Privacy Policy
Last updated: 18 February 2026
Proplio ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our compliance tracking platform ("the Service"). We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
Proplio is the data controller for the personal data processed through the Service. If you have any questions about this policy, please contact us at support@proplio.co.
2. What Data We Collect
Account Information
- Name and email address (provided at registration)
- Agency/organisation name
- Hashed password (we never store plain-text passwords)
Property and Compliance Data
- Property addresses and details
- Tenant names, email addresses, and phone numbers
- Compliance certificate details (types, references, dates, uploaded files)
Billing Data
- Payment and subscription information is processed by Stripe. We store your Stripe customer ID and subscription status but do not store card details.
Usage Data
- IP addresses, browser type, and device information (collected automatically for security and analytics)
- Error reports via Sentry for service reliability
3. How We Use Your Data
We process your personal data for the following purposes:
- Providing the Service: Managing your account, tracking compliance records, sending deadline reminders (legal basis: contract performance)
- Email communications: Sending compliance reminders and service notifications via Resend (legal basis: contract performance)
- Billing: Processing subscription payments via Stripe (legal basis: contract performance)
- Security: Protecting against unauthorised access and abuse (legal basis: legitimate interest)
- Service improvement: Monitoring errors and performance (legal basis: legitimate interest)
4. Third-Party Services
We share data with the following third-party processors, all of whom have appropriate data processing agreements in place:
| Provider | Purpose | Data Shared |
|---|---|---|
| Vercel | Hosting and infrastructure | Application data, request logs |
| Neon | Database hosting | All application data |
| Stripe | Payment processing | Email, subscription details |
| Resend | Email delivery | Email addresses, notification content |
| Sentry | Error monitoring | Error logs, request metadata |
Vercel
Hosting and infrastructure
Data: Application data, request logs
Neon
Database hosting
Data: All application data
Stripe
Payment processing
Data: Email, subscription details
Resend
Email delivery
Data: Email addresses, notification content
Sentry
Error monitoring
Data: Error logs, request metadata
5. Data Retention
- We retain your data for as long as your account is active
- If you cancel and close your account, we delete your data within 30 days
- Exception: data we are required by law to retain longer (e.g. financial records for HMRC)
6. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Passwords hashed with bcrypt
- Rate limiting on authentication endpoints
- Security headers (CSP, HSTS, etc.)
- Regular security updates and dependency monitoring
7. Your Rights
Under UK GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Request your data in a machine-readable format (CSV export is available in the Service)
- Restriction: Request that we limit processing of your data
- Objection: Object to processing based on legitimate interest
To exercise any of these rights, contact us at support@proplio.co. We will respond within 30 days.
8. Cookies
- We use essential cookies only (a session cookie to keep you logged in)
- We do not use tracking, advertising, or third-party analytics cookies
- No cookie consent banner is required as we only use strictly necessary cookies
9. International Transfers
- Your data is primarily stored in EU/UK data centres
- Where data is transferred outside the UK (e.g. to US-based processors such as Vercel and Stripe), we ensure appropriate safeguards are in place
- Safeguards include Standard Contractual Clauses (SCCs) and adequacy decisions
10. Children
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
11. Changes to This Policy
- We may update this Privacy Policy from time to time
- We will notify you of material changes via email
- The "Last updated" date at the top reflects the most recent revision
12. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
13. Contact
For any privacy-related questions, please contact us at support@proplio.co.