Privacy Policy

1. Introduction

DMS Smart Monitor ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our Service.

Data Controller: DMS Smart Monitor
Contact: privacy@dmsmonitor.uk

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, password
• Profile Information: Company name, role, preferences, profile photo
• Property Data: Property addresses, postcodes, descriptions, photos
• Tenancy Information: Lease details, tenant information, rental agreements
• Payment Information: Processed securely through Stripe (we do not store card details)
• Communications: Support tickets, messages, feedback

2.2 Automatically Collected Information

• Sensor Data: Temperature, humidity, air quality readings from IoT devices
• Usage Data: Pages visited, features used, time spent, click patterns
• Device Information: IP address, browser type, operating system, device ID
• Location Data: Approximate location based on IP address
• Cookies: See our Cookie Policy

2.3 Information from Third Parties

• Payment Processors: Transaction confirmations from Stripe
• Authentication: If you use social login (future feature)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision (Legal Basis: Contract Performance)

• Create and manage your account
• Provide property and compliance monitoring
• Generate alerts and notifications
• Process work orders and maintenance requests
• Provide analytics and reports

3.2 Legal Compliance (Legal Basis: Legal Obligation)

• Comply with Awaab's Law and housing regulations
• Maintain audit logs for compliance
• Respond to legal requests and court orders

3.3 Communication (Legal Basis: Legitimate Interest)

• Send transactional emails (account updates, alerts)
• Provide customer support
• Send service announcements

3.4 Marketing (Legal Basis: Consent)

• Send promotional emails (you can opt-out anytime)
• Provide product updates and newsletters

3.5 Improvement (Legal Basis: Legitimate Interest)

• Analyze usage patterns to improve the Service
• Conduct research and development
• Monitor system performance and security

4. Data Sharing and Disclosure

We do NOT sell your personal data. We share data only in these circumstances:

4.1 With Your Consent

We share information when you explicitly authorize us to do so.

4.2 Service Providers

• Hosting: AWS, DigitalOcean (data storage and processing)
• Payment Processing: Stripe (payment transactions)
• Email Services: SendGrid, AWS SES (transactional emails)
• Analytics: Internal analytics only (no third-party tracking)

4.3 Legal Requirements

We may disclose information when required by law, such as:

• Court orders or subpoenas
• Legal proceedings or investigations
• Protection of our rights or safety

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different Privacy Policy.

5. Data Retention

We retain your data for as long as necessary to provide the Service and comply with legal obligations:

• Account Data: Until account deletion + 30 days (backup retention)
• Sensor Data: 7 years (Awaab's Law compliance requirement)
• Compliance Records: 7 years (regulatory requirement)
• Financial Records: 7 years (HMRC requirement)
• Audit Logs: 2 years (security and compliance)
• Marketing Data: Until you unsubscribe + 30 days

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• Access Control: Role-based access, multi-factor authentication
• Infrastructure: Firewalls, intrusion detection, regular security audits
• Passwords: Hashed with bcrypt (industry best practice)
• Monitoring: 24/7 system monitoring and logging
• Backups: Regular encrypted backups with 30-day retention

Note: While we use reasonable security measures, no system is 100% secure. We cannot guarantee absolute security.

7. Your Rights (GDPR)

Under UK GDPR, you have the following rights:

To exercise your rights, contact us at privacy@dmsmonitor.uk. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, and analytics. For detailed information, see our Cookie Policy.

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your data is processed and stored in the United Kingdom. If data is transferred outside the UK, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through a prominent notice on the Service. Your continued use constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or requests:

Supervisory Authority: If you have concerns about our data practices, you may lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk