Skip to content Skip to footer
Menu Close
Close
Linkedin
Download

Privacy Policy

Drifthome Technologied Ltd Privacy Policy

Effective date: 18th November 2025

Version: v1.1

1. Who we are and how to contact us

Controller: Drifthome Technologies Ltd (“drifthome”, “we”, “us”).

Registered address: 167-169 Great Portland Street, Fifth Floor, London, Greater London, England, W1W 5PF

Email (DPO): dpo@drifthome.ai

Supervisory authority: You may complain to the UK Information Commissioner’s Office (ICO) (ico.org.uk; 0303 123 1113; Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF) or to your local authority.

2. Scope

This Policy covers personal data processed when you use drifthome.ai, our mobile apps (iOS/Android), our Admin Portal (React), and related services and communications. This Policy also covers personal data processed to administer our cap table and employee/advisor equity plans (ESOP/option schemes) and to meet related company‑law and tax obligations.

3. What data we collect

  • Identification & contact: name, email, phone, organisation (if applicable).
  • Account & authentication: credentials, role/permissions, audit trails.
  • User content: property images and related metadata you upload or generate.
  • Equity & optionholder data (shareholders, employees, contractors, and advisors participating in an equity plan): identity and contact details; employment/engagement status; grant/award details; vesting schedule/status; exercise/transfer records; cap‑table identifiers; limited payroll/tax identifiers where needed (e.g., NI number) and any KYC/ID documentation required by law or by our plan administrator.
  • Device & usage: IP address, device/app identifiers, pages/screens viewed, clickstream, crash reports, performance metrics (including Azure Application Insights), and security logs.
  • Support & communications: messages, listings, call notes.
  • Marketing preferences: newsletter opt-ins/opt-outs.
  • Payment metadata: limited transaction metadata from our payment provider (we do not receive full card details).
  • Job applicants/business contacts (if applicable): CV details and professional contact data.

We do not intentionally collect special-category data (e.g., health, biometrics). Please avoid uploading such data. If unavoidable, contact us first.

4. Sources

  • Directly from you (forms, uploads, emails, support).
  • Automatically from your device when using our services (subject to your cookie/SDK choices via CookieYes).
  • From processors acting on our instructions (e.g., error/crash reports).

5. Purposes and lawful bases

We only process personal data where we have a lawful basis under UK GDPR/GDPR.

PurposeExamples of dataLawful basis
Provide the serviceaccount data; content storage (Azure Blob); session informationContract (Art. 6(1)(b))
Secure & maintain the servicelogs; telemetry; fraud/abuse prevention; back-ups; disaster recoveryLegitimate interests (service reliability & security) (Art. 6(1)(f)); Legal obligation where applicable
Customer support & service messagescontact details; listing historyContract; Legitimate interests
Analytics & product improvement (non-essential cookies/SDKs)device/usage dataConsent (Art. 6(1)(a)) via CookieYes
Marketing communicationscontact details; preferencesConsent (and soft opt-in where PECR permits); withdraw any time
Legal & regulatoryminimal necessary recordsLegal obligation (Art. 6(1)(c))

Legitimate interests tests. Where we rely on legitimate interests, we balance our interests against your rights and expectations. You may object at any time.

Equity & option plan administration; company registers; and regulatory filings — Lawful bases: Contract (option/award agreements); Legal obligation (company & tax law); and Legitimate interests (corporate governance and investor relations).

6. Cookies and similar technologies

We use essential cookies for core functionality. Non-essential analytics/marketing cookies or SDKs run only with your consent via our CookieYes banner. You can change choices at any time via “Cookie Settings” in the footer or in-app settings. See our Cookie Policy (https://drifthome.ai/cookiepolicy/) for the cookie table (name, provider, purpose, type, duration) and details about embedded content (e.g., videos) which only load if you consent.

7. Disclosures (who we share data with)

We disclose personal data to:

  • Cloud & DevOps: Microsoft Azure (App Services, Azure SQL, Azure Blob Storage, Azure Key Vault), Azure DevOps (CI/CD).
  • Observability & security: Azure Application Insights and security tooling.
  • Email/communications & support: selected providers acting as processors under contract.
  • Payments: our payment provider (controller or processor role per their terms).
  • Professional advisers and auditors.
  • Authorities where required by law.
  • Equity plan administrators / cap‑table platforms (processing under contract).
  • Public authorities and regulators (e.g., Companies House, HMRC) where required by law.
  • Banks/registrars/notaries used for corporate actions.

All processors act under a written data-processing agreement, are bound by confidentiality, and may not use personal data for their own purposes.

8. International transfers

Some providers or sub-processors may be located outside the UK/EEA. Where we transfer data internationally we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) with the UK Addendum, and we perform transfer risk assessments. Copies are available on request (commercially sensitive parts redacted). These safeguards also apply to any equity administration platform or adviser located outside the UK/EEA. Copies of transfer safeguards are available on request.

9. Retention

We keep personal data only as long as needed for the purposes above (or longer where law requires). Standard periods are:

  • Account/profile data: for the life of the account, then 12 months.
  • Uploaded images/content: until deletion or 24 months after last activity.
  • Security & system logs/telemetry: 12–24 months.
  • Support tickets: 24 months after closure.
  • Analytics data: as set in the Cookie Policy per tool (e.g., up to 26 months).
  • Marketing lists: until you withdraw consent; suppression lists retained to honour opt-outs.
  • Equity/optionholder records: for the life of the option/equity and 6–10 years thereafter (statutory record‑keeping/tax rules and to defend legal claims).

10. Your rights

You have the right to access, rectify, erase, restrict, object (including to processing based on legitimate interests and to direct marketing), and data portability. Where we rely on consent, you may withdraw it at any time (this won’t affect prior lawful processing).

Exercising your rights: email dpo@drifthome.ai. We may need to verify identity.

Optionholders may also exercise their rights directly with any independent plan trustee or third‑party equity administrator acting as a separate controller.

Complaints: You can complain to the ICO (ico.org.uk; 0303 123 1113; Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF) or to your local authority.

11. Children

Our services are not directed to children. If consent is required for information-society services offered to children, the UK age is 13 (up to 16 in some EU countries). If you believe a child has provided data, contact us to delete it.

12. Security

We implement technical and organisational measures appropriate to risk, including: encryption in transit and at rest (Azure), access controls & least privilege, Azure Key Vault for secrets, network & application firewalls, vulnerability management, back-ups & disaster recovery, logging & monitoring (Application Insights), and staff confidentiality & awareness.

13. Automated decision-making

We do not perform automated decision-making that produces legal or similarly significant effects. If this changes, we will update this Policy and explain your rights.

14. Third-party links and embedded content

Our services may include links or embedded content from third parties. Those providers are responsible for their own data practices. We only load third-party embeds that set non-essential cookies if you have consented in Cookie Settings.

15. Data deletion requests

You can request deletion via dpo@drifthome.ai or through our contact address below.

16. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated on the site/app or by email. Please check the Effective date above.

17. Contact

Drifthome Technologies Ltd

167-169 Great Portland Street, Fifth Floor, London, Greater London, England, W1W 5PF

Email: dpo@drifthome.ai