neporti
Features Compliance For tenants Pricing Contact
Log in Start free
Legal

Privacy Policy

Last updated: 1 June 2026  ·  neporti app  ·  ICO registration ZB893421

Short version: we collect only what we need to run Neporti. We don't sell your data, share it with advertisers, or do anything with it beyond keeping the service working. This page explains exactly what we collect, why, and what rights you have.

1. Who we are

neporti app is the company responsible for your data (the "data controller" in GDPR-speak). We're registered with the UK Information Commissioner's Office under number ZB893421. neporti app is a wholly owned subsidiary of DoorES Ltd.

Got a question about this policy or how we handle your data? Email privacy@neporti.co.uk - a real person will reply.

2. What data we collect

Account data

When you sign up, we ask for your name and email address. Your password is hashed using bcrypt before it's stored - we never see it in plain text, and neither does anyone else.

Property and portfolio data

Neporti exists to store your property information, so naturally we store what you put in:

  • Property addresses and descriptions
  • Financial figures: rent, mortgage, purchase price, current value, cash invested
  • Compliance certificate types and expiry dates
  • Inspection records and notes
  • Waste collection schedules
  • Issues reported by tenants via your property's report link

This data is yours. We hold it to run the service - nothing else.

Billing data

Payments go through Stripe. We store your billing name, address and VAT number for invoicing purposes, but your card details never reach us - they go straight to Stripe. You can read Stripe's own privacy policy at stripe.com/gb/privacy.

Usage and technical data

We keep standard web server logs - IP address, browser type, pages visited, timestamps - for security and debugging. We delete them after 30 days.

Emails

We send transactional emails: account verification, compliance reminders, issue notifications, waste collection alerts. We won't send you marketing emails unless you explicitly opt in.

3. Legal basis for processing

DataLegal basis
Account data (name, email, password)Contract - we need it to create your account and run the service
Property and portfolio dataContract - this is the core of what Neporti does
Billing name and addressLegal obligation - required for VAT-compliant invoicing
Server logsLegitimate interests - keeping the service secure and investigating problems
Transactional emailsContract - reminders and notifications are part of the service
Marketing emails (if opted in)Consent - you can withdraw this at any time

4. How long we keep your data

  • Account and property data - kept while your account is active, plus 30 days after you delete it (in case you change your mind).
  • Billing records and invoices - 7 years, as required by UK tax law.
  • Server logs - 30 days, then deleted.
  • Deleted accounts - all personal data is permanently removed after the 30-day recovery window.

5. Who we share data with

We don't sell or rent your data. Full stop. We share it only with the companies that help us run the service:

WhoWhat forWhere
StripeTaking payments and managing subscriptionsUK / EU / US (Standard Contractual Clauses)
Email providerDelivering verification and reminder emailsEU
Hosting providerRunning the servers - all data stays in UK data centresUnited Kingdom

If a court orders us to hand over data, we'll comply - but we'll tell you if we're legally allowed to.

6. Tenant report data

When a tenant submits a report via your property's unique link, we collect what they write - description, category, severity, and any photos they attach. Only you can see it. Tenants don't create accounts, and we don't collect their contact details unless they choose to include them in the report.

7. Your rights under UK GDPR

You have real, exercisable rights here - not just words in a policy:

  • Access - ask for a copy of everything we hold about you.
  • Rectification - ask us to fix anything that's wrong.
  • Erasure - ask us to delete your account and data.
  • Restriction - ask us to pause processing in certain circumstances.
  • Portability - get your data in a structured, machine-readable format.
  • Object - push back on processing based on legitimate interests.
  • Withdraw consent - if we're relying on consent, you can pull it at any time.

To use any of these rights, email privacy@neporti.co.uk. We'll respond within 30 days. If you're not happy with our response, you can complain to the ICO at ico.org.uk.

8. Cookies

We use exactly three types of cookie - all strictly necessary:

  • Session cookie - keeps you logged in while your browser is open.
  • Remember me cookie - optional, lasts 7 days if you tick "remember me" at login.
  • CSRF token - a security token that protects forms from being submitted by other websites.

No analytics cookies. No ad tracking. No third-party scripts watching you browse.

9. Security

Everything travels over HTTPS. Passwords are hashed with bcrypt. All data lives on UK-based servers. We run regular dependency audits to catch known vulnerabilities before they cause problems.

If there's ever a breach that puts your data at risk, we'll notify you and the ICO within 72 hours - as the law requires, and because it's the right thing to do.

10. Changes to this policy

If we make any significant changes, we'll email you at least 14 days before they kick in. The latest version is always at this URL, and the "last updated" date at the top tells you when it was last changed.

11. Get in touch

For anything privacy-related:

  • Email: privacy@neporti.co.uk
  • Post: neporti app, Bristol, United Kingdom
© 2026 neporti · ICO registered (ZC172855) · Foundations by ouvlo.com
Privacy Terms Security Contact Home