Privacy Policy
Last updated: 28 March 2026
This Privacy Policy explains how BTLX ("we", "us") collects, uses, stores, and shares information when you use our web application (the "Service"). The Service is currently in private alpha/pilot.
1. Who this applies to
This policy applies to invited testers and anyone who accesses the Service using an account. If you are a tenant or contractor using features provided by a property manager/landlord, we may process information associated with your tenancy or work assignments.
2. Information we collect
Account and profile
- Email address and authentication identifiers
- Name and role/persona (e.g. landlord, tenant, contractor, broker, lender)
- Organisation membership and access permissions
Property and portfolio data
- Property addresses, postcode, and associated unit records
- Operational data you create (e.g. tenancies, maintenance requests, applications, complaints)
- Property-level information you submit or confirm
Finance and switching data
- Mortgage-related details you provide for matching and workflow completion
- Switching/workflow state and events associated with a property
Compliance documents
- Files you upload (e.g. PDF or image certificates), associated metadata, and consent/verification records
- Audit and timeline events related to uploads and verification actions
Usage and technical data
- Basic request logs and security telemetry needed to operate and protect the Service
3. How we use information
- To provide the Service — create accounts, enable role-based access, and display portfolio information.
- To run compliance workflows — store documents on your behalf, track expiry/reminders, and show compliance status.
- To run switching workflows — associate workflow records with the correct property/account.
- To improve the product — diagnose bugs, verify pilot feedback, and improve user experience.
- Security and fraud prevention — protect accounts and prevent unauthorised access.
4. Legal bases (UK/EU)
We process personal data when necessary to provide the Service (contract/legitimate interests) and when you provide consent for specific actions such as uploading and storing documents on your behalf. Where applicable, we may also process data to comply with legal obligations.
5. How we store and protect information
We use layered security controls designed to keep data private and prevent unauthorised access:
- Access control — data access is restricted by account, organisation membership, and property permissions.
- Encryption — compliance documents are stored in an encrypted form at rest.
- Auditability — document uploads and verification actions are recorded to support accountability.
No method of transmission or storage is 100% secure. You should use strong passwords and keep account credentials confidential.
6. Sharing and disclosure
We do not sell your personal data. We may share information:
- Within your organisation — with other authorised members who have access to the same properties/records.
- With service providers — vendors that help us host, operate, and secure the Service (acting as processors).
- For legal reasons — if required by law or to protect rights, safety, and security.
7. Data retention
We retain information for as long as needed to provide the Service, comply with obligations, and resolve disputes. In pilot mode, data may be deleted, reset, or migrated as we iterate. You should keep your own copies of critical documents.
8. Your rights
Depending on your location, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To request help with a privacy issue during the pilot, contact the team managing your invite.
9. Children
The Service is not intended for children and we do not knowingly collect data from children.
10. Changes
We may update this policy as the Service evolves. We will update the "Last updated" date when changes are posted.