← Back to Triaga

Privacy Policy

Last updated: 4 June 2026

This policy explains how [Legal entity name] ("we", "us"), operator of the Triaga platform, handles personal data, in line with the UK GDPR and the Data Protection Act 2018.

1. Our two roles: controller and processor

Triaga handles personal data in two distinct capacities:

  • As a controller — for the account and contact data of the agencies, property managers and landlords who sign up to use Triaga (e.g. names, work emails, login details, usage).
  • As a processor — for the personal data that a customer (the agency or landlord) uploads or generates about their tenants, occupants, landlords and contractors in order to manage maintenance issues. For that data, the customer is the controller and decides why and how it is processed; we process it on their instructions to provide the Service. A separate data processing agreement governs this and is available on request.

2. Personal data we process

  • Account data: name, email, phone, job title, password (hashed), company details, settings.
  • Tenant & occupant data: names, contact details, dates of birth, property/tenancy details, issue reports, messages and photos.
  • Special-category data: information about tenant vulnerability or accessibility needs may be recorded where relevant to a maintenance issue and to Awaab's Law obligations. This is sensitive and is processed only to support the safe handling of issues.
  • Landlord & contractor data: names, contact details, and (for contractors) trade, certifications and quotes.
  • Technical data: log data and a session cookie required to keep you signed in.

3. Why we process it (lawful bases)

  • Contract — to provide the Service to our customers.
  • Legitimate interests — to operate, secure and improve the Service (balanced against individuals' rights).
  • Legal obligation — to comply with our own legal duties.
  • For special-category (vulnerability) data, our customers rely on the appropriate condition under the Data Protection Act 2018 as controller; we process it only on their instructions.

4. AI processing

Triaga uses AI models to triage issues, propose actions and draft communications. To do this, relevant issue content (which may include tenant-provided text and photos) is sent to our AI sub-processor (Anthropic) for processing. We use temperature-controlled, instruction- scoped prompts; AI outputs are suggestions that a human reviews. AI providers are engaged as sub-processors under contractual terms that prohibit using your data to train their models other than as permitted by those terms.

5. Sub-processors

We use the following sub-processors to run the Service:

  • Vercel — application hosting.
  • Neon — database hosting (currently hosted in the UK / London region).
  • Resend — transactional email delivery.
  • [SMS provider, e.g. Twilio] — SMS delivery.
  • Vercel Blob — storage of uploaded files/photos.
  • Anthropic — AI processing (see section 4).

A current list is available on request; we give notice before adding new sub-processors that materially affect your data.

6. International transfers

Where a sub-processor processes data outside the UK (for example, AI processing or hosting in the US), we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses.

7. Retention

We keep account data for as long as your account is active and for a reasonable period afterwards. Customer Data is retained while you use the Service; on termination we make it available for export and then delete it within a reasonable period, except where we must keep it to meet a legal obligation. Customers can also delete records within the Service.

8. Your rights

Individuals have rights under UK GDPR including access, rectification, erasure, restriction, objection and portability. If you are a tenant, occupant, landlord or contractor, the agency or landlord managing your property is usually the controller of your data — please contact them first; we will support them in responding. For account data where we are the controller, contact us at [privacy@yourdomain]. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

9. Children's data

Tenancy and occupant records may include information about children where provided by the controller. We do not knowingly use this data for any purpose other than supporting the management of the relevant property and issues.

10. Security

We use technical and organisational measures including encryption in transit, access controls, per-company data isolation, role-based permissions and audit logging. No system is perfectly secure, but we work to protect your data and will notify affected parties and regulators of a personal data breach as required by law.

11. Cookies

Triaga uses a strictly-necessary session cookie to keep you signed in. We do not use advertising or third-party tracking cookies in the app.

12. Contact

Data protection enquiries: [privacy@yourdomain], [Legal entity name], [registered address].

Terms of ServicePrivacy Policy