GDPR & data protection
Last updated: 3 July 2026
Draft for review. This describes our intended data-protection posture and sub-processors. Confirm details (entities, locations, DPA) with qualified counsel before relying on it.
Controller & processor
For the personal data your team enters about tenants, owners, and vendors, you are the controller and PropertyNow is your processor. For your own account data and this website, PropertyNow is the controller. A Data Processing Agreement is available to customers on request.
Your rights
Individuals in the EEA/UK (and comparable regimes) can request access, correction, deletion, restriction, portability, and object to certain processing. Email privacy@propertynow.app; if the data belongs to a customer's workspace, we route the request to that customer.
Data protection built in
- Per-company isolation enforced by Postgres row-level security, verified by a cross-tenant test suite.
- Role-scoped access (seven staff roles with building-level scope) and an append-only audit log.
- Encryption in transit; secrets stored hashed or in an encrypted vault.
- Data export and deletion on request.
Sub-processors
We use a small set of vetted providers to run the Service. This list may change with notice:
| Sub-processor | Purpose |
|---|---|
| Supabase | Managed Postgres database, auth, and file storage |
| Vercel | Website & application hosting / edge delivery |
| Resend | Transactional & notification email |
| Anthropic | AI features (task processing only; not used to train third-party models) |
| Paddle | Subscription billing & payments |
International transfers
Where data is processed outside your region, we use appropriate safeguards such as standard contractual clauses.
Contact
Data protection enquiries: privacy@propertynow.app.