Short version: we collect only what we need to run Neporti. We don't sell your data, share it with advertisers, or do anything with it beyond keeping the service working. This page explains exactly what we collect, why, and what rights you have.
neporti app is the company responsible for your data (the "data controller" in GDPR-speak). We're registered with the UK Information Commissioner's Office under number ZB893421. neporti app is a wholly owned subsidiary of DoorES Ltd.
Got a question about this policy or how we handle your data? Email privacy@neporti.co.uk - a real person will reply.
When you sign up, we ask for your name and email address. Your password is hashed using bcrypt before it's stored - we never see it in plain text, and neither does anyone else.
Neporti exists to store your property information, so naturally we store what you put in:
This data is yours. We hold it to run the service - nothing else.
Payments go through Stripe. We store your billing name, address and VAT number for invoicing purposes, but your card details never reach us - they go straight to Stripe. You can read Stripe's own privacy policy at stripe.com/gb/privacy.
We keep standard web server logs - IP address, browser type, pages visited, timestamps - for security and debugging. We delete them after 30 days.
We send transactional emails: account verification, compliance reminders, issue notifications, waste collection alerts. We won't send you marketing emails unless you explicitly opt in.
| Data | Legal basis |
|---|---|
| Account data (name, email, password) | Contract - we need it to create your account and run the service |
| Property and portfolio data | Contract - this is the core of what Neporti does |
| Billing name and address | Legal obligation - required for VAT-compliant invoicing |
| Server logs | Legitimate interests - keeping the service secure and investigating problems |
| Transactional emails | Contract - reminders and notifications are part of the service |
| Marketing emails (if opted in) | Consent - you can withdraw this at any time |
We don't sell or rent your data. Full stop. We share it only with the companies that help us run the service:
| Who | What for | Where |
|---|---|---|
| Stripe | Taking payments and managing subscriptions | UK / EU / US (Standard Contractual Clauses) |
| Email provider | Delivering verification and reminder emails | EU |
| Hosting provider | Running the servers - all data stays in UK data centres | United Kingdom |
If a court orders us to hand over data, we'll comply - but we'll tell you if we're legally allowed to.
When a tenant submits a report via your property's unique link, we collect what they write - description, category, severity, and any photos they attach. Only you can see it. Tenants don't create accounts, and we don't collect their contact details unless they choose to include them in the report.
You have real, exercisable rights here - not just words in a policy:
To use any of these rights, email privacy@neporti.co.uk. We'll respond within 30 days. If you're not happy with our response, you can complain to the ICO at ico.org.uk.
We use exactly three types of cookie - all strictly necessary:
No analytics cookies. No ad tracking. No third-party scripts watching you browse.
Everything travels over HTTPS. Passwords are hashed with bcrypt. All data lives on UK-based servers. We run regular dependency audits to catch known vulnerabilities before they cause problems.
If there's ever a breach that puts your data at risk, we'll notify you and the ICO within 72 hours - as the law requires, and because it's the right thing to do.
If we make any significant changes, we'll email you at least 14 days before they kick in. The latest version is always at this URL, and the "last updated" date at the top tells you when it was last changed.
For anything privacy-related: