Proprietas

Legal

Privacy Policy

Effective 14 June 2026 · We'll bump this date and email account admins whenever we make material changes.

1. Who we are

Proprietas Technologies, Inc. (“Proprietas”, “we”, “us”) is the controller of personal data we collect through https://proprietas.app and the connected web and email products. We are a Delaware C-Corporation with registered office at 2810 N Church St STE 88260, Wilmington, DE 19802, USA.

When a Proprietas customer (an organisation) uses our platform to process personal data about its tenants, contractors, or staff, Proprietas acts as a processor on that customer's behalf. The customer remains the controller of that data and signs a Data Processing Agreement with us before paying.

1.1 Where we operate and why UK GDPR applies

Although the company is incorporated in Delaware, Proprietas is built for and operated from the United Kingdom. Our customers are UK-based estates teams, our hosting is UK / EU, and the personal data we process belongs overwhelmingly to UK data subjects. Under Article 3(2) of the UK GDPR, the regulation applies to controllers and processors outside the UK when they offer services to data subjects in the UK — which we do. We therefore comply with UK GDPR (and, where applicable for EU data subjects, the EU GDPR) regardless of where the entity is incorporated.

Because we are established outside the UK, Article 27 UK GDPR requires us to appoint a representative in the UK who can receive privacy-related correspondence on our behalf. If we process personal data of EU data subjects, Article 27 EU GDPR requires an EU representative as well. See Section 13 for current representative details.

2. What we collect — and our role for each

Our GDPR role depends on whose data it is. For data about you as a Proprietas user, we are the controller. For data your organisation puts into the platform about its tenants and contractors, we are a processor acting on the organisation's instructions under a Data Processing Agreement.

2.1 Data we collect as controller (about you)

  • Account data — your name, work email, the organisation you belong to, your role, when you last signed in.
  • Operational logs — IP address, user agent, request path, and audit-event metadata. Used for security and incident investigation.

2.2 Data we process on behalf of your organisation (as processor)

When your organisation uploads documents or fills in workspace records, the organisation is the controller of any third-party personal data inside them and Proprietas is the processor. We process this data only on the organisation's documented instructions in the DPA they sign with us.

  • Workspace data — sites, properties, compliance obligations and certificates, leases, work orders, contractor records, audit log. Some of this contains personal data about third parties (e.g. tenant names on a lease, contractor Gas Safe numbers).
  • Uploaded document files — PDFs you upload (Fire Risk Assessments, EICRs, gas safety certificates, leases). These may contain personal data we don't see in advance.

Because Proprietas is a processor for this category, we don't decide its lawful basis — your organisation does, in its own privacy notice to the data subjects it serves. Our obligations are the processor obligations under Article 28: security, sub-processor management, breach notification to the controller, and acting only on documented instructions.

We do not access the contents of uploaded documents for any purpose other than processing them for your organisation (AI extraction, full-text search, audit-pack assembly). Staff access to document contents requires the organisation to enable support access in Settings → Security; every such access is recorded in the organisation's audit log.

3. Why we process it (lawful basis)

The bases below apply to data we collect as controller (Section 2.1). For data we hold as a processor (Section 2.2), the basis is defined by your organisation's privacy notice and DPA.

  • Contract performance (Article 6(1)(b)) — running your account, processing payments, sending the transactional emails the product depends on.
  • Legitimate interest (Article 6(1)(f)) — operational logs, fraud and abuse prevention, product analytics on aggregated usage. You can object to this at any time.
  • Legal obligation (Article 6(1)(c)) — retaining billing records for HMRC.
  • Consent (Article 6(1)(a)) — marketing emails. Opt-in only, opt-out any time.

4. Sub-processors

We share data with a small set of third parties to deliver the service. The complete list — with purpose, jurisdiction, and transfer mechanism for each — is at /sub-processors. We give account admins 30 days' notice before adding or changing a sub-processor.

5. How long we keep it

Storage Limitation (Article 5(1)(e)) — we keep each data category only as long as we need to. After that, an automated retention job purges or anonymises the data.

CategoryRetentionReason
Magic-link verification tokens1 day after expirySecurity — used tokens are cleaned up to prevent replay attacks.
Logged-out sessions7 days after expiryOperational — short grace window for support investigations.
Soft-deleted organisations and documents30 daysUndo window. After 30 days these are hard-deleted from the database and from object storage.
AI assistant conversations13 monthsOperational — long enough to provide history; short enough to honour storage limitation.
Audit events7 yearsCompliance — FRA/EICR/Gas Safety regulations expect 5–7 years of record retention, mirrored here.
Expired leases and tenancy records7 years from end dateHMRC tenancy retention requirement.
Cancelled subscriptions and invoices7 yearsHMRC payment-record retention requirement.
Anonymised user accounts (post-erasure)Indefinite, anonymised onlyAudit-trail integrity — the actor field on historical AuditEvents continues to reference an anonymised user id with no PII attached.

6. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. Most are self-service in the app.

  • Access & portability Settings → Account → Download my data produces a machine-readable JSON export.
  • Rectification — edit your profile at Settings → Profile; correct workspace data from the relevant record.
  • ErasureSettings → Account → Delete my account anonymises your account and removes your personal data. Workspace records (e.g. audit events you authored) keep an anonymised reference so the customer's audit trail stays intact.
  • Restriction & objection — email privacy@proprietas.app and we'll action within 30 days.

If we don't respond to your satisfaction you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.

7. International transfers

Customer data is hosted in the UK or EU by default. A small number of sub-processors are based in the United States (notably Anthropic, who provide the AI extraction engine). Transfers to those processors are covered by the EU Standard Contractual Clauses and the UK International Data Transfer Addendum, and we have completed a transfer impact assessment for each.

8. Cookies

Essential. We set a single sign-in (session) cookie that keeps you logged in. It is strictly necessary for the service and exempt from consent under PECR, so it is always on. The signed-in app sets no advertising cookies.

Analytics (optional). We use PostHog — a privacy-focused product-analytics tool, hosted in the EU and served first-party from our own domain — to understand how the product and our marketing pages are used (which features people rely on, where they get stuck). Autocapture and session replay are switched off: we record only explicit, structural events (e.g. “work order created”, page paths) keyed to an internal id, never document contents, names, or form fields. PostHog sets cookies only if you grant analytics consent — on both the marketing site and the signed-in app.

Advertising (optional). On our public marketing pages we use Google Ads tags to measure which ad campaigns lead to sign-ups. These set advertising cookies only if you allow them, and only on the marketing site — never inside the signed-in app.

We run a first-party consent banner. Until you choose, analytics and advertising default to denied — PostHog captures nothing, and Google (via Consent Mode v2) runs in a cookieless, modelled mode, so no analytics or advertising cookies are set. You can Accept all, Reject all, or choose by category (Essential / Analytics / Advertising). We store your choice for a year and re-ask after that; you can change it at any time by clearing this site's cookies to bring the banner back.

9. Security

Data is encrypted in transit (TLS) and at rest. Sensitive columns (tenant contact details, contractor identifiers, lease parties) carry an additional layer of application-level encryption. Access is multi-tenant-scoped: every customer org is isolated at the query level and every write is recorded in the audit log. We disclose security incidents that affect your data to the affected account's admins without undue delay and to the ICO within 72 hours where required.

10. Changes to this policy

We'll bump the effective date at the top whenever this policy changes, and email account admins for material changes with at least 30 days' notice before they take effect. Editorial changes (typo fixes, link updates) won't trigger a notification.

11. Our UK and EU representatives (Article 27)

Because Proprietas Technologies, Inc. is established outside the UK and EU, we have appointed representatives in each jurisdiction to receive privacy-related correspondence on our behalf. Data subjects in the UK or EU may contact our representatives directly about anything covered by this policy — they will route the query to us.

  • UK representative (Art. 27 UK GDPR): [UK Article 27 representative — appoint via Prighter / VeraSafe / equivalent before launch]
  • EU representative (Art. 27 EU GDPR): [EU Article 27 representative — appoint when first EU customer lands]

You can also write directly to us at privacy@proprietas.app — going through the representative is your right, not your only option.

12. Supervisory authority

If you believe we are processing your personal data unlawfully you have the right to complain to the Information Commissioner's Office (ICO) as the UK supervisory authority. EU data subjects may complain to their local supervisory authority (the data protection authority in their member state). Either way, we'd rather you came to us first so we can fix whatever you're unhappy with.

13. Contact

Privacy questions: privacy@proprietas.app. Security disclosures: security@proprietas.app. Everything else: hello@proprietas.app.

Privacy Policy | Proprietas