This policy explains how we handle personal data in connection with Lodgic, our property management platform, and the Lodgic website. Lodgic is operated by Glynn Management Services Ltd (“we”, “us”), a company registered in England and Wales, company number 11177565, registered with the Information Commissioner’s Office under reference ZC108293. Registered office: [registered office address]. You can contact us about privacy at [privacy@lodgic.co.uk].
We act in two different roles depending on the data:
| Purpose | Lawful basis |
|---|---|
| Responding to your enquiry and setting up access | Steps to enter a contract, and our legitimate interests in responding |
| Providing, securing and supporting the platform to our clients | Contract with the client; our legitimate interests in a secure, working service |
| Authentication, fraud prevention and audit logging | Legitimate interests, and legal obligation |
| Processing tenant and property data inside the platform | On the client’s instructions, under our processor agreement |
| Any marketing emails to business contacts | Consent, or legitimate interests with an easy opt out |
Where a client switches it on, an assistant helps triage tenant messages. When it is on, the tenant’s message text, first name, the property address and photographs or short videos of the reported issue may be sent to our AI provider to generate a reply. It is instructed never to send financial figures such as rent, balances or deposits. The assistant is optional: with its key removed, nothing is sent to the AI provider and the platform falls back to fixed, rules-based handling.
Tenants of a client business can contact that business over WhatsApp. Messages, and any photos or videos sent, are delivered through the WhatsApp Business platform and stored in the client’s space in Lodgic as a record of the tenancy. Standard WhatsApp terms apply to the messaging itself.
We do not sell personal data and we do not share it with advertisers. We use a small number of carefully chosen service providers (sub-processors) to run the platform. They act on our instructions under contract:
| Provider | Purpose | Location |
|---|---|---|
| Cloudflare | Hosting, database, file storage, security | UK / EU (configured) |
| Meta Platforms (WhatsApp) | Tenant messaging | EU / US |
| Anthropic | Optional AI assistant | US |
| Resend | Transactional email (codes, notices) | US |
| Maps and property data features | US | |
| Twilio | Optional emergency SMS alerts | US |
We may also disclose data where the law requires it.
Some providers are outside the UK. Where personal data is transferred internationally we rely on appropriate safeguards, such as the UK International Data Transfer Agreement or the UK addendum to the EU Standard Contractual Clauses, together with additional measures where needed.
As a controller, we keep enquiry and account data only as long as needed for the purpose and any legal requirement. As a processor, we keep client data for as long as the client’s agreement requires; the platform applies retention periods such as tenancy records for six years, communications for around two years, and financial records for six years, unless the client sets otherwise. On the end of a client’s agreement we return or delete their data as instructed, except where we must keep it by law.
The platform is encrypted in transit and at rest, access is controlled with two-factor authentication, each client’s data is isolated from every other client, sensitive credentials are encrypted, actions are audit-logged, and the service sits behind denial-of-service protection. No system is ever completely immune, so we keep our measures under review.
You have the right to access your data, to have it corrected or erased, to restrict or object to processing, and to data portability, subject to the usual conditions. Where we rely on consent you can withdraw it at any time. If you are a tenant or supplier of a client business, please contact that business, as they control that data; we will assist them. To exercise a right with us, contact [privacy@lodgic.co.uk].
Our marketing site uses only what is strictly necessary and does not run advertising or analytics tracking. The platform uses local browser storage to keep you signed in. See our Cookie Policy for detail.
Lodgic is a business tool and is not intended for children. We do not knowingly collect data from children.
We may update this policy and will change the date above when we do.
If you have a concern you can contact us first. You also have the right to complain to the Information Commissioner’s Office at ico.org.uk.