Privacy Policy

1. Who we are

Aurosource is operated by BTL Pro Ltd (“Aurosource”, “we”, “us” or “our”). Aurosource provides a property intelligence platform for document processing, portfolio management, property data enrichment, analytics and AI-assisted user interactions.

For the purposes of UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, BTL Pro Ltd is the controller of personal data processed in connection with your account and use of the Service, except where we process personal data strictly on behalf of another controller under a separate written agreement.

Scout is an AI-powered assistant and product voice within Aurosource. Scout is not a separate controller or legal entity. Where Scout processes personal data, it does so as part of the Aurosource Service.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed through our websites, web applications, mobile applications, dashboards, APIs, document ingestion services, dedicated inbound email services, connected email integrations, customer support, marketing communications and related services.

This policy does not apply to third-party websites, services, datasets or platforms that we do not control. Where you connect a third-party service, that provider’s privacy policy will also apply to its processing of your data.

3. Personal data we collect

We may collect and process the following categories of personal data, depending on how you use the Service.

3.1 Account and identity data

This may include your name, email address, organisation name, role, authentication identifiers, account preferences, subscription status, billing status and account settings.

3.2 Property, portfolio and document data

This may include property addresses, ownership information, landlord details, tenant names, guarantor details, tenancy terms, rent amounts, deposit information, mortgage information, lender details, valuation information, licence information, compliance documents, company information, title information, notes and other property-related records.

3.3 Documents, emails and attachments

Where you upload documents, forward emails, use a dedicated inbound email address or connect an email account, we may process the files, email metadata, message content and attachments that are necessary to provide the requested functionality.

3.4 Scout queries and AI interaction data

We may process prompts, questions, instructions, chat messages, generated responses, feedback, document references, search interactions, digest interactions and other usage data relating to your interactions with Scout and AI-assisted features.

3.5 Technical and usage data

This may include IP address, device information, browser type, operating system, referring URLs, pages viewed, session information, log data, error reports, performance data, security events, audit logs, feature usage and approximate location derived from IP address.

3.6 Billing and payment data

Where you use paid features, we may process subscription, invoice, plan, payment status and transaction metadata. Payment card details may be processed by our payment processor and not stored directly by Aurosource.

3.7 Support and communications data

If you contact us, we may process your messages, support requests, feedback, call notes, survey responses and related communications.

4. How we collect personal data

We collect personal data directly from you when you register, configure your account, upload files, enter property information, connect integrations, interact with Scout, contact support or otherwise use the Service.

We may collect personal data from third-party integrations where you authorise us to do so, including email providers, authentication providers, payment processors and property data providers.

We may also derive or generate personal data through our processing, such as extracted fields from documents, inferred document classifications, property matches, risk indicators, expiry reminders, portfolio summaries, audit logs and AI-generated responses.

5. How we use personal data

We use personal data to provide, operate, maintain and improve the Service. This includes creating and managing accounts, authenticating users, ingesting documents, extracting information, linking documents to properties, enriching portfolio data, generating insights, providing Scout responses, sending alerts and digests, enabling exports, processing payments and providing customer support.

We also use personal data to secure the Service, prevent fraud and abuse, investigate suspicious activity, monitor performance, debug errors, maintain audit logs, enforce our Terms, comply with legal obligations and communicate with users about product updates, service notices and relevant marketing where permitted by law.

We may process data to comply with contractual obligations owed to third-party data providers, including enforcing usage restrictions, monitoring access patterns and preventing misuse.

6. Lawful bases for processing

We rely on different lawful bases depending on the context. We process account, subscription and core service data where necessary to perform our contract with you or take steps at your request before entering into a contract.

We process certain data based on our legitimate interests, including improving and securing the Service, preventing abuse, understanding product usage, developing new features, supporting users and protecting our intellectual property, provided those interests are not overridden by your rights and freedoms.

We may process data where necessary to comply with legal obligations, including tax, accounting, regulatory, security and legal response obligations.

Where required, we rely on consent, including for certain cookies, marketing communications or optional integrations. You may withdraw consent at any time where processing is based on consent.

7. AI processing and Scout

Scout and other AI-assisted features may process your personal data and User Content to classify documents, extract fields, generate summaries, respond to queries, identify portfolio insights, produce alerts, create digests and support search or retrieval across your data.

AI-generated Outputs may be based on your uploaded documents, structured portfolio records, connected email content, third-party property data and prior interactions with the Service. Outputs may be inaccurate or incomplete and should be verified before reliance.

We do not sell your personal data. We do not use your identifiable User Content to train public AI models. Where we use third-party AI service providers, we use them to provide the Service and require appropriate contractual, confidentiality and data protection safeguards.

We may use aggregated, anonymised or de-identified information to monitor and improve extraction quality, system performance, document classification, product usability and security. We will not intentionally use such information to identify you.

We do not use third-party licensed data to train or improve machine learning models except where expressly permitted by the relevant data provider.

8. Special category and sensitive data

The Service is not designed for routine processing of special category personal data, criminal offence data, children’s data or highly sensitive personal data. However, documents and emails uploaded by users may occasionally contain such information.

You are responsible for ensuring that you have a lawful basis and appropriate safeguards before uploading or connecting any information that includes sensitive personal data. We may restrict, delete or refuse to process content that creates legal, security or operational risk.

9. Email integrations and dedicated inbound email

Where you connect an email account or use a dedicated inbound email address, we process email data only to provide the relevant document ingestion, attachment retrieval, classification, extraction and portfolio linking features.

Depending on the feature configured, this may include processing sender and recipient details, subject lines, message body content, attachment filenames, attachment contents, timestamps and other email metadata.

You should not forward or connect emails unless you have the right to do so and the content is relevant to your use of the Service.

10. Third-party property data and enrichment

The Service may use third-party property, company, title, address, valuation, listing, geographic or public register data to enrich your portfolio. Such data may be combined with User Content to support matching, search, insights and portfolio analysis.

Third-party data may be subject to its own licensing restrictions, availability constraints and accuracy limitations. We do not guarantee that third-party data is accurate, complete, current or suitable for your intended purpose.

Third-party data providers may act as independent data controllers in respect of their own data sources and collection practices.

Such data may be subject to contractual, licensing or usage restrictions which limit how it can be accessed, used, exported or retained within the Service.

11. Who we share personal data with

We may share personal data with service providers who help us operate the Service, including hosting providers, database providers, storage providers, authentication providers, payment processors, email providers, AI processing providers, analytics providers, monitoring providers, customer support tools, security tools and professional advisers.

We may share data with third-party integrations where you ask us to connect or transmit data to those services. We may also disclose data where required by law, court order, regulator, law enforcement request, legal process or where necessary to protect our rights, users, systems or the public.

If Aurosource is involved in a merger, acquisition, financing, reorganisation, sale of assets or similar transaction, personal data may be disclosed as part of that transaction subject to appropriate safeguards.

12. International transfers

We aim to use UK or EEA hosting and processing locations where practical. Some service providers may process personal data outside the UK or EEA. Where this occurs, we will take steps designed to ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, the UK International Data Transfer Agreement or other lawful transfer mechanisms.

13. Data retention

We retain personal data for as long as reasonably necessary to provide the Service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, maintain security, support backups, improve the Service and protect our legitimate interests.

Retention periods vary depending on the nature of the data, your account status, legal requirements and operational needs. For example, account and billing records may be retained for tax and accounting purposes, while uploaded documents may be deleted following account closure or a verified deletion request, subject to backups and lawful retention needs.

Retention of certain third-party data may be limited by contractual obligations, and such data may be deleted, anonymised or restricted where required to comply with those obligations.

14. Security

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration and disclosure. These may include access controls, authentication, encryption in transit, restricted administrative access, audit logging, secure cloud infrastructure, monitoring and operational security controls.

No method of transmission or storage is completely secure. You are responsible for keeping your credentials secure, managing access to your account, reviewing connected integrations and notifying us promptly of suspected compromise.

We may monitor usage of the Service to detect misuse, including attempts to extract data in bulk or access data outside permitted use.

15. Your data protection rights

Subject to applicable law, you may have rights to access your personal data, request correction, request deletion, restrict processing, object to processing, request portability and withdraw consent where processing is based on consent.

You may also have the right to complain to the UK Information Commissioner’s Office or another relevant supervisory authority. We encourage you to contact us first so we can try to resolve your concern.

16. Marketing communications

We may send you service messages relating to your account, security, billing, product changes or operational matters. These are not marketing communications and you may not be able to opt out of them while using the Service.

Where permitted, we may send marketing communications about Aurosource products, features, updates and content. You can opt out of marketing emails using the unsubscribe link or by contacting us.

17. Cookies and similar technologies

We may use cookies and similar technologies for authentication, session management, security, preferences, analytics, performance monitoring and product improvement.

Where required by law, we will ask for your consent before using non-essential cookies. You can control cookies through your browser settings, although disabling certain cookies may affect the functionality of the Service.

18. Children

The Service is not intended for children and must not be used by individuals under 18. We do not knowingly collect personal data from children.

19. Organisational accounts and shared access

Where you use the Service as part of an organisation, administrator users may be able to manage access, invite users, remove users, view activity, manage billing and control certain data associated with the organisation.

If your access is provided by an organisation, that organisation may be responsible for certain decisions about the processing of your personal data. You should contact your organisation if you have questions about its use of the Service.

20. Deletion, exports and account closure

You may request deletion of your account or personal data by contacting us. We may need to verify your identity before acting on a request. Some data may be retained where required or permitted by law, including for legal, tax, accounting, security, backup, fraud prevention and dispute resolution purposes.

Where export functionality is available, you may export certain data from the Service. Export availability may depend on your plan, technical feasibility, third-party restrictions and applicable law.

Certain data, including third-party licensed data, may not be exportable or may be removed upon account closure where required by contractual or legal obligations.

21. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Where changes are material, we will take reasonable steps to notify you, such as by email, in-app notice or publication on our website. The “Last updated” date indicates when this policy was most recently revised.

22. Contact

Questions, requests or complaints about this Privacy Policy or our handling of personal data should be sent to: privacy@aurosource.uk.

Company: BTL PRO LIMITED (Company number 16861286)
Registered office: B1, Vantage Park, Old Gloucester Road, Hambrook, Bristol, United Kingdom, BS16 1GW