Rent Logger
Founder
Founding Members Wanted — Limited Spots Available

Help shape the future of property management. Get a lifetime 25% discount, direct access to our dev team, your own Founding Member badge, and a real voice in what we build next.

Privacy Policy

Last updated: 14 March 2026

1. Introduction

Rent Logger ("we", "our", "us") is a property management platform that helps landlords manage their rental portfolios. We are committed to protecting the privacy and security of the personal data we process.

This privacy policy explains how we collect, use, store, share, and protect personal data in connection with our platform at rentlogger.co.uk (the "Platform"), in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

This policy applies to all users of our Platform, including landlords (managers), their staff, tenants, guarantors, contractors, and visitors to our marketing website.

2. Data Controller

Rent Logger acts as a data processor on behalf of landlords (who are the data controllers) for tenant, guarantor, and contractor data managed within their portfolios. Rent Logger acts as a data controller for:

  • Account and registration data for landlords, managers, and staff
  • Data collected through our marketing website (e.g. contact form submissions)
  • Usage data, cookies, and technical data collected from all users

If you have questions about how your data is processed, contact us at: hello@rentlogger.co.uk

3. Personal Data We Collect

3.1 Landlord and Manager Accounts

When a landlord registers and sets up their portfolio, we collect:

  • Username, first name, last name, email address, and mobile phone number
  • Postal address (line 1, city, county, postcode, country)
  • Company details (company name, registration number, VAT number, registered office address) where applicable
  • Trading name, trading email, trading phone
  • Partner names (for partnerships) or sole trader trading name
  • Company logo and email footer branding
  • Profile image
  • Password (stored securely using scrypt hashing)
  • Two-factor authentication secrets and backup codes (encrypted)

3.2 Staff Accounts

When a manager invites staff members, we collect:

  • Username, first name, last name, email address, and mobile phone number
  • Postal address
  • Profile image
  • Authentication credentials (as above)

3.3 Tenant Data

Landlords may store the following data about their tenants within the Platform:

  • Identity: Full name, salutation, date of birth, identification photographs
  • Contact: Email address, phone number, mobile number, additional email contacts
  • Address: Current address, address duration, billing address, forwarding address (on tenancy end)
  • Employment: Employment status, employer name, job title, employer address and phone
  • Emergency contacts: Name, relationship, address, phone number, email
  • Financial history (applications): Annual income, adverse credit history, debt repayment plans, prior tenancy terminations for arrears, credit refusal history
  • Lifestyle: Pet ownership details, smoking status
  • Right to Rent: Document type, reference number, expiry date, document uploads
  • Communication preferences: Email and SMS/WhatsApp notification consent
  • Privacy policy acknowledgements: Acceptance records including IP address, timestamp, and version

3.4 Guarantor Data

Where a tenancy requires a guarantor, the following data may be stored:

  • Full name, date of birth, relationship to tenant
  • Email, phone number, postal address
  • Homeowner status
  • Referencing provider and agreement status

3.5 Contractor Data

Landlords may store the following about their contractors:

  • Full name or company name, email, mobile and office phone numbers, business address
  • Contractor type and specialisation
  • Professional accreditation (type, reference number, expiry date)
  • Insurance details (provider, policy number, expiry date, liability coverage)
  • Portal access status and session data

3.6 Property and Tenancy Data

We store data about properties and tenancies including:

  • Property addresses, descriptions, room details, and photographs
  • Energy Performance Certificate (EPC) data (sourced from public registers)
  • Certificates (gas safety, electrical, etc.) with expiry dates and documents
  • Tenancy agreements, rent amounts, rent change history
  • Invoices and payment records
  • Maintenance requests, comments, and file attachments
  • Furniture inventory, key management, and inspection records

3.7 Technical and Usage Data

When you use the Platform, we automatically collect:

  • Login activity: Timestamps, IP addresses, device information (user agent), and approximate geographic location (derived from IP address)
  • Session data: Session identifiers stored in secure cookies
  • API request logs: HTTP method, request path, response status, and duration
  • Contractor portal activity: Actions performed, IP addresses, and user agents

3.8 Contact Form and Marketing Data

When you use our contact form or interact with our marketing website, we collect:

  • Name, email address, phone number (optional)
  • Subject of enquiry, number of properties, message content

4. How We Use Personal Data

We process personal data for the following purposes and under the following lawful bases:

PurposeLawful Basis
Providing and operating the PlatformPerformance of contract
User account management and authenticationPerformance of contract
Processing tenant data on behalf of landlordsLegitimate interests of the landlord (data controller)
Sending system notifications (rent reminders, certificate alerts, invoice summaries)Legitimate interests / Performance of contract
Sending tenant communications (email, SMS, WhatsApp) on behalf of landlordsConsent (managed by landlord) / Legitimate interests
Security monitoring (login activity, IP logging, fraud prevention)Legitimate interests
Compliance with legal obligations (Right to Rent checks, certificate records)Legal obligation
Responding to contact form enquiriesConsent / Legitimate interests
Email audit loggingLegitimate interests (accountability, deliverability)
Integration with third-party accounting software (Xero)Performance of contract / Consent

5. Third-Party Data Sharing

We share personal data with the following categories of third parties, only as necessary to provide our services:

5.1 Service Providers

  • Neon (Database Hosting): All Platform data is stored in a PostgreSQL database hosted by Neon. Data is encrypted in transit and at rest.
  • Google Cloud Platform: Used for object storage (property images, documents, attachments) and static map generation.
  • SMTP Email Provider: Outbound emails (notifications, reminders, bulk communications) are sent via an SMTP service configured by the landlord.

5.2 Communication Platforms

  • Meta (WhatsApp Business API): Where landlords enable WhatsApp messaging, tenant mobile numbers and message content are transmitted to Meta's servers for delivery.
  • Twilio (SMS): Where landlords enable SMS notifications, tenant mobile numbers and message content are sent via Twilio.

5.3 Accounting Integration

  • Xero: Where landlords connect their Xero account, tenant names, email addresses, property details, and invoice data are synchronised with Xero for accounting purposes. This integration is initiated and authorised by the landlord.

5.4 Public Data Sources

  • EPC Register: We query the public Energy Performance Certificate register using property addresses to retrieve certificate data.
  • IP Geolocation (ip-api.com): We use this service to determine approximate login locations from IP addresses for security monitoring.

We do not sell personal data to any third party. We do not use personal data for automated decision-making or profiling.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Active accounts: Data is retained for the duration of the account relationship plus any legal retention period.
  • Tenant data: Retained by the landlord (data controller) according to their own retention policies. Landlords can manage data retention settings within the Platform.
  • Login activity and security logs: Retained for up to 12 months.
  • Email and SMS audit logs: Retained for the duration of the landlord's account for compliance and deliverability purposes.
  • Contact form submissions: Retained for up to 24 months or until the enquiry is resolved.
  • Session data: Automatically expired and cleaned up daily.

Landlords may delete tenant records, property data, and other portfolio data through the Platform at any time, subject to any legal retention requirements.

7. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
  • Password security: Passwords are hashed using the scrypt algorithm. We check passwords against the Have I Been Pwned breach database to prevent the use of compromised passwords.
  • Two-factor authentication (2FA): TOTP-based 2FA is available for all user accounts, with encrypted secret storage and hashed backup codes.
  • Session security: HTTP-only, secure cookies with SameSite protections. Session data is stored server-side in the database.
  • CSRF protection: All state-changing API requests are protected against cross-site request forgery.
  • Rate limiting: Public-facing endpoints are rate-limited to prevent abuse.
  • Role-based access control: Data is scoped per manager, ensuring staff can only access data within their authorised portfolio.
  • Trusted device management: Users can view and revoke trusted devices used for 2FA.
  • IP-based security monitoring: Login activity is logged with IP addresses and device information to detect suspicious activity.

8. Cookies and Similar Technologies

Our Platform uses cookies for the following purposes:

8.1 Strictly Necessary Cookies

These cookies are essential for the Platform to function and cannot be disabled:

CookiePurposeDuration
__Host-sessionMaintains your authenticated session24 hours (renewed on activity)
__Host-device.tokenIdentifies trusted devices for two-factor authentication30 days
CSRF cookieProtects against cross-site request forgery attacksSession
cookie_consentStores your cookie preference choice12 months

8.2 Functional Cookies

These cookies enhance your experience:

Cookie / StoragePurpose
Local storage (theme preference)Remembers your light/dark mode preference
Local storage (display preferences)Remembers table layout and filter settings

We do not use any analytics, advertising, or tracking cookies. We do not use Google Analytics or any similar third-party tracking services.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data.
  • Right to erasure: You can ask us to delete your personal data in certain circumstances.
  • Right to restrict processing: You can ask us to limit how we use your data.
  • Right to data portability: You can request your data in a structured, commonly used format.
  • Right to object: You can object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

For tenants, guarantors, and contractors: Your data is managed by your landlord, who is the data controller. To exercise your rights, you should contact your landlord directly in the first instance. You may also contact us if you need assistance.

For landlords and staff: You can manage much of your data directly through the Platform (account settings, profile management). For data access or deletion requests, contact us at hello@rentlogger.co.uk.

10. International Data Transfers

Our primary infrastructure is hosted within the European Economic Area. Where data is transferred outside the UK or EEA (for example, through third-party service providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in compliance with UK GDPR.

11. Children's Data

Our Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete it.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify registered users of material changes via email or through the Platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We encourage you to contact us first so we can try to resolve your concern directly.

14. Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us: