Privacy Policy

Last updated: 5 February 2026

1. Data Controller

PocketLord ("we", "us", "our") is the data controller responsible for your personal data. If you have questions about this policy or your data, contact us at:

• Email: support@pocketlord.com

2. What Data We Collect

We collect the following categories of personal data:

• Account information: Name, email address, phone number, and user role (landlord, letting agent, inspector, or tenant)
• Property information: Property addresses, descriptions, and associated details
• Tenant information: Tenant details, tenancy dates, and contact information (managed by landlords or letting agents)
• Maintenance requests: Descriptions, photographs, priority levels, status updates, and communication history
• Documents and photographs: Property documents (gas certificates, EICRs, EPCs, tenancy agreements), inspection reports, and photographs you upload
• Messages: Communications sent through the in-app messaging system
• Payment information: Subscription and billing data processed by our payment provider (Stripe). We do not store your full card details.
• Technical data: Device type, operating system, and app usage analytics to improve our service

3. How We Use Your Data

We use your data to:

• Provide and maintain the PocketLord property management service
• Enable communication between landlords, letting agents, inspectors, and tenants
• Store and manage property documents, inspection reports, and maintenance records
• Process maintenance requests and track their resolution
• Send service notifications (e.g. maintenance updates, document expiry alerts)
• Process payments and manage subscriptions
• Generate inspection reports and PDF exports
• Improve the functionality and reliability of our service

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Contract performance (Article 6(1)(b)): Processing necessary to provide the services you have signed up for, including account management, property management features, and communications.
• Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate interests, such as improving our service, preventing fraud, and ensuring security. We balance these interests against your rights and freedoms.
• Consent (Article 6(1)(a)): Where you have given consent, such as for optional marketing communications. You can withdraw consent at any time.
• Legal obligation (Article 6(1)(c)): Where we are required to process data to comply with legal obligations, such as financial record-keeping.

5. Data Retention

We retain your personal data as follows:

• Active accounts: Data is retained for as long as your account is active and you use our services.
• Account deletion: When you delete your account (available in-app under Profile), your personal information (name, email, phone number) is anonymised immediately. Business records such as maintenance requests, inspection reports, and messages are retained in anonymised form as may be required for legal and regulatory purposes.
• Inactive accounts: We may contact you if your account has been inactive for an extended period and may delete inactive accounts after 24 months of inactivity with prior notice.
• Financial records: Payment and billing records are retained for 7 years in accordance with UK tax and accounting requirements.

6. Data Sharing

We do not sell your personal data to third parties.

Your data may be shared with:

• Other users in your property relationship: Landlords can see tenant data for their properties. Tenants can see their landlord's contact details. Letting agents can see data for properties they manage.
• Service providers: We use the following third-party services to deliver our platform:
  • Google Cloud Platform / Firebase: Cloud hosting, database, authentication, file storage, and push notifications (Google Privacy Policy)
  • Stripe: Payment processing (Stripe Privacy Policy)
  • SendGrid: Transactional email delivery (SendGrid Privacy Policy)
• Legal requirements: We may disclose data if required by law, regulation, or legal process.

7. Data Storage and Security

Your data is stored securely on Google Cloud Platform (Firebase) infrastructure. We implement the following security measures:

• Encryption in transit using TLS/HTTPS
• Encryption at rest for stored data
• Firebase Authentication for secure sign-in
• Role-based access controls ensuring users only access data they are authorised to see
• Firestore security rules enforcing data access permissions at the database level

Data is primarily stored in Google Cloud data centres. Some data may be processed in regions outside the UK in accordance with Google's data processing terms, which include appropriate safeguards for international transfers.

8. Camera and Photo Library

The app may request access to your device camera and photo library to allow you to:

• Photograph maintenance issues for reporting
• Capture images during property inspections
• Upload property documents and certificates

Photographs are only uploaded when you explicitly choose to attach them. We do not access your camera or photos without your action.

9. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data. You can update your name and phone number directly in the app.
• Right to erasure (right to be forgotten): Request deletion of your personal data. You can delete your account directly from the Profile screen in the app, or contact us.
• Right to data portability: Request your data in a structured, commonly used, machine-readable format.
• Right to restrict processing: Request that we limit how we use your data in certain circumstances.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at support@pocketlord.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.

10. Children's Privacy

PocketLord is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Cookies and Analytics

Our web application uses essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. We may use anonymised analytics data to understand how our service is used and improve it.

12. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you by email or through the app. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Legal Compliance

This privacy policy is designed to comply with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations 2003 (PECR)
• Apple App Store and Google Play Store privacy requirements