Legal

GDPR & data protection

Last updated: 3 July 2026

Draft for review. This describes our intended data-protection posture and sub-processors. Confirm details (entities, locations, DPA) with qualified counsel before relying on it.

Controller & processor

For the personal data your team enters about tenants, owners, and vendors, you are the controller and PropertyNow is your processor. For your own account data and this website, PropertyNow is the controller. A Data Processing Agreement is available to customers on request.

Your rights

Individuals in the EEA/UK (and comparable regimes) can request access, correction, deletion, restriction, portability, and object to certain processing. Email privacy@propertynow.app; if the data belongs to a customer's workspace, we route the request to that customer.

Data protection built in

  • Per-company isolation enforced by Postgres row-level security, verified by a cross-tenant test suite.
  • Role-scoped access (seven staff roles with building-level scope) and an append-only audit log.
  • Encryption in transit; secrets stored hashed or in an encrypted vault.
  • Data export and deletion on request.

Sub-processors

We use a small set of vetted providers to run the Service. This list may change with notice:

Sub-processorPurpose
SupabaseManaged Postgres database, auth, and file storage
VercelWebsite & application hosting / edge delivery
ResendTransactional & notification email
AnthropicAI features (task processing only; not used to train third-party models)
PaddleSubscription billing & payments

International transfers

Where data is processed outside your region, we use appropriate safeguards such as standard contractual clauses.

Contact

Data protection enquiries: privacy@propertynow.app.