Legal
Privacy Policy
Effective 14 May 2026 · We'll bump this date and email account admins whenever we make material changes.
1. Who we are
Proprietas Technologies, Inc. (“Proprietas”, “we”, “us”) is the controller of personal data we collect through https://proprietas.app and the connected web and email products. Our registered office is [Registered office address — confirm via Stable before launch] (company number [Delaware file number — replace once incorporation completes]).
When a Proprietas customer (an organisation) uses our platform to process personal data about its tenants, contractors, or staff, Proprietas acts as a processor on that customer's behalf. The customer remains the controller of that data and signs a Data Processing Agreement with us before paying.
2. What we collect — and our role for each
Our GDPR role depends on whose data it is. For data about you as a Proprietas user, we are the controller. For data your organisation puts into the platform about its tenants and contractors, we are a processor acting on the organisation's instructions under a Data Processing Agreement.
2.1 Data we collect as controller (about you)
- Account data — your name, work email, the organisation you belong to, your role, when you last signed in.
- Operational logs — IP address, user agent, request path, and audit-event metadata. Used for security and incident investigation.
2.2 Data we process on behalf of your organisation (as processor)
When your organisation uploads documents or fills in workspace records, the organisation is the controller of any third-party personal data inside them and Proprietas is the processor. We process this data only on the organisation's documented instructions in the DPA they sign with us.
- Workspace data — sites, properties, compliance obligations and certificates, leases, work orders, contractor records, audit log. Some of this contains personal data about third parties (e.g. tenant names on a lease, contractor Gas Safe numbers).
- Uploaded document files — PDFs you upload (Fire Risk Assessments, EICRs, gas safety certificates, leases). These may contain personal data we don't see in advance.
Because Proprietas is a processor for this category, we don't decide its lawful basis — your organisation does, in its own privacy notice to the data subjects it serves. Our obligations are the processor obligations under Article 28: security, sub-processor management, breach notification to the controller, and acting only on documented instructions.
We do not access the contents of uploaded documents for any purpose other than processing them for your organisation (AI extraction, full-text search, audit-pack assembly). Staff access to document contents requires the organisation to enable support access in Settings → Security; every such access is recorded in the organisation's audit log.
3. Why we process it (lawful basis)
The bases below apply to data we collect as controller (Section 2.1). For data we hold as a processor (Section 2.2), the basis is defined by your organisation's privacy notice and DPA.
- Contract performance (Article 6(1)(b)) — running your account, processing payments, sending the transactional emails the product depends on.
- Legitimate interest (Article 6(1)(f)) — operational logs, fraud and abuse prevention, product analytics on aggregated usage. You can object to this at any time.
- Legal obligation (Article 6(1)(c)) — retaining billing records for HMRC.
- Consent (Article 6(1)(a)) — marketing emails. Opt-in only, opt-out any time.
4. Sub-processors
We share data with a small set of third parties to deliver the service. The complete list — with purpose, jurisdiction, and transfer mechanism for each — is at /sub-processors. We give account admins 30 days' notice before adding or changing a sub-processor.
5. How long we keep it
Storage Limitation (Article 5(1)(e)) — we keep each data category only as long as we need to. After that, an automated retention job purges or anonymises the data.
| Category | Retention | Reason |
|---|---|---|
| Magic-link verification tokens | 1 day after expiry | Security — used tokens are cleaned up to prevent replay attacks. |
| Logged-out sessions | 7 days after expiry | Operational — short grace window for support investigations. |
| Soft-deleted organisations and documents | 30 days | Undo window. After 30 days these are hard-deleted from the database and from object storage. |
| AI assistant conversations | 13 months | Operational — long enough to provide history; short enough to honour storage limitation. |
| Audit events | 7 years | Compliance — FRA/EICR/Gas Safety regulations expect 5–7 years of record retention, mirrored here. |
| Expired leases and tenancy records | 7 years from end date | HMRC tenancy retention requirement. |
| Cancelled subscriptions and invoices | 7 years | HMRC payment-record retention requirement. |
| Anonymised user accounts (post-erasure) | Indefinite, anonymised only | Audit-trail integrity — the actor field on historical AuditEvents continues to reference an anonymised user id with no PII attached. |
6. Your rights
Under UK GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. Most are self-service in the app.
- Access & portability — Settings → Account → Download my data produces a machine-readable JSON export.
- Rectification — edit your profile at Settings → Profile; correct workspace data from the relevant record.
- Erasure — Settings → Account → Delete my account anonymises your account and removes your personal data. Workspace records (e.g. audit events you authored) keep an anonymised reference so the customer's audit trail stays intact.
- Restriction & objection — email privacy@proprietas.app and we'll action within 30 days.
If we don't respond to your satisfaction you can complain to the Information Commissioner's Office (ICO) at ico.org.uk.
7. International transfers
Customer data is hosted in the UK or EU by default. A small number of sub-processors are based in the United States (notably Anthropic, who provide the AI extraction engine). Transfers to those processors are covered by the EU Standard Contractual Clauses and the UK International Data Transfer Addendum, and we have completed a transfer impact assessment for each.
8. Cookies
We set one cookie: authjs.session-token, which keeps you signed in. It is strictly necessary for the service and therefore exempt from consent requirements under PECR. We do not run analytics or marketing pixels. If that changes we'll publish a cookie notice and add a consent banner first.
9. Security
Data is encrypted in transit (TLS) and at rest. Sensitive columns (tenant contact details, contractor identifiers, lease parties) carry an additional layer of application-level encryption. Access is multi-tenant-scoped: every customer org is isolated at the query level and every write is recorded in the audit log. We disclose security incidents that affect your data to the affected account's admins without undue delay and to the ICO within 72 hours where required.
10. Changes to this policy
We'll bump the effective date at the top whenever this policy changes, and email account admins for material changes with at least 30 days' notice before they take effect. Editorial changes (typo fixes, link updates) won't trigger a notification.
11. Contact
Privacy questions: privacy@proprietas.app. Security disclosures: security@proprietas.app. Everything else: hello@proprietas.app.