Privacy Policy
Last updated: 12 February 2026
Version: 2.1
1. Who We Are
Yarro Ltd provides workflow automation software designed to help property managers coordinate and resolve maintenance issues more efficiently.
This Privacy Policy explains how Yarro Ltd (“Yarro”, “we”, “us”, “our”) collects, uses, shares, and protects personal data. It also outlines the rights individuals have under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
Company name: Yarro Ltd
Company number: 16634091
Registered address:
2 Hurst Close
Over Hulton
Bolton
BL5 1DT
United Kingdom
Email for privacy enquiries:
privacy@yarro.ai
Supervisory authority:
Information Commissioner’s Office (ICO), United Kingdom
ICO registration number: ZB990388
We are registered with the Information Commissioner’s Office and operate under the laws of England and Wales.
2. Scope of This Policy
This Privacy Policy applies to:
• Visitors to our website (www.yarro.ai)
• Prospective and existing clients communicating with us
• Individuals whose data is processed through our services, including tenants, landlords, contractors, and property managers
In most cases Yarro acts as a data processor, processing personal data only on the instructions of our clients (the data controllers, typically letting agencies or property managers).
When individuals interact directly with Yarro — such as through our website, sales communications, or support channels — Yarro acts as the data controller.
3. Personal Data We Collect
Depending on how our services are used, we may process the following categories of personal data.
Contact information
• Name
• Email address
• Phone number
• Business contact details
Property and maintenance information
• Property addresses
• Maintenance issue descriptions
• Job status information
• Contractor quotes
• Photographs relating to maintenance issues or job completion
• Maintenance history records
Communication data
• WhatsApp messages
• Emails or other communications sent through the platform
• Message timestamps and related metadata
System and diagnostic data
• IP address
• Browser type and device information
• Basic system logs used for troubleshooting and security
We do not intentionally collect special category data (such as health data) or data specifically relating to children. If such information is included in communications sent through our services, it is processed only as necessary to provide the requested service.
4. How We Use Personal Data
We process personal data for the following purposes.
Providing the Yarro service
To enable communication workflows, automate maintenance coordination, triage maintenance issues, and facilitate communication between tenants, contractors, landlords, and property managers.
Customer support and troubleshooting
Authorised Yarro personnel may access limited service data where necessary to diagnose issues, provide support, or maintain system reliability.
Service improvement
We may analyse aggregated or anonymised operational data to improve system performance and reliability.
Communication with clients and prospects
To respond to enquiries, provide demonstrations, and communicate about our services.
Legal and regulatory obligations
To maintain records necessary for compliance with legal, financial, and regulatory requirements.
Marketing communications
Where permitted by law or with consent, we may send information about updates, products, or services. You can opt out of marketing communications at any time.
We do not use personal data for automated decision-making that produces legal or similarly significant effects.
5. AI Processing
Yarro uses artificial intelligence services to assist with operational tasks such as:
• classifying maintenance issues
• extracting structured information from messages
• assisting with message routing and workflow automation
Personal data may be temporarily transmitted to AI service providers for these purposes.
Data transmitted to AI service providers is processed only to perform the requested functionality. Yarro does not permit the use of client data to train shared AI models.
Yarro does not use client operational data to train shared AI models, build cross-client intelligence, or generate benchmarking insights without explicit consent. Client data remains under the control of the relevant data controller.
6. Lawful Bases for Processing
We rely on the following lawful bases under UK GDPR:
Contract
Processing necessary to perform contracts with our clients.
Legitimate interests
Operating and improving our services, communicating with customers, and maintaining system security, provided these interests are balanced against individuals’ rights.
Consent
Where required, such as for marketing communications.
Legal obligation
Where processing is required to comply with legal or regulatory obligations.
7. Sharing Personal Data
We share personal data only with trusted service providers who assist us in operating our platform. These providers act as sub-processors.
Current sub-processors include:
Supabase Inc. – database hosting and storage infrastructure (EU data region)
Vercel Inc. – application hosting and delivery infrastructure
Twilio Inc. – messaging infrastructure (SMS and WhatsApp delivery)
Meta Platforms, Inc. – WhatsApp Business messaging services
OpenAI, L.L.C. – AI processing services
Google LLC – business email and internal collaboration tools
An up-to-date list of sub-processors is maintained at:
We may also share personal data with regulators, legal advisers, or public authorities when required by law.
8. International Data Transfers
Some of our service providers operate outside the United Kingdom and the European Economic Area.
Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:
• Standard Contractual Clauses (SCCs)
• The UK International Data Transfer Addendum
• Other safeguards required under UK GDPR
9. Data Retention
We retain personal data only for as long as necessary to provide our services and comply with legal obligations.
Typical retention periods include:
Service data (maintenance records and communications)
Retained while the client account remains active and for up to 36 months after ticket closure, unless the client requests earlier deletion.
Client and contractual records
Retained for up to 7 years to comply with financial and legal obligations.
Marketing data
Retained until consent is withdrawn or an individual objects to processing.
Technical logs
Typically retained for up to 12 months for security and diagnostic purposes.
When services are terminated, personal data may be deleted or returned to the client in accordance with contractual agreements.
10. Your Data Protection Rights
Under UK GDPR individuals have the following rights:
Access – request a copy of personal data
Rectification – correct inaccurate or incomplete data
Erasure – request deletion of personal data
Restriction – request restriction of processing
Portability – receive data in a structured, commonly used format
Objection – object to processing based on legitimate interests or direct marketing
Automated decision-making rights
Requests can be made by contacting:
We aim to respond within one month.
Where Yarro acts as a data processor, requests relating to service data may need to be directed to the relevant client (the data controller).
11. Security
We implement appropriate technical and organisational measures to protect personal data, including:
• encrypted connections (HTTPS)
• secure database infrastructure and access controls
• authentication safeguards
• role-based access controls
• restricted internal access to service data
• system monitoring and logging
These measures are designed to prevent unauthorised access, loss, misuse, or alteration of personal data.
12. Data Breaches
If a personal data breach occurs, we will investigate the incident and take appropriate steps to contain and resolve it.
Where required by law, we will notify affected clients and relevant regulators in accordance with UK GDPR obligations.
13. Complaints
If you are unhappy with how we handle personal data, please contact us first at:
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
Website: www.ico.org.uk
Phone: +44 (0)303 123 1113
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal obligations.
The latest version will always be available at:
