Privacy Policy

Property Automations AI ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, submit enquiries, or engage our services.

We are a B2B automation consultancy registered in England and Wales, providing custom AI systems for property management companies.

This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Property Automations AI is registered with the Information Commissioner's Office (ICO) as required under UK data protection law. ICO Registered — Registration No. Pending.

When you visit our website or submit an enquiry:

We act as the DATA CONTROLLER. We determine the purposes and means of processing your personal data (such as your name, email, and enquiry details).

When we provide automation services to clients:

We act as the DATA PROCESSOR on behalf of our clients, who are the data controllers. In this capacity, we process personal data (such as property details, clerk information, tenant data, inspection reports, and photographs) strictly in accordance with our client's instructions and as set out in a Data Processing Agreement (DPA).

The data controller responsible for website visitor and enquiry data is:

Information you provide directly (as a website visitor or prospective client):

• Full name
• Company name
• Work email address
• Job title or role
• Company staff count
• Details of your operational challenges (as submitted via our audit request form)
• Any other information you choose to provide in correspondence with us

Information collected automatically when you visit our website:

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on our website
• Referring website or source
• Device information

Cookies and similar technologies:

• We use essential cookies to ensure our website functions correctly
• We may use analytics cookies to understand how visitors interact with our website
• You can manage cookie preferences through your browser settings

Data processed on behalf of clients (as a data processor):

When delivering our automation services, we may process the following types of data on behalf of our clients:

• Property addresses, tenancy details, and landlord information
• Clerk personal details, contact information, location data, and availability
• Property inspection photographs and report content
• Invoices and financial documents
• DBS check status and training progress records
• Keys and access information
• Communication records (emails, messages, notifications)
• CV and job application data

This data is processed solely in accordance with the client's instructions and the terms of our Data Processing Agreement.

We use personal data collected directly from website visitors and prospective clients for the following purposes:

All data is hosted on UK-based cloud infrastructure using Amazon Web Services (AWS) UK region. This means:

• Client data and system data remain within the United Kingdom
• Infrastructure benefits from AWS enterprise-grade security certifications
• Data residency requirements under UK GDPR are met by default
• Systems are scalable and maintained with industry-standard security practices

Our website is hosted on Vercel. Website analytics and form submission data may be processed in accordance with Vercel's privacy policy, though we ensure appropriate safeguards are in place.

We do not sell your personal data to third parties.

We may share your data with the following categories of recipients where necessary:

• Cloud infrastructure providers: Amazon Web Services (AWS) UK region for data hosting and processing.
• Technology platform providers: Our automation solutions may use third-party platforms including n8n, Supabase, Telegram, Airtable, ElevenLabs, OpenAI, and Anthropic. Where these services are used, appropriate data processing arrangements are in place.
• Property management platform providers: Including Inventory Hive, Zoho, and email service providers, connected via secure OAuth authentication.
• Website hosting provider: Vercel, for hosting our website.
• Analytics providers: We may use analytics tools to understand website usage.
• Professional advisors: Including accountants, lawyers, and insurers where necessary.
• Legal and regulatory authorities: Where required by law or to protect our legal rights.

Where we engage sub-processors to assist in delivering our services, this is done in accordance with our Data Processing Agreements with clients, and appropriate security and data protection measures are maintained.

Our automation systems connect to third-party platforms and client systems using secure methods:

• OAuth authentication: We use industry-standard OAuth protocols for connecting to platforms such as Zoho, email providers, and property management tools. This means we never store your third-party platform usernames or passwords.
• API security: All API connections use encrypted channels (HTTPS/TLS).
• Revocable access: You can revoke our system's access to connected platforms at any time through the respective platform's settings.

Our primary infrastructure is hosted in the UK. However, some of the third-party services we use may process limited data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the UK Secretary of State
• Standard contractual clauses approved by the Information Commissioner's Office (ICO)
• Other appropriate safeguards as permitted by UK GDPR

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Audit request and enquiry data: Retained for up to 24 months from the date of submission, or longer if you become a client.
• Client data (where we act as controller): Retained for the duration of the client relationship and for up to 6 years afterwards to comply with legal and contractual obligations.
• Client data (where we act as processor): Retained and deleted in accordance with the terms of the Data Processing Agreement with the relevant client. Upon termination of services, client data is securely returned or deleted as specified in the DPA.
• Website analytics data: Retained for up to 26 months.
• Marketing communication records: Retained until you opt out, plus a suppression record to ensure we respect your preferences.

You may request deletion of your personal data at any time by contacting us at info@propertyautomationsai.com. Upon receiving a valid deletion request:

• We will delete or anonymise your personal data within 30 days
• We will confirm the deletion to you in writing
• Where data has been shared with third-party processors, we will instruct them to delete the data
• Some data may be retained where we have a legal obligation to do so (for example, financial records required for tax purposes), but this will be explained to you

For data we process on behalf of clients (as a data processor), deletion requests should be directed to the relevant client (the data controller), who will instruct us accordingly.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request correction of any inaccurate or incomplete personal data.
• Right to erasure: You can request deletion of your personal data in certain circumstances.
• Right to restrict processing: You can request that we limit how we use your data in certain circumstances.
• Right to data portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
• Right to object: You can object to our processing of your personal data where we rely on legitimate interest as our legal basis.
• Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, please contact us at info@propertyautomationsai.com. We will respond to your request within one month. If your request is complex, we may extend this by a further two months, but we will inform you of any extension within the initial one-month period.

There is no fee for exercising your rights in most circumstances.

In the event of a personal data breach, we will:

• Assess the breach and its potential impact without undue delay
• Where required, notify the ICO within 72 hours of becoming aware of the breach
• Where the breach is likely to result in a high risk to your rights and freedoms, notify affected individuals without undue delay
• Where we are acting as a data processor, notify the relevant client (data controller) without undue delay so they can fulfil their own notification obligations
• Document the breach, its effects, and the remedial action taken

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• UK-based hosting on AWS with enterprise-grade security certifications
• Encryption of data in transit using SSL/TLS
• Secure OAuth authentication for all third-party platform integrations
• Two-factor authentication on our internal systems
• Role-based access controls limiting who can view personal data
• Regular review of data processing practices and security measures
• Use of reputable, security-certified third-party service providers
• Secure deletion procedures for data no longer required

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.

If you have any questions about this Privacy Policy, our data processing practices, or how we handle your personal data, please contact us:

Property Automations AI

Email: info@propertyautomationsai.com

Website: propertyautomationsai.com