Privacy Policy
Last updated: 11 May 2026
This policy explains how Venelo collects, uses, and protects personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Venelo is an AI-powered letting platform for property professionals, available at venelo.ai. For data protection matters, contact us at hello@venelo.ai.
2. What data we collect and from whom
Letting agencies and property professionals (our customers)
- Business name and contact details provided at registration
- Listing information: property details, photos, pricing, and availability
- Platform settings: notification preferences, viewing availability, WhatsApp recipient numbers
- Payment information — processed directly by Stripe; we never store card details
- Usage data: feature activity, entitlements, and platform logs
Tenants and property enquirers
- Name and WhatsApp number, submitted via the enquiry form
- Email address (optional, if provided)
- Enquiry details: move-in date, group size, budget, and property of interest
- Conversation content: messages exchanged with the Venelo Concierge AI via WhatsApp
- Qualification data: intent score, and viewing slot details if a booking is made
Tenant data is collected only with explicit GDPR consent, confirmed via a consent checkbox on the enquiry form before any data is submitted.
3. How we use your information
For letting agencies
- Providing and operating the Venelo platform — Concierge AI, Studio tools, listing management
- Processing payments and managing subscriptions via Stripe
- Sending transactional emails: confirmations, receipts, and viewing notifications via Resend
- Platform support and account administration
For tenants
- Operating the AI Concierge: answering property questions, qualifying enquiries, and proposing viewings
- Notifying the letting agency of confirmed viewings and pre-qualified lead summaries
- Sending one follow-up message (only once) on warm enquiries that have not responded after 24 hours
Tenant data is never used for marketing, profiling for third parties, or any purpose beyond facilitating the letting enquiry.
4. Legal basis for processing (UK GDPR)
- Consent — tenant personal data is processed on the basis of explicit consent given at enquiry submission
- Contract — agency account and billing data is processed to fulfil our subscription agreement with you
- Legitimate interests — platform security, fraud prevention, and service improvement
5. Third-party data processors
We work with the following processors, all bound by data processing agreements and instructed only by us:
- Google Cloud Platform (GCP) — infrastructure and data hosting. Servers in europe-west1 (Belgium, EU). Privacy information ↗
- Google Gemini AI — AI processing for listing copy and Concierge conversations. Data is not used to train Google's models. Terms ↗
- Meta (WhatsApp Business API) — delivery of Concierge messages. Conversation content passes through Meta's infrastructure. Privacy Policy ↗
- Stripe — payment processing and subscription management. Card data handled entirely by Stripe, never stored by Venelo. Privacy Policy ↗
- Resend — transactional email delivery. Privacy Policy ↗
6. Data retention
- Tenant conversation data — retained for 12 months from the date of last interaction, then automatically deleted
- Agency account data — retained for the duration of your subscription plus 6 months after cancellation
- Payment records — retained for 7 years in line with UK financial record-keeping requirements
- Listing data — retained while the listing is active; deleted on agency request
7. Your rights under UK GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you
- Erasure — request deletion of your personal data
- Rectification — correct inaccurate data we hold
- Restriction — limit how we process your data in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interests
- Withdraw consent at any time, without affecting the lawfulness of prior processing
To exercise any right, contact us at hello@venelo.ai. We will respond within 30 days.
Letting agencies can delete individual tenant leads and all associated conversation data directly from their lead inbox — this constitutes immediate fulfilment of a right-to-erasure request for that lead.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) ↗.
8. Data security
All data is transmitted over HTTPS. Our infrastructure runs on Google Cloud Platform in the EU (Belgium). Access to production systems is restricted to authorised personnel only. We do not store WhatsApp access tokens or Stripe card data in our database. Agency portal tokens are unique per account and should be treated as confidential credentials.
9. AI and automated processing
The Venelo Concierge is an AI system. Tenants are informed they are speaking with an AI in the opening message of every conversation — this disclosure is mandatory on all subscription tiers. The AI may assign an intent score to an enquiry (Hot / Warm / Browsing) to prioritise responses. This scoring is informational only and does not constitute an automated decision with legal or similarly significant effect. Letting agents review all interactions before any binding commitment is made.
Use of AI Concierge
Some tenant enquiries may be handled or triaged by the Venelo Concierge. The Concierge may use the information you provide — such as your name, contact details, enquiry details, viewing preferences and property questions — to respond to your enquiry, suggest viewing times, or pass your enquiry to the relevant property manager.
Where the Concierge cannot safely answer a question — including questions about tenancy terms, notice periods, legal rights or contract conditions — it may escalate the enquiry to the property manager for human review. You will not receive an automated answer on those matters.
10. Cookies
Venelo does not use tracking or advertising cookies. The platform uses only functionality essential to operating the service. No third-party analytics or advertising trackers are embedded on venelo.ai.
11. Changes to this policy
We may update this policy when we add new features, data types, or processors. The "Last updated" date at the top reflects any material changes. For significant changes, we will notify agency customers by email. Continued use of the platform after notification constitutes acceptance of the revised policy.
12. Contact
For all privacy enquiries, data access or deletion requests:
hello@venelo.ai
We aim to respond to all privacy requests within 5 business days.