Privacy Policy
Effective date: 14 July 2026
This policy is grounded in HireCole’s internal data-protection inventory. Pending review by counsel.
1. Who we are
This site and the HireCole service are operated by HireCole, a company registered in the United Kingdom, registered office 167-169 Great Portland Street, London, England, W1W 5PF.
HireCole provides rent-collection and lease-renewal automation to property management companies. When we process personal data about renters, we act as a processor / first-party agent on behalf of the property manager, who is the controller of that data. We act only on tenants a manager currently manages, in the manager’s name, and never on purchased or third-party debt. Because we are UK-registered and serve US property managers, we handle data in line with UK GDPR and applicable US state privacy and consumer-communication norms.
2. Data we process
On behalf of the property manager, we process:
- Tenant contact details — name, phone number, email, and property/mailing address.
- Account & financial status — rent balances, arrears, and payment history mirrored from the property management system, and payment amounts/dates. We mirror these figures; the property management system remains the source of truth.
- Communications — the content of SMS, email, and (later) voice conversations with tenants, including any payment promises, disputes, or hardship information a tenant chooses to share.
- Payment-plan & notice records — plan terms, e-signature artifacts, and any legal notices generated.
- Property-manager staff details — name, work email, phone, and role, for the people who use the HireCole console.
We do not sell personal data. We do not place personal data in URLs. We collect only what is needed to work rent-collection and renewal accounts.
3. How and why we use it
We use the data solely to provide the service the property manager has engaged us for: detecting late rent, contacting tenants on the manager’s behalf, tracking payment promises and plans, preparing notices where appropriate, and reporting outcomes to the manager. Our decision engine determines amounts, dates, and actions; our AI layer only drafts and interprets language — it never originates amounts, dates, deadlines, or legal statements.
The lawful basis for processing is established by the property manager (the controller), typically the performance of the tenancy/servicing relationship and the manager’s and landlord’s legitimate interest in collecting rent owed, balanced against tenants’ rights.
4. Sharing & subprocessors
We share personal data only with service providers that need it to deliver the service, each over encrypted connections and only for the manager’s current tenants:
| Subprocessor | Data shared | Purpose |
|---|---|---|
| Twilio | Tenant phone number, message/voice content | SMS & voice delivery |
| Email provider (Postmark / SendGrid) | Tenant email, message content | Email delivery |
| Stripe | Payment amount, opaque references (no card data reaches us) | Payment links & billing |
| Lob | Tenant name & address, notice content | Certified-mail legal notices |
| Dropbox Sign | Tenant name/email, plan document | E-signature on payment plans / renewals |
| LLM provider | Conversation content (drafting & interpreting messages) | AI drafting/interpretation under a no-training data agreement |
| Property management systems (Rentvine, Rent Manager, Buildium, etc.) | Tenant, lease & ledger data (read); notes (write) | Source-of-truth synchronization |
| Hosting (Render / AWS) | All data, encrypted | Cloud infrastructure |
5. International transfers
HireCole is UK-based and its customers operate in the United States, so personal data may be transferred between the UK/EEA and the US. Where it is, we rely on appropriate safeguards (such as the UK International Data Transfer Agreement / Addendum and standard contractual clauses) with the providers involved.
6. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Each property manager’s data is isolated at the database layer so one customer’s data cannot be reached from another’s context. Per-customer system credentials are additionally encrypted at the application layer. Access is least-privilege and logged.
7. Cookies
This website is informational and does not set non-essential or tracking cookies, and does not use third-party analytics. Any change to this — for example adding analytics — would be preceded by a cookie notice and, where required, a consent choice defaulting to the privacy-preserving option.
8. Retention
We retain personal data for as long as needed to provide the service to the property manager and to meet legal and evidentiary obligations. Our activity/audit log is retained as a record of what happened (evidence and billing proof) and is not subject to routine deletion. When a property manager leaves, we provide for export and deletion of their data, subject to any legal hold. Detailed retention periods are set out in our internal data-retention policy and in the data-processing agreement with each manager.
9. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or object to the processing of your personal data, and to data portability. Because we act on behalf of the property manager, tenants should usually direct requests to the property manager (the controller); we will assist the manager in responding. You may also contact us at the address below and we will route your request appropriately. You have the right to complain to the UK Information Commissioner’s Office (ICO) or your local data-protection authority.
10. Contact
Questions about this policy or your data: write to HireCole at 167-169 Great Portland Street, London, England, W1W 5PF.