All PropOps data is stored on UK-based servers. No personal data is transferred outside the United Kingdom.
What personal data PropOps collects
PropOps follows the principle of data minimisation — only data that is necessary for the property job-management workflow is collected and stored.| Category | Data held |
|---|---|
| User accounts | First name, last name, email address |
| Addresses | Address lines, city, county, postcode, country |
| Job records | Private contact name, phone number, email, and property access instructions |
| Case notes | Content of messages written about a job |
| Tenant records | Tenant name, primary phone number, work phone number, email address |
| Contractor records | Company name, VAT number |
Consent
When users create an account or access the platform, PropOps presents the relevant legal and policy documents (such as the privacy policy and terms of service). Consent is:- Versioned — each document has a version number, and consent is recorded against the specific version the user approved.
- Timestamped — the exact date and time of consent is stored.
- Re-requested automatically — if a document is updated, users are asked to review and approve the new version before they can continue.
Rights of data subjects
Right of access
Any tenant or administrator can request a full export of the personal data PropOps holds for a given tenant. The export is generated in a portable format and covers all records linked to that individual. See Requesting a GDPR data export below for step-by-step instructions.Right to erasure
Administrators can delete a user account from the platform. A full deletion removes all linked records (sessions, personal details, job associations, and certifications). A soft deletion anonymises the account while preserving job history for operational records. Contact your PropOps administrator to initiate a deletion request on behalf of a data subject.Right to be informed
All data access and modification events are written to an audit log, including:- Who accessed or changed the data
- What action was taken (view, create, update, delete)
- When the action occurred
Data retention
PropOps enforces configurable retention periods for personal data. An automated process runs regularly to purge records that have exceeded the configured retention window. By default, activity logs are retained for 12 months. Administrators can adjust retention periods in the system settings to match your organisation’s data retention policy. Expired GDPR report files are also removed automatically from the system.Data minimisation
PropOps only collects data that is directly required to manage property maintenance jobs, including:- Identifying and contacting the right people (tenants, landlords, contractors, agents)
- Tracking job progress, assignments, and case notes
- Meeting financial and regulatory obligations (invoicing, certificates, SLA monitoring)
Data breach readiness
PropOps includes several controls that support your ability to detect, assess, and report a data breach within the 72-hour window required by UK GDPR Article 33.UK GDPR requires you to notify the ICO within 72 hours of becoming aware of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms. PropOps provides the technical evidence trail to support this — your organisation must have an internal procedure in place to act on it.
- File integrity monitoring — an automated hourly check detects unauthorised changes to application files and raises an alert.
- Login anomaly detection — failed login attempts, suspicious IP addresses, and blocked sessions are logged with full detail.
- Session blacklisting — compromised sessions (including those associated with a breached password) are invalidated immediately and logged with a reason.
- Audit logs — all access to personal data is recorded with timestamps and user identity.
Requesting a GDPR data export
Administrators can generate a full personal data export for any tenant. Use this to fulfil a subject access request (SAR) or to provide data portability to a data subject.Open the tenant record
In the admin panel, navigate to Tenants and locate the tenant for whom you need the export.
Open the GDPR tools
Select the tenant to open their record, then find the GDPR / Data Export option within the tenant management panel.
Generate the export
Select Generate data export. PropOps compiles all personal data held for that tenant across all linked records — including their account details, address, job contacts, and case note content.
Download and deliver
Once the export is ready, download the file. Deliver it to the data subject using a secure method appropriate to your organisation’s procedures.
Your organisation’s obligations
PropOps provides the technical infrastructure to support UK GDPR compliance. Your organisation remains responsible for:- Registering with the ICO (the UK data protection fee applies based on your organisation’s size and turnover).
- Designating a Data Protection Officer if required under Article 37 UK GDPR.
- Maintaining written Data Processing Agreements with all data processors you use (including PropOps and any third-party integrations your organisation configures).
- Documenting and rehearsing your internal breach notification procedure.