Privacy Policy

This Privacy Policy explains how Domiva Ltd ("Domiva", "we", "us") collects and uses your personal data when you use our mobile app, admin dashboard, or website. We are the data controller for the personal data we process, unless otherwise stated.

1. Who we are

Domiva Ltd is a company registered in England and Wales. You can contact us at support@domiva.app. For data protection questions, email privacy@domiva.app.

2. What we collect

We collect this data directly from you, from your use of the app, and from third parties you authorise (for example, a payment processor confirming a successful payment).

3. Why we use it

• To create and operate your account;
• To facilitate rent payments and record receipts;
• To match landlords with tenants via access codes;
• To send operational messages (payment confirmations, reminders, extension updates);
• To calculate your Domiva Score based on on-platform activity;
• To protect the platform against fraud, abuse, and misuse;
• To comply with legal obligations.

4. Legal basis

Under UK GDPR we process personal data on the following grounds:

• Contract — to provide the Service you signed up for.
• Legitimate interests — to keep the Service secure, improve it, and prevent abuse.
• Consent — where we ask you (for example, for push notifications or optional features).
• Legal obligation — to comply with tax, anti-fraud, or regulatory requirements.

5. Who we share with

We only share personal data with:

• Infrastructure providers who host our servers, database, and file storage;
• Email provider (Resend) for transactional email;
• Push notification provider (Firebase Cloud Messaging) to deliver notifications to your device;
• Payment processors who handle rent payments on our behalf;
• The other party to your tenancy (i.e. landlord ↔ tenant), limited to what is needed to run that tenancy;
• Law enforcement or regulators where legally required.

We do not sell your personal data.

6. International transfers

Some of our providers (e.g. Firebase, email delivery) process data outside the UK. Where this happens we rely on UK-approved transfer mechanisms (adequacy decisions, Standard Contractual Clauses, or the UK Addendum) to protect your data.

7. How long we keep it

We keep personal data only as long as we need it for the purpose it was collected or to comply with legal obligations. Typically:

• Account data: while your account is active and up to 12 months after closure;
• Payment records: up to 7 years for tax/accounting reasons;
• Error logs: up to 90 days;
• Push tokens: until you uninstall the app or disable notifications.

8. Security

We hash passwords with bcrypt, use TLS for data in transit, and restrict internal access on a need-to-know basis. No system is perfectly secure — contact us immediately at security@domiva.app if you believe your account has been compromised.

9. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you;
• Correct inaccurate data;
• Request deletion (subject to our legal obligations);
• Restrict or object to certain processing;
• Data portability;
• Withdraw consent at any time where consent is the legal basis;
• Complain to the Information Commissioner's Office (ico.org.uk).

To exercise these rights, email privacy@domiva.app.

10. Cookies

Our mobile app does not use cookies. Our website uses only essential cookies needed for the site to function (no advertising or tracking cookies).

11. Children

Domiva is not intended for anyone under 18. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

12. Changes

We may update this Privacy Policy from time to time. If a change is material we will notify you via the app or by email. The "last updated" date at the top of this page always reflects the most recent version.

13. Contact us

For any privacy question, email privacy@domiva.app.