Privacy Policy
Last updated: 1 January 2026
VawltAI Privacy Policy
1. Introduction
VawltAI ("we", "us", "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our property management platform. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
VawltAI Ltd is the data controller for personal data processed through the Platform. For property data entered by organisations, the organisation is the data controller and VawltAI acts as a data processor.
3. Data We Collect
Account data: Name, email address, phone number, organisation name, role.
Property data: Property addresses, unit details, lease terms, tenant information, financial records.
Usage data: Login timestamps, feature usage, browser type, IP address.
Payment data: Processed securely via Stripe; we do not store full card details.
4. How We Use Your Data
We use your data to: provide and maintain the Platform; process transactions and send invoices; send service notifications; improve our services through analytics; comply with legal obligations; and protect against fraud and abuse.
5. Legal Basis for Processing
We process data under the following lawful bases: contract performance (delivering the service you subscribed to); legitimate interests (improving our service, preventing fraud); legal obligation (tax, regulatory requirements); and consent (marketing communications, where applicable).
6. Data Sharing
We share data only with: cloud infrastructure providers (hosting); payment processors (Stripe); email service providers (transactional emails); and as required by law. We do not sell personal data. All third-party processors are bound by data processing agreements compliant with UK GDPR.
7. Data Retention
Account data is retained for the duration of your subscription plus 12 months. Financial records are retained for 7 years as required by HMRC. Audit logs are retained for 6 years. You may request earlier deletion of non-mandatory data.
8. Your Rights
Under UK GDPR, you have the right to: access your personal data; rectify inaccurate data; erase your data (right to be forgotten); restrict processing; data portability; object to processing; and not be subject to automated decision-making. To exercise these rights, contact privacy@vawltai.com.
9. Data Security
We implement appropriate technical and organisational measures including: encryption in transit (TLS 1.3) and at rest (AES-256); role-based access controls; regular security audits; multi-factor authentication; and automated vulnerability scanning.
10. Contact & Complaints
For privacy enquiries, contact our Data Protection Officer at privacy@vawltai.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.