Privacy Policy

Last updated: April 2026  ·  Effective immediately  ·  operateproperty.com

This Privacy Policy explains how OperateProperty (“we”, “us” or “our”) collects, uses, stores and protects your personal data when you visit our website at https://www.operateproperty.com or use the OperateProperty platform, including the Admin CRM, Tenant Portal and Owner Portal (collectively, the “Service”). By using the Service, you agree to the practices described in this policy.

1. Who we are

Our website address is https://www.operateproperty.com. OperateProperty is a multi-tenant SaaS property management platform serving property managers, tenants and property owners worldwide. We are the data processor for platform operational data and the data controller for data collected through our marketing website.

For privacy-related enquiries, contact us at [email protected].

2. What data we collect

Account and registration data

When you register for the Service, we collect your first name, last name, email address, company name and your chosen workspace subdomain. This information is used to provision your account, communicate with you about the Service and send billing-related correspondence.

Platform data

As you use the Service, data is created and stored within your workspace including property records, unit details, tenant profiles, lease agreements, invoices, maintenance tickets, legal case records, documents and transaction history. You are the data controller for this operational data. We process it solely on your behalf to provide the Service.

Tenant and owner personal data

Property managers using the platform may store personal data about tenants and property owners, including names, contact details, national ID numbers, employment information and financial records. If you are a property manager, you are the data controller for this data. You are responsible for ensuring you have a lawful basis for storing and processing it, and for complying with applicable data protection laws in your jurisdiction.

Usage and technical data

We automatically collect technical data when you access the Service, including your IP address, browser type and version, device type, operating system, pages visited, time and date of access, and referring URLs. This data is used to maintain platform security, diagnose technical issues and improve the Service.

Payment data

Payments are processed by Stripe. We do not store your full card number, CVV or other sensitive payment credentials. We retain only the information Stripe provides us after a transaction, such as the last four digits of your card, card type and payment status.

Communications data

If you contact our support team, we retain a record of that correspondence including your name, email address and the content of your messages. This is used to resolve your enquiry and improve our support quality.

3. Cookies

We use cookies and similar technologies to operate the Service, maintain your session and remember your preferences.

Essential cookies

These cookies are required for the Service to function and cannot be disabled. They include session authentication cookies that identify you as logged in, and security tokens that protect against cross-site request forgery.

  • Login session cookies persist for two days by default, or two weeks if you select “Remember Me”.
  • When you log out, login cookies are removed immediately.
  • A temporary cookie is set when you visit the login page to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

Preference cookies

These cookies remember your display settings and interface preferences. Screen option cookies last for one year.

Analytics cookies

We may use analytics tools to understand how the Service is used in aggregate. Where we do, data is anonymised and used only to improve the platform. You can opt out of analytics cookies through your browser settings or a cookie preference centre where available.

Managing cookies

You can control and delete cookies through your browser settings. Note that disabling essential cookies will prevent you from logging in and using the Service.

4. Media and file uploads

When you upload documents, images or other files to the Service, those files are stored securely in your workspace. You should avoid uploading images that contain embedded location data (EXIF GPS metadata), as this data travels with the file. We recommend stripping location metadata from images before uploading.

Files you upload are accessible only within your workspace and are not shared with other customers or made publicly accessible unless you explicitly configure them to be.

5. Embedded content from other websites

Pages on our marketing website may include embedded content such as videos, images or articles from third-party websites. Embedded content behaves as if you had visited that third-party website directly. Those websites may collect data about you, use cookies, embed additional tracking, and monitor your interaction with their content, particularly if you are logged in to an account on their platform.

6. How we use your data

We use the data we collect for the following purposes:

  • Providing the Service — provisioning your workspace, processing transactions, generating invoices and maintaining platform functionality.
  • Account management — managing your subscription, billing, plan limits and account settings.
  • Security and fraud prevention — detecting and preventing unauthorised access, abuse of the free tier, duplicate account creation and other violations of our Terms and Conditions.
  • Customer support — responding to support requests and resolving technical issues.
  • Platform improvement — analysing usage patterns in aggregate to improve features and performance.
  • Legal compliance — retaining records as required by applicable law and responding to lawful requests from authorities.
  • Communications — sending service notifications, billing alerts, platform updates and, where you have opted in, product news.

7. Who we share your data with

We do not sell your personal data. We share data only with the following categories of third parties where necessary to operate the Service:

  • Microsoft Azure — our cloud infrastructure and hosting provider. Your workspace database and files are stored on Azure Kubernetes Service.
  • Stripe — our payment processing provider. Stripe handles all card transactions and is PCI-DSS compliant.
  • Mailgun — our email delivery provider, used to send transactional emails including invoices, notifications and account alerts.
  • Gravatar (Automattic) — if you leave a comment on our marketing website, an anonymised hash of your email address may be sent to Gravatar to retrieve your profile picture. Gravatar’s privacy policy is available at https://automattic.com/privacy/.

Each provider operates under a data processing agreement and is contractually prohibited from using your data for their own purposes. We may also disclose your data where required by law, court order or to protect the rights, property or safety of OperateProperty, our users or the public.

If you request a password reset, your IP address will be included in the reset email for security purposes.

8. Data storage and international transfers

The Service is hosted on Microsoft Azure Kubernetes Service. Your data may be processed in data centres located outside your country of residence. By using the Service, you consent to this international transfer and processing. We take steps to ensure that any international transfer of personal data is subject to appropriate safeguards.

9. How long we retain your data

  • Active account data — retained for the full duration of your subscription.
  • Post-cancellation — your workspace data is retained for 30 days after account cancellation, during which you may export it. After 30 days it is permanently deleted.
  • Billing records — retained for up to 7 years as required for financial and tax compliance.
  • Support correspondence — retained for up to 3 years.
  • Security and abuse logs — retained for up to 2 years for fraud prevention and platform security purposes.
  • Inactive free tier accounts — accounts with no activity for 90 consecutive days may be deactivated. We will notify you by email before any deletion occurs.

10. Your rights over your data

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data, subject to legal retention obligations.
  • Right to data portability — request an export of your data in a machine-readable format.
  • Right to object — object to processing of your data for marketing purposes.
  • Right to restrict processing — request that we limit how we use your data in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request. Note that we may be unable to delete data we are legally required to retain.

11. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These measures include:

  • Encrypted data transmission over HTTPS/TLS.
  • Per-customer database isolation — each workspace has its own isolated database so no customer can access another’s data.
  • Role-based access controls limiting which staff can access customer data.
  • Regular security reviews and vulnerability assessments.
  • Secure credential storage using industry-standard hashing.

Despite these measures, no system is completely secure. If you discover a security vulnerability, please report it responsibly to [email protected] before public disclosure.

12. Children’s privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us at [email protected] and we will delete it promptly.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. We will notify you of material changes by email or by displaying a notice within the platform. The updated policy will take effect on the date stated at the top of this page. Continued use of the Service after that date constitutes acceptance of the updated policy.

14. Contact us

If you have any questions, concerns or requests relating to this Privacy Policy or how we handle your personal data, please contact us: