Privacy Policy

havelo ("havelo", "we", "us", or "our") provides a property management platform for UK landlords, their tenants, and approved contractors. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of UK data protection law, havelo is the data controller for the personal data of landlord account holders, marketing site visitors, and applicants. When a landlord uses havelo to manage tenants, contractors, properties, and communications, havelo acts as a data processoron the landlord's behalf in respect of that data.

If you have any questions about this policy or wish to exercise your data rights, contact us at:

• Email: privacy@havelo.co.uk
• Postal address: havelo, United Kingdom

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

We collect the following categories of personal data:

• Account data: name, email address, password (stored as a salted hash), subscription tier, and account preferences.
• Property and tenancy data: addresses, property characteristics, rent amounts, tenancy dates, and related documents you upload (e.g. tenancy agreements, certificates).
• Tenant and contractor data: names, contact details, and tenancy or job-related information that you, as a landlord, enter into the platform.
• Communications data: emails sent or received via the platform, maintenance requests, and in-app messages.
• Billing data: subscription tier, invoices, and limited transaction metadata. Card details are handled by our payment processor and are not stored on our servers.
• Technical data: IP address, device and browser type, pages visited, and timestamps, collected via server logs and minimal analytics.

We process personal data for the following purposes, each with a lawful basis under UK GDPR Article 6:

• Providing the service (contract): creating your account, storing your property and tenancy records, generating documents, sending notifications, and providing the tenant and contractor portals.
• Billing and account administration (contract): managing subscriptions, invoicing, and fraud-prevention.
• Service improvement and security (legitimate interests): debugging, abuse prevention, and improving features. We balance these interests against your rights and you may object at any time.
• Legal compliance (legal obligation): responding to lawful requests and complying with tax, accounting, and regulatory obligations.
• Marketing communications (consent): occasional product updates, only where you have opted in. You can withdraw consent at any time.

havelo offers AI-assisted features (such as drafting tenant emails, summarising maintenance issues, and rent benchmarking). Where these features are used, the relevant inputs are sent to a third-party large language model provider strictly to generate the requested response. We do not permit our AI providers to use your data to train their models. AI outputs are suggestions only and you are responsible for reviewing them before relying on them.

We do not sell your personal data. We share it only with:

• Hosting and infrastructure providers: Microsoft Azure (UK and EU regions) for hosting, storage, and authentication.
• Payment processors: to handle subscription payments securely.
• Email delivery providers: to send transactional and notification emails on your behalf.
• AI service providers: to power AI-assisted features, under data processing agreements that prohibit training on your data.
• Professional advisers and authorities: where required by law or to protect our legal rights.

All processors are bound by written contracts requiring appropriate security and confidentiality measures.

Your data is primarily stored in the United Kingdom and European Economic Area. Where data is transferred outside the UK or EEA (for example, to certain AI service providers), we rely on UK adequacy decisions or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses.

We retain personal data only for as long as necessary for the purposes set out in this policy:

• Account and tenancy records: for the lifetime of your account and up to 7 years after closure, in line with UK tax and landlord record-keeping obligations.
• Billing records: 7 years to meet HMRC requirements.
• Server and security logs: typically up to 90 days.
• Marketing data: until you withdraw consent or after 24 months of inactivity, whichever is sooner.

We use industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, hashed passwords, role-based access controls, and audit logging. No system is completely secure; if we become aware of a personal data breach affecting your rights and freedoms, we will notify you and the ICO in line with our legal obligations.

Under UK GDPR, you have the right to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request deletion of your data (right to erasure);
• restrict or object to certain processing;
• request a portable copy of your data;
• withdraw consent at any time (where consent is the lawful basis); and
• not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you.

To exercise any of these rights, email privacy@havelo.co.uk. We will respond within one month.

We use a small number of strictly necessary cookies to keep you signed in and to remember your preferences. We do not use advertising cookies. If we introduce optional analytics cookies in the future, we will request your consent first.

havelo is not intended for use by children under 18 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date above and, where the changes are material, notify you by email or through the platform.