Skip to main content
PropOps stores separate records for tenants and landlords, each with their own level of access to job and property information. Privacy controls ensure that each party can only see what they need to see.
PropOps is designed to meet the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Personal data for tenants and landlords is encrypted at rest, access is role-controlled, and a full right-of-access export is available on request. Your organisation remains the data controller for the personal data you hold in PropOps.

Tenant records

A tenant record holds the contact information needed to manage maintenance jobs at their property.
FieldDescription
NameTenant’s full name
Primary phoneMain contact number
Work phoneSecondary contact number (optional)
EmailEmail address for notifications and correspondence
All personal data fields are encrypted at rest using XSalsa20-Poly1305 encryption, so even if the underlying data were accessed without authorisation, individual records cannot be read.

Linking tenants to jobs

When creating or editing a job, search for the tenant in the Tenants field and select them from the list. Multiple tenants can be linked to a single job (for example, a shared property). Linked tenants are listed on the job record and can receive job-related notifications.

Viewing a tenant’s jobs

Open a tenant record to see all jobs that have been linked to that tenant. This gives a complete history of maintenance work at their property without needing to search through the full jobs list.

Landlord access

Landlords have a read-only view of the jobs and properties associated with their portfolio. A landlord can see:
  • Job status and priority for their properties.
  • Job type and description.
  • Assigned agent and contractor names.
  • Key dates (created, scheduled, completed).
Landlords cannot see financial details, case notes, contractor pricing, or any data belonging to other landlords’ portfolios.

Privacy controls

PropOps enforces strict access boundaries between account types:
  • Tenants can only see jobs linked to their own record. They cannot see other tenants’ details, financial information, or internal case notes.
  • Landlords can only see jobs and properties within their own portfolio. They cannot see data belonging to other landlords.
  • Contractors can only see jobs they are assigned to. They cannot see other contractors’ details or client financial data.
  • Agents can see jobs within their branch, subject to branch sharing configuration.
  • Staff have the broadest access, subject to their individual role permissions.
These boundaries are enforced at every API endpoint, not just in the user interface. A user cannot access another party’s data by navigating directly to a URL or making a direct API call.

GDPR right-of-access export

Under UK GDPR, a tenant has the right to receive a copy of all personal data you hold about them. PropOps makes this straightforward. When a tenant makes a subject access request:
  1. Open the tenant’s record in PropOps.
  2. Select Export GDPR Report from the tenant actions.
  3. PropOps generates a complete, portable report containing all personal data held for that tenant — including their contact details, linked job information, and any other data associated with their record.
  4. Download the report and provide it to the tenant.
The export is produced in a structured, readable format that can be shared directly with the tenant or reviewed by your data protection officer before sending.
You must respond to a valid subject access request within one calendar month under UK GDPR. PropOps provides the data; your organisation is responsible for reviewing it, redacting any third-party personal data where appropriate, and delivering it to the requestor within the legal timeframe.

Data retention

PropOps includes configurable data retention periods. Personal data for tenants and landlords is automatically purged after the retention period expires, in line with your organisation’s data minimisation obligations under UK GDPR. Your administrator configures retention periods under Settings → Data Retention. All data-access and modification events are logged to the activity log, providing the evidence trail required for ICO breach notifications and compliance audits.