Privacy Policy

Management Hub ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our property management platform at managementhub.ai.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Data Controller: Management Hub Ltd Contact Email: privacy@managementhub.ai Last Updated: December 2025

We collect and process the following categories of personal data:

Account Information: • Full name and contact details • Email address (personal and your @managementhub.ai address) • Password (encrypted and hashed) • Billing information and payment details

Property Management Data: • Property addresses and details • Tenant information (names, contact details, tenancy dates) • Rental payment records and financial transactions • Documents you upload (tenancy agreements, certificates, correspondence) • Calendar events and reminders

Technical Data: • IP address and device information • Browser type and version • Usage data and interaction logs • Cookies and similar technologies (see our Cookie Policy)

Communications: • Emails sent and received through your @managementhub.ai address • Support tickets and correspondence with our team

We process your personal data based on the following legal grounds under UK GDPR:

Contractual Necessity (Article 6(1)(b)): Processing necessary to provide our property management services, including account management, email services, and document storage.

Legitimate Interests (Article 6(1)(f)): • Improving and developing our services • Fraud prevention and security • Analytics and service optimisation • Marketing communications (where you have not opted out)

Legal Obligation (Article 6(1)(c)): • Compliance with tax and financial regulations • Responding to lawful requests from authorities • Maintaining records required by law

Consent (Article 6(1)(a)): • Marketing emails and newsletters • Optional analytics and tracking • Third-party integrations you enable

Your personal data is used for the following purposes:

Service Delivery: • Providing access to your property management dashboard • Processing and displaying your property and tenant information • Sending and receiving emails on your behalf • Storing and managing your documents securely • Generating reports and analytics for your portfolio

Account Management: • Processing subscription payments • Sending service-related notifications • Providing customer support • Account security and verification

Service Improvement: • Analysing usage patterns to improve features • Developing new functionality • Bug fixes and performance optimisation

Communications: • Service updates and announcements • Marketing communications (with consent) • AI-powered daily summaries and insights

We may share your personal data with the following categories of recipients:

Service Providers: • Payment Processing: Stripe (PCI-DSS compliant) for subscription payments • Email Infrastructure: Mailgun for email sending and receiving • Cloud Hosting: Vercel and Neon Database (ISO 27001 certified) • AI Services: OpenAI for generating summaries (anonymised data only)

Legal Requirements: We may disclose your data when required by law, court order, or to protect our legal rights.

Business Transfers: In the event of a merger, acquisition, or sale, your data may be transferred to the new entity with prior notice.

No Sale of Data: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

All our third-party providers are contractually bound to protect your data and process it only as instructed.

We retain your personal data for the following periods:

Active Accounts: • Account and profile data: Duration of your subscription plus 30 days • Property and tenant data: Duration of your subscription plus 30 days • Email communications: 7 years (for legal compliance) • Financial records: 7 years (as required by HMRC)

After Account Deletion: • Anonymised analytics data may be retained indefinitely • Backup data is purged within 90 days • Legal hold data retained as required by law

Inactive Accounts: Accounts inactive for 24 months may be archived and eventually deleted after notice.

You have the following rights regarding your personal data:

Right of Access (Article 15): Request a copy of all personal data we hold about you.

Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.

Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing (Article 18): Request limitation of how we use your data.

Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format.

Right to Object (Article 21): Object to processing based on legitimate interests or for marketing.

Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at privacy@managementhub.ai or use the data export/deletion features in your account settings.

We implement robust security measures to protect your data:

Technical Measures: • AES-256 encryption for data at rest • TLS 1.3 encryption for data in transit • Secure password hashing using bcrypt • Regular security audits and penetration testing • Automated vulnerability scanning

Organisational Measures: • Staff training on data protection • Access controls and authentication • Incident response procedures • Regular backups with encryption

Infrastructure: • SOC 2 Type II certified hosting providers • ISO 27001 certified database infrastructure • GDPR-compliant data centres within the UK/EEA

Your data is primarily stored and processed within the United Kingdom and European Economic Area (EEA).

Where we transfer data outside the UK/EEA (for example, to US-based service providers), we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the ICO • UK International Data Transfer Agreement (IDTA) • Adequacy decisions where applicable

You can request information about specific safeguards by contacting privacy@managementhub.ai.

We use cookies and similar technologies for:

Essential Cookies: • Authentication and session management • Security features • User preferences

Analytics Cookies (with consent): • Understanding how you use our service • Improving user experience

Marketing Cookies (with consent): • Personalised advertising • Conversion tracking

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling essential cookies may affect service functionality.

Management Hub is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children under 18.

If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly. If you believe we may have collected data from a child, please contact privacy@managementhub.ai.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features.

Notification of Changes: • Material changes will be communicated via email • The "Last Updated" date will be revised • Previous versions are available upon request

We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Data Protection Officer: Email: privacy@managementhub.ai

General Enquiries: Email: support@managementhub.ai

Postal Address: Management Hub Ltd United Kingdom

Response Time: We aim to respond to all data protection enquiries within 30 days.

Supervisory Authority: If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): Website: ico.org.uk Telephone: 0303 123 1113