TenancyOS
Template pending review: complete the company details below and obtain professional legal review before relying on this document with customers.

Privacy Policy

Last updated: 9 June 2026

This policy explains how [COMPANY NAME] (company number [COMPANY NUMBER], registered office [REGISTERED ADDRESS]) collects and processes personal data when you use TenancyOS. For account holders and website visitors we act as a data controller. For the tenant, landlord, and contractor records that customer organisations store in the product, we act as a data processor on the customer's instructions.

1. Data we collect as a controller

When you create an account or contact us we collect:

  • account data: name, email address, organisation name, and role;
  • billing data: subscription plan and payment status (card details are held by Stripe, not by us);
  • usage analytics: product events captured through PostHog only after you opt in, with hashed identifiers and no tenant, landlord, address, or document content;
  • support and email data: messages you send us and delivery metadata for transactional email sent through Resend;
  • technical logs and error reports captured through Sentry with personal identifiers redacted.

2. Data we process on behalf of customers

Customer organisations store records about properties, tenancies, tenants, landlords, contractors, repair cases, compliance certificates, documents, and evidence packs. This data is processed only to provide the service, is isolated per organisation with row-level security, and is never used for advertising or sold to third parties. Data subject requests relating to this data should be directed to the customer organisation that controls it; we provide DSAR support tooling to help customers respond.

3. Lawful bases

We rely on contract performance to deliver the service, legitimate interests for security, fraud prevention, and service improvement, consent for optional analytics cookies, and legal obligation for accounting records.

4. Sub-processors and hosting

We use the following sub-processors:

  • Supabase (database, authentication, file storage) — hosted in London, United Kingdom / EU region;
  • Vercel (application hosting and delivery);
  • Stripe (payments and subscription billing);
  • Resend (transactional email);
  • PostHog (EU-hosted product analytics, only after opt-in consent);
  • Sentry (error monitoring with PII redaction).

5. Retention

Account data is retained while your account is active and deleted or anonymised after closure, subject to statutory retention of billing records. Organisation data, including evidence archives, follows the retention settings configured by the organisation and the retention metadata recorded on each archive. Backups are retained on a rolling schedule and then expire automatically.

6. Security

Data is encrypted in transit, stored in private buckets with organisation-scoped access policies, protected by row-level security at the database layer, and covered by append-only audit and access logs. Access to production systems is restricted and credentialed.

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, object to, and port your personal data, and to withdraw consent at any time where processing is based on consent. To exercise these rights contact [SUPPORT EMAIL]. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

8. International transfers

Primary data storage is in the United Kingdom/EU. Where a sub-processor processes data outside the UK, transfers are protected by UK adequacy regulations or the UK International Data Transfer Addendum.

9. Contact

Data protection enquiries: [SUPPORT EMAIL]. Postal address: [REGISTERED ADDRESS]. ICO registration number: [ICO REGISTRATION NUMBER].

Analytics consent

Help improve onboarding, evidence packs, and billing flows. Tenant and property details are never sent.