TenantBrain

Privacy Policy

Last updated: 16 December 2025

UK GDPR Compliant

TenantBrain is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains how we collect, use, and protect your personal data.

1. Introduction

TenantBrain ("we", "us", "our") operates the TenantBrain website and service. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

Data Controller:

TenantBrain

Email: privacy@tenantbrain.co.uk

2. Information We Collect

2.1 Information You Provide

When you register and use our Service, you may provide:

  • Account Information: Name, email address, password
  • Property Information: Property addresses, postcodes
  • Tenant Information: Tenant names, contact details, tenancy dates
  • Documents: Certificates, tenancy agreements, and other property documents you upload
  • Communication Data: Messages you send to our support team

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: IP address, browser type, operating system
  • Cookies: See our Cookie Policy for details
  • Log Data: Access times, error logs, system activity

2.3 Data Minimization

We only collect personal data that is necessary for providing and improving our Service. We do not collect sensitive personal data (e.g., health data, financial data) unless absolutely necessary and with your explicit consent.

3. How We Use Your Information

We use your personal data for the following purposes:

Service Provision

  • • Create and manage your account
  • • Store and organize your documents
  • • Send expiry reminders
  • • Provide customer support

Service Improvement

  • • Analyze usage patterns
  • • Improve features and functionality
  • • Fix bugs and technical issues
  • • Develop new features

Communication

  • • Send service notifications
  • • Respond to inquiries
  • • Send important updates
  • • Marketing (with consent)

Legal Compliance

  • • Comply with legal obligations
  • • Prevent fraud and abuse
  • • Enforce our terms
  • • Protect user safety

4. Legal Basis for Processing (UK GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you've signed up for
  • Legitimate Interests: Improving our Service, preventing fraud, ensuring security
  • Legal Obligation: Complying with laws and regulations
  • Consent: Marketing communications (you can withdraw consent at any time)

5. How We Share Your Information

We do NOT sell your personal data. We may share your data with:

  • Service Providers: Third-party companies that help us operate the Service (hosting, email delivery, analytics). These providers are contractually obligated to protect your data.
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (you will be notified)
  • With Your Consent: When you explicitly authorize us to share your data

We ensure all third parties comply with UK GDPR and have appropriate data protection measures in place.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Regular security audits and updates
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations (e.g., tax, accounting requirements)
  • Resolve disputes and enforce our agreements

Retention Periods:

  • • Active accounts: Data retained while account is active
  • • Deleted accounts: Most data deleted within 30 days
  • • Legal requirements: Some data retained for up to 7 years (e.g., financial records)
  • • Anonymized data: May be retained indefinitely for analytics

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Data Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests

Right to Restrict Processing

Limit how we use your data in certain circumstances

To exercise any of these rights, please contact us at privacy@tenantbrain.co.uk. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience and analyze usage:

  • Essential Cookies: Required for the Service to function (e.g., authentication)
  • Analytics Cookies: Help us understand how you use the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. International Data Transfers

Your data is primarily stored and processed in the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us & Complaints

If you have questions about this Privacy Policy or wish to exercise your rights, contact us:

Data Protection Officer

Email: privacy@tenantbrain.co.uk

Website: www.tenantbrain.co.uk

Right to Complain to ICO

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority, if you believe we have not handled your data properly.

ICO Website: ico.org.uk

Service DisclaimerTerms of ServiceBack to Home

Last updated: 16 December 2025

Version 1.0

Important: TenantBrain is a record-keeping and information tool only.

We are not solicitors, letting agents, financial advisors, or a regulatory authority. We do not provide legal, financial, or professional advice. All information is provided for general informational purposes only. You are solely responsible for ensuring compliance with all applicable laws and regulations. Always consult qualified professionals for legal, financial, or regulatory matters.

About TenantBrainContact UsRead full disclaimer →