Privacy Notice
Welcome. This notice explains how the AI Concierge (run by Belport AI Ltd) handles your personal data when your building's management team uses our service. We've tried to write this in plain English. If anything is unclear, email us at [email protected] — a real person reads that inbox.
The short version:
- Your building's management company decides to use the AI Concierge. They are in charge of your personal data. We run the AI assistant for them.
- We keep a record of your WhatsApp messages with the assistant, your phone number, and your apartment number.
- We use OpenAI (in the United States) to help the assistant reply. OpenAI does not use your messages to train its models.
- You can ask for a copy of your data, ask us to delete it, or stop marketing messages, by replying DATA, DELETE, or STOP on WhatsApp — or by emailing [email protected].
- You can complain to the Information Commissioner's Office (ICO) if you think we've got it wrong: ico.org.uk.
The rest of this notice expands each of those points.
1. Who we are
There are two organisations involved.
Your building's management company (the "manager") decides that the AI Concierge will be used at your building, and what to use it for. In data-protection language, the manager is the "controller" of your personal data — the organisation legally responsible for it.
What "controller" means: the company that decides why and how your information is used.
Belport AI (Belport AI Ltd, [Companies House number to follow], registered in England and Wales, ICO registration [ICO registration number — ZAxxxxxx — to follow]) runs the AI assistant for the manager. In data-protection language, we are the "processor" for most of what the assistant does — we follow your manager's instructions.
What "processor" means: a company that handles personal data on behalf of the controller, following their instructions.
For a small number of things we decide ourselves (such as how the assistant remembers facts about you to give better answers, and how we improve the service over time) we are an independent controller — see Section 3.
Our contact details for any data-protection matter:
- Email: [email protected]
We do not currently have a Data Protection Officer (a senior data-protection person formally appointed). If that changes we will update this notice.
2. What we collect
When you message the AI Concierge, we collect:
| What we collect | Example |
|---|---|
| Your phone number | The mobile number you message us from (stored as a one-way fingerprint for lookup, plus the original number where we need it to message you back). |
| Your name | The name your manager gave us when they set up your building, and any name you tell the assistant. |
| Your apartment or unit | Which flat in the building you are linked to. |
| The messages you send and the replies we send back | The text of WhatsApp messages, plus written transcripts of voice notes you send. We do not keep the original voice audio. |
| Anything you tell us | For example, "I'm away next week" or "my carer is called Sarah" — facts you mention while talking to the assistant. |
| Facts the assistant works out about you | A short rolling summary of past conversations, and a profile of useful facts (for example, that you prefer email reminders) — so the assistant doesn't have to ask you the same thing twice. |
| Records of requests | Maintenance tickets, key releases you've asked for, your consents and any rights requests you make. |
| Service records | Time stamps, message IDs, and an audit log of safety routing and rights requests. |
Special-category data
"Special-category data" is the legal term for data about your health, religion, ethnicity, sexual orientation, trade-union membership, or beliefs. Free-text WhatsApp messages can include this sort of information unexpectedly — for example, "I'm in a wheelchair, please tell the lift contractor" mentions health data.
We ask you on first contact whether we can handle sensitive details like these (the "YES / NO" question in the first WhatsApp message you receive). If you reply YES, we treat the information as something you have explicitly consented to share. If you reply NO, we limit the assistant to non-sensitive matters and we don't add sensitive details to the profile we keep about you. You can change your mind any time by replying NO SENSITIVE to revoke, or YES SENSITIVE to give consent again.
Why we ask separately: under Article 9 of the UK GDPR, special-category data needs a stronger legal basis than ordinary personal data. Explicit consent is the cleanest one for a chat service like this.
3. Why we collect your data, and our legal reasons
We use your data for the following purposes. For each one, we list the legal basis we rely on.
"Legal basis" is the law-required reason we have for using your data. The UK GDPR (Article 6) lists six options. For most things we do, we rely on "legitimate interests" — meaning we have a sensible reason, we genuinely need the data to do it, and your rights and interests aren't unfairly affected. Where we rely on legitimate interests, you have the right to object — see Section 7.
| Purpose | Legal basis |
|---|---|
| Replying to your messages and helping with building-related questions (maintenance, amenities, building rules). | Legitimate interests (yours and your manager's), or carrying out a contract where your tenancy gives the manager the right to communicate with you electronically. |
| Logging maintenance tickets, contractor jobs, and other building workflows. | Legitimate interests / contract. |
| Routing safety messages (smoke, fire, gas, leaks, injuries) directly to your manager and pointing you at 999. | Legitimate interests; in genuine emergencies, vital interests (UK GDPR Article 6(1)(d) — protecting someone's life). |
| Authorising key releases to visitors or contractors you've asked us to let in. | Carrying out the access part of your tenancy (a contractual basis), or legitimate interests. See Section 8. |
| Remembering useful facts about you (your rolling summary and profile), so the assistant doesn't have to keep re-asking the basics. We are the independent controller for this purpose. | Legitimate interests of Belport AI. We are preparing an internal legitimate-interests assessment ahead of go-live. You can object to this and we will switch the profile off for your account. |
| Sending marketing announcements (events, services, optional features) — only after you've given a separate marketing opt-in. | Consent (UK GDPR Article 6(1)(a)) plus PECR Regulation 22. You can withdraw at any time by replying STOP. |
| Improving the AI Concierge service itself — quality scoring, finding gaps in our knowledge base, training internal evaluators. We are the independent controller for this purpose. | Legitimate interests of Belport AI. We don't use special-category data for this. You can object to this and we will exclude your data from the improvement set. |
| Keeping audit logs, including consent and rights-request records. | Legal obligation; legitimate interests in being able to evidence what happened. |
| Sending data to our suppliers (OpenAI, Railway, Cloudflare, Langfuse, Meta — see Section 4) so the service can function. | Whatever basis applies to the underlying purpose above. |
Special-category data (Article 9)
Where you've given us explicit consent on first contact (the YES reply), we rely on UK GDPR Article 9(2)(a) — explicit consent. We can also rely on Article 9(2)(c) — vital interests in genuine emergencies, and on Article 9(2)(g) — substantial public interest with safeguarding (DPA 2018 Schedule 1 paragraph 18) where we need to act on safeguarding signals involving children or vulnerable adults.
We do not use your messages to train OpenAI's or any other provider's general AI models. OpenAI's contract with us prohibits training on what we send.
4. Who we share your data with
We use a small number of trusted suppliers ("sub-processors") to deliver the service. Our complete and up-to-date list — including each supplier's location and what they do — is at belport.ai/sub-processors. Today the main ones are:
| Supplier | What they do | Where |
|---|---|---|
| Meta (WhatsApp Business Cloud API) | Delivers WhatsApp messages between you and the assistant. | Ireland and the United States. |
| OpenAI | Provides the AI model that reads your messages and helps the assistant write replies. They process your messages but do not use them to train their general models. | EU region where supported; United States for some features. |
| Railway | Hosts our database and the application servers. | Currently United States (Ashburn, Virginia); we are working to move to UK / EU. |
| Cloudflare | Stores documents (such as building handbooks) and photos. | EU region. |
| Langfuse | Stores logs of assistant conversations so we can debug problems and improve quality. | EU (Frankfurt). [verify before go-live] |
| Google Maps Platform | Looks up addresses near the building. We do not send your identity to Google. | EU and United States. |
We will also share your data:
- with your building's management company (the manager), because they are the controller;
- with emergency services or other authorities, where the law requires it (for example, in a 999 escalation or a court order);
- with professional advisors (our lawyers or auditors) under confidentiality, where strictly necessary.
We do not sell your data and we do not share it with advertisers.
5. Where your data is stored, and transfers outside the UK
Some of our suppliers are based in the United States. The UK GDPR allows transfers of personal data to countries outside the UK only where suitable safeguards are in place.
For US suppliers we rely on one of:
- the UK Extension to the EU–US Data Privacy Framework (an adequacy regulation made by the UK government), where the supplier is on the active framework list; or
- the International Data Transfer Agreement (a contract approved by the ICO) plus a written transfer risk assessment.
We are working with our suppliers to move EU and UK customer data into EU / UK regions wherever possible, and to keep paperwork up to date for the transfers that remain. We will keep our sub-processor list at belport.ai/sub-processors in sync with the current position.
In short: yes, some of your data leaves the UK. The law allows that as long as we use one of the approved safeguards. We do.
6. How long we keep your data
We keep different types of data for different periods, based on how long we genuinely need each one. The table below is the standard policy; your building's manager may set a shorter period for some categories.
| Type of data | How long we keep it |
|---|---|
| Your WhatsApp messages with the assistant (and their text transcripts of voice notes) | 12 months from your last message, or 90 days after you leave the building — whichever comes first. |
| Voice audio | We never save the original audio. Voice notes are transcribed in memory and the audio is discarded. |
| Knowledge-base documents and building photos | Until your manager removes them or your building stops using the service. |
| Your profile and rolling summary | Reset on each new session, or refreshed on a rolling 90-day window. |
| Audit logs (consents, key-release events, rights requests) | 6 years. This is the standard UK record-keeping period for tenancy and contractual matters under the Limitation Act 1980. |
| Operational logs (rate limits, workflows, dead-letter queue entries) | 90 days. |
| Diagnostic conversation logs at our supplier Langfuse | 30 days. |
| Abuse-monitoring data at OpenAI | 30 days (or zero, where we have enabled OpenAI's "Zero Data Retention" feature). |
| Database backups | 30 days (rolling). |
If your manager has asked us to keep a specific conversation longer because of a complaint, dispute or legal matter, we will pause deletion for that conversation until the matter is resolved (a "litigation hold"). We log every hold and release.
7. Your rights
Under the UK GDPR (Articles 15 to 22, as updated by the Data (Use and Access) Act 2025), you have the following rights:
| Right | What it means |
|---|---|
| Right to be informed | We must tell you how we use your data — that's what this notice is for. |
| Right of access | Ask us for a copy of the personal data we hold about you. Reply DATA on WhatsApp, or email [email protected]. We respond within one month (occasionally up to three months for complex requests; we will tell you if we need the extra time). |
| Right to rectification | Ask us to correct inaccurate or incomplete data. Easiest route: tell the assistant or your manager. |
| Right to erasure | Ask us to delete your personal data. Reply DELETE on WhatsApp (two-step confirmation) or email [email protected]. We delete from our database, our backups (as they roll), and from our suppliers' systems. |
| Right to restriction | Ask us to pause processing your data while you challenge something we're doing. |
| Right to data portability | Ask for a copy of your data in a machine-readable format you can take elsewhere. Reply DATA. |
| Right to object | Object to us processing your data on the basis of legitimate interests. We will stop unless we have stronger reasons to continue (which we'll explain). |
| Rights about automated decisions | See Section 8. |
How we check it's you
When you exercise a right by WhatsApp, we use your phone number as the identifier. For higher-risk requests (like a full export or a deletion) we send a one-time code to your number and ask you to repeat it back, so we know it's really you and not someone with your phone. If you've lost access to the phone, contact your manager.
The DUAA-introduced complaints route
Since 5 February 2026 you also have the right under the Data (Use and Access) Act 2025 to complain directly to us about how we handle your data. Email [email protected]. We will acknowledge within 5 working days and respond within one month.
Complaining to the regulator
You can also complain to the Information Commissioner's Office (ICO) — the UK's data-protection regulator — at any time. You don't have to complain to us first.
- Website: ico.org.uk
- Helpline: 0303 123 1113
8. Automated decisions and the key-release feature
Most of what the assistant does is just a conversation: you ask, it replies, a human is in the loop somewhere downstream. There is one feature where the assistant takes a decision: the key-release feature.
How it works
- You ask the assistant to release keys (for example, to let a cleaner in on Tuesday).
- The assistant proposes the release — who, when, for which apartment.
- Your building's manager confirms the release in the dashboard. This is a real human decision, not a rubber stamp; the manager can refuse, change the details, or ask questions.
- You receive a confirmation message summarising the time window and authorised name.
- You reply CONFIRM to activate the release, or CANCEL to discard it.
- The activated release is logged for 6 years.
Why this matters legally
Since 5 February 2026, the UK GDPR (under new Articles 22A–22D, introduced by the Data (Use and Access) Act 2025) gives you specific rights when a "significant" decision about you is taken solely by automated processing. Because every key release is reviewed and approved by a manager, the key-release feature is not solely automated — meaning Articles 22A–22D do not apply to its standard configuration.
If your manager configures the service differently (for example, pre-authorised recurring releases for a named cleaner), we will tell you and ensure the right safeguards (meaningful information about the logic, ability to challenge, route to human review) are in place under Articles 22A–22D. You can ask for human review at any time by replying REVIEW to a key-release proposal, or by emailing [email protected].
Open point — we are honest about this. Whether the operator (us) or the manager (your building's management company) is the legal "controller" for the key-release decision is something we are still working through with our customers and lawyers. We will update this notice once that is finalised.
9. How we keep your data safe
We use industry-standard security controls, including:
- Encryption in transit (TLS 1.3) on every connection.
- Encryption at rest on the contents of your messages, your rolling summary, your profile, and the snapshots of consent prompts.
- Two-factor authentication mandatory for administrators and developers, and progressively rolled out to managers.
- Building-scoped access controls, so a staff user can only see data for their own building.
- Logging and redaction so personal data does not leak into our diagnostic logs.
- Annual penetration testing, sub-processor due diligence, and working towards Cyber Essentials Plus certification.
If a personal-data breach affects you in a way that creates a high risk to your rights and freedoms, we will tell you without undue delay and explain what happened, what we are doing about it, and what you can do.
10. Children
The AI Concierge is designed to be used by adult residents. We don't deliberately offer it to children.
That said, we know that residential buildings include children, and they may pick up a parent's phone or have a number on file. The Information Commissioner's Office Children's Code and the Data (Use and Access) Act 2025 both require us to take the needs of children into account when our service is likely to be accessed by them.
What we do in practice:
- We ask on first contact whether the user is aged 13 or over. If the answer is no, we restrict the assistant to safe, non-sensitive information and disable marketing entirely.
- We do not send marketing announcements to anyone we have reason to believe is under 18.
- Any safeguarding signals (for example, signs of self-harm, abuse, or neglect) from a suspected minor are escalated to the manager and the safeguarding contact your manager nominates.
- We work with your manager to flag minor residents so we can apply child-appropriate defaults.
If you are a parent, guardian, or carer and you have questions about how the AI Concierge handles a child's data, please email [email protected].
11. Marketing announcements
Your manager may use the AI Concierge to send announcements about events, services, or optional features. This is marketing in the legal sense, even if the messages are useful.
We will only send marketing messages if you have opted in separately (a clear, specific "yes" — not just continuing to use the assistant). Every marketing message will include "Reply STOP to unsubscribe". Replying STOP at any time switches off marketing for you, instantly and permanently.
Why this is separate from the rest of the service. The Privacy and Electronic Communications Regulations 2003 (PECR) — UK rules for electronic marketing — require a higher standard of consent for marketing than for normal service messages. Since 5 February 2026 the maximum fine for getting this wrong is £17.5 million or 4% of worldwide turnover. We take that very seriously.
Non-marketing service messages — like "your maintenance request is logged" or "the lift is out of service today" — are not affected by your marketing choice. They are part of the service itself.
12. Cookies
If you read this notice on our website, we use a small number of cookies and similar browser storage. The full details — what we store, why, how long for, and how to change your mind — are in our dedicated Cookies Policy.
You can change your cookie choices at any time using in the footer of every page.
13. How to contact us
| If you want to… | Do this |
|---|---|
| Ask a question about this notice | Email [email protected]. |
| Exercise a right (access, deletion, etc.) | Reply DATA, DELETE, STOP, or NO SENSITIVE on WhatsApp — or email [email protected]. |
| Complain about how we've handled your data | Email [email protected] and we'll respond within one month. |
| Complain to the regulator | Information Commissioner's Office — ico.org.uk — helpline 0303 123 1113. You do not need to complain to us first. |
| Contact your building's manager directly | Use your usual building management contact. They are the controller for most of what we do. |
14. Changes to this notice
If we materially change how we use your data, we will tell you — through a WhatsApp message from the assistant and on this page — and update the "last updated" date below.
15. Last updated
This notice was last updated on [publication date — to be filled at go-live].
This notice is part of our compliance with UK GDPR Articles 12–14 (transparency), Articles 13(2)(f) and 14(2)(g) (automated decision-making), and the Data (Use and Access) Act 2025. See our sibling pages — Sub-processors and Cookies Policy — for related information. If you spot a factual error, please email [email protected].