Privacy Policy

Last updated: 16 December 2025

ROOST (trading name of Green Standard Group Limited, company number 15234567, registered in England and Wales) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our property management platform at roost.to.

Contents

1. Information We Collect2. How We Use Your Information3. Legal Basis for Processing4. How We Share Your Information5. Data Security6. Data Retention7. Your Rights Under UK GDPR8. International Data Transfers9. Cookies10. Changes to This Policy11. Contact Us

1. Information We Collect

1.1 Information You Provide

Account Information:Name, email address, phone number, postal address, password, and billing information when you create an account.
Property Information:Property addresses, ownership details, rental information, property documents, certificates (EPC, Gas Safety, EICR), and tenant information.
Financial Data:Bank account details, transaction records, rental income and expense data, tax information, and payment card details (processed securely through our payment providers).
Communications:Information in messages, support tickets, feedback, and any other communications with us or through our platform.
Identity Verification:Documents and information required for identity verification and regulatory compliance, including passport, driving license, or utility bills.

1.2 Information Collected Automatically

Usage Information:Pages viewed, features used, time spent on pages, search queries, and interaction patterns.
Device Information:IP address, browser type and version, operating system, device identifiers, and mobile network information.
Location Data:General location information derived from your IP address (not precise geolocation).
Cookies and Tracking:Data collected through cookies, web beacons, and similar technologies.

1.3 Information from Third Parties

Open Banking Data:With your explicit consent, we receive financial transaction data from open banking providers to help automate bookkeeping.
Public Records:Property registration data, Land Registry information, and publicly available compliance records.
Service Providers:Information from payment processors, identity verification services, and other third-party service providers.

2. How We Use Your Information

Service Delivery

  • Provide and maintain our property management platform
  • Process transactions and send notifications
  • Manage properties, tenancies, and compliance
  • Generate reports and AI-powered insights

Communications

  • Send compliance alerts and deadline reminders
  • Respond to inquiries and provide support
  • Send marketing (with consent, opt-out anytime)
  • Notify you of changes to services or policies

Safety & Compliance

  • Verify identity and prevent fraud
  • Comply with legal and regulatory requirements
  • Enforce Terms of Service and protect our rights
  • Detect and prevent security incidents

Research & Development

  • Analyze usage patterns to improve platform
  • Develop new features and services
  • Train AI models using anonymized data
  • Conduct research and analytics

3. Legal Basis for Processing (UK GDPR)

1

Contractual Necessity

Processing necessary to provide our services under our Terms of Service

2

Legitimate Interests

For business purposes such as fraud prevention, security, and service improvement

3

Consent

Where you have given explicit consent (e.g., marketing communications, open banking)

4

Legal Obligations

To comply with applicable laws, regulations, and legal processes

4. How We Share Your Information

We do not sell your personal information.

Service Providers

Trusted third parties who perform services on our behalf (cloud hosting, payment processing, email delivery, analytics). They are contractually obligated to protect your data.

Open Banking Partners

With your explicit consent, we connect to FCA-regulated open banking providers to retrieve your financial transaction data.

Legal Requirements

We may disclose information if required by law, court order, government requests, or to protect our rights, property, or safety.

Business Transfers

If involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption

TLS 1.3 for data in transit, AES-256 for data at rest

Access Controls

Role-based access and multi-factor authentication

Secure Infrastructure

SOC 2 compliant hosting environment

Regular Audits

Security audits and vulnerability assessments

Data Minimization

We collect only what's necessary

Staff Training

Regular security and privacy training

6. Data Retention

Data TypeRetention Period
Account DataWhile active, then 7 years (HMRC compliance)
Financial Records7 years (UK tax law requirement)
Compliance Documents6 years (legal requirement)
Marketing DataUntil consent withdrawn or 2 years inactive
Log Data90 days (unless needed for security)

7. Your Rights Under UK GDPR

Right of Access

Request a copy of the personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your data (subject to legal retention)

Right to Restrict Processing

Request limitation on how we process your data

Right to Data Portability

Request your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or marketing

Right to Withdraw Consent

Withdraw consent where processing is based on consent

Right to Lodge a Complaint

File a complaint with the Information Commissioner's Office

To exercise any of these rights, contact us at privacy@roost.to

8. International Data Transfers

Your data is primarily processed and stored within the UK and European Economic Area (EEA). If we transfer data outside the UK/EEA, we ensure appropriate safeguards:

  • Standard Contractual Clauses approved by the UK ICO
  • Adequacy decisions by the UK government
  • Binding Corporate Rules

9. Cookies and Tracking

We use cookies and similar technologies to provide, secure, and improve our services. For detailed information, please see our Cookie Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy with a new "Last updated" date
  • Sending an email notification to your registered email
  • Displaying a prominent notice in your account dashboard

11. Contact Us

Data Protection Contact

Email: privacy@roost.to

General: info@roost.to

Company: Green Standard Group Limited

Location: London, United Kingdom

Information Commissioner's Office

If you're not satisfied with our response, you can lodge a complaint with the ICO:

Website: ico.org.uk

Phone: 0303 123 1113