Renoject Investor Portal
Privacy notice
How Renoject collects, uses and protects your personal data when you use this portal. Last updated July 2026.
/Who we are
Renoject ("we", "us") operates this invite-only portal so that our investors and project team can follow property projects, share documents and communicate securely. For the purposes of UK data protection law (the UK GDPR and the Data Protection Act 2018), Renoject is the data controller for the personal data processed in this portal.
/What we collect
We only collect what the portal needs to work:
- Account details — your name, email address, phone number (if you provide one) and profile photo.
- Investment information — details of the projects linked to your account, including financial figures relating to your investment.
- Content you create — messages, comments and documents you upload or receive through the portal.
- Security and usage records — sign-in times, two-factor authentication status and an audit trail of sensitive actions (for example when financial data is viewed or documents are exported).
We do not use advertising trackers, and we do not sell or share your data for marketing purposes.
/Why we use it
- To perform our contract with you — providing progress updates, documents and messaging for your investment projects.
- Legitimate interests — keeping the portal secure, preventing unauthorised access, and maintaining audit records of sensitive activity.
- Legal obligations — retaining records we are required to keep, for example for tax, accounting or anti-money laundering purposes.
Email notifications are sent according to your preferences, which you can change at any time in Settings. Essential service emails (such as password resets) are always sent.
/Who can see your data
Access inside the portal is strictly role-based. Your investment financials are visible only to you and Renoject's senior team; site and field staff never see investor contact details or financial figures. We use a small number of trusted service providers to run the portal (secure hosting, database and email delivery), each bound by contract to process data only on our instructions. Where a provider stores data outside the UK, we ensure appropriate safeguards such as the UK International Data Transfer Agreement or UK Addendum are in place.
/How long we keep it
- Account and project records are kept for the life of your relationship with Renoject, and then for up to 6 years to meet legal and regulatory obligations.
- Messages, comments and notifications are retained while your account is active.
- Security and audit logs are retained for up to 2 years.
- When your account is closed, we delete or anonymise personal data that we are not legally required to retain.
/Your rights
Under the UK GDPR you have the right to:
- access a copy of the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased where there is no lawful reason for us to keep it;
- restrict or object to certain processing;
- receive your data in a portable format; and
- complain to the Information Commissioner's Office (ICO) at ico.org.uk if you are unhappy with how we handle your data.
To exercise any of these rights, contact us using the details below — we respond within one month.
/Security
All data is encrypted in transit and at rest. Access requires an individual invited account, and two-factor authentication is enforced for Renoject staff with administrative access. Documents and photos are stored privately and served only through short-lived signed links.
/Contact
Questions about this notice or your data? Contact the Renoject team at privacy@renoject.co.uk or through your usual Renoject contact.