be extended where necessary to pursue our legitimate interests (for example, to guarantee data security, prevent misuse, defend legal claims or prosecute criminal offences).

We are committed to respecting your data-privacy rights and to providing the best possible customer experience. You can exercise the rights below at any time by contacting us at privacy@propflow.ai or support@propflow.ai, or by writing to PropFlow AI Ltd at [REGISTERED ADDRESS TO BE INSERTED].

You have the right to:

• Ask for a copy of the personal information we hold about you (right of access).
• Ask us to correct any inaccurate or incomplete personal information (right to rectification).
• Ask us to delete, block or restrict processing of some of your personal details, subject to legal exceptions (right to erasure and right to restriction).
• Ask us to provide your data in a portable, machine-readable format, or to transmit it to another service provider where technically feasible (right to data portability).
• Withdraw any consent you have previously given. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Object to processing that is based on our legitimate interests, including profiling.
• Object at any time to the use of your data for direct marketing. You can unsubscribe from marketing emails by clicking the “unsubscribe” link at the bottom of any marketing email.
• Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. Where PropFlow uses AI agents to draft messages, triage enquiries or score applications, a human within the relevant landlord or agent organisation remains responsible for the final decision.
• File a complaint with the competent supervisory authority — in the UK, the Information Commissioner's Office (ICO).

Where you are a tenant, applicant, guarantor or similar data subject of a PropFlow customer, your landlord, letting agent or property manager is usually the controller of your data. In that case we will assist them in responding to your request, but you should also contact them directly.

If you are not satisfied with our service or with how we process your personal information, please contact us first so we can try to resolve the issue. You can reach our Data Protection Officer (or designated representative) at any time by sending an email to dpo@propflow.ai (or privacy@propflow.ai).

If you remain unhappy, you have the right to submit a complaint to the Information Commissioner's Office. You can do this via the ICO's website at ico.org.uk/make-a-complaint or by calling the ICO helpline on 0303 123 1113.

We have appropriate technical and organisational security measures in place to prevent personal information from being accidentally lost, destroyed, used or accessed in an unauthorised way. These include:

• Encryption in transit (TLS) and at rest for all data stored in our infrastructure.
• Row-Level Security (RLS) policies in our database to enforce organisation scoping, so that one PropFlow customer cannot access another customer's data.
• Role-based access controls, least-privilege permissions and audit logging for all administrative actions.
• Trace-ID propagation across the Platform so that every request, database write and external API call can be reconstructed for incident investigation.
• PII scrubbing in application logs and error reports.
• Rate limiting, input validation, file-type verification (magic-byte checks) and circuit breakers on external APIs.
• Suspension and anomaly-detection workflows with human review before any long-term account action is taken.

We limit access to your personal information to staff and contractors who have a genuine business need to know it. Everyone with access is bound by a duty of confidentiality and is trained on data protection.

We also have documented procedures to deal with any suspected data breach. Where we are legally required to do so, we will notify the ICO within 72 hours and, where appropriate, notify you directly and without undue delay.

Where we have given you (or where you have chosen) a password that enables you to access parts of the Platform, you are responsible for keeping that password confidential. Please do not share your password with anyone. Use of one-time codes (WhatsApp/SMS/email) and multi-factor authentication is encouraged wherever available.

Like most websites, our Platform uses cookies and similar technologies. “Cookies” are small pieces of information placed on your device that allow the Platform to recognise you when you return.

PropFlow uses cookies for the following purposes:

• Strictly necessary cookies — to log you in, maintain your session, remember your organisation context, provide CSRF protection and keep the Platform functional. These cookies cannot be turned off.
• Preference cookies — to remember choices such as your selected theme, timezone (the Platform displays times in Europe/London) or dashboard view.
• Analytics and performance cookies — on our marketing site (www.propflow.co.uk) and within the app, to measure how users find and use the Platform so we can improve it. These are only set with your consent via the cookie banner.

We do not use advertising or cross-site tracking cookies.

You may refuse to accept non-essential cookies via our cookie banner or by adjusting your browser settings. If you disable strictly necessary cookies, parts of the Platform may not function correctly (for example, you may not be able to stay logged in).

Full details of each cookie we use are set out in our Cookie Notice, which is accessible from the footer of the marketing site and from the account menu in-app.

The Platform may contain links to other websites run by other organisations — for example, links to compliance guidance, government services (e.g. the EPC register), payment providers, or third-party property portals. Despite our best efforts to link only to reputable destinations, we are not responsible for the privacy practices of those organisations or for the content of their websites. We encourage you to read the privacy notice of any third-party website before providing it with any personal information.

This Policy is kept under regular review. The date of the last update was: 24/04/2026.

All updates to this Privacy Policy will be shown on this page. If you have a registered account on the Platform, we will notify you of material changes by email or via an in-app notice before they take effect.

You can obtain further information about UK data protection law by visiting the Information Commissioner's Office website at www.ico.org.uk.

Useful links:

• Data Protection Act 2018: legislation.gov.uk/ukpga/2018/12/contents
• UK GDPR guidance (ICO): ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources
• Guide to the right-to-rent check: gov.uk/check-tenant-right-to-rent-documents
• Tenancy deposit protection schemes: gov.uk/tenancy-deposit-protection

If you have any questions about this Privacy Policy, about how we process your personal information, or if you wish to exercise any of your data-subject rights, please email us at privacy@propflow.ai. For general support questions, email support@propflow.ai.