Privacy

Privacy for a housing communication platform

Sicket is designed with GDPR-first principles for housing communication workflows. This page summarizes how we handle personal data on the marketing site and in the Sicket product.

Last updated: April 16, 2026

Roles and scope

For the public marketing website at sicket.app, Sicket acts as controller for the small amount of personal data submitted through contact forms, cookies, and privacy-friendly analytics where consent applies.

For customer data processed inside the Sicket product, Sicket generally acts as processor on behalf of the housing organization using the platform, while each customer remains responsible for its own resident communication and legal basis.

What data we process

  • Contact form details such as name, work email, organization name, portfolio size, and the message you send us.
  • Basic website analytics and cookie preferences where you have consented to them.
  • Inside the product, account details, organization and building memberships, tickets, comments, announcements, news posts, invitations, and account or session activity.
  • Anonymous tickets are masked from other tenants in the product, but they are not anonymous to Sicket staff, platform administrators, or internal systems required to operate the service.

AI-assisted features

Some Sicket features use AI assistance, including ticket priority and category assessment, similar-ticket retrieval, draft reply support, self-service answer support, and recurring pattern detection.

For those features, Sicket may send a minimized subset of ticket content and metadata to the OpenAI API as a processor for Sicket. The consumer ChatGPT product is not used for production ticket processing.

OpenAI states that API data is not used to train OpenAI models by default unless data sharing is explicitly enabled. Depending on the API controls available for the project, limited abuse-monitoring logs may still be retained for a short period.

How we reduce risk

  • We restrict production data access to authorized personnel only.
  • We minimize the fields sent to AI services wherever the feature allows it.
  • We preserve operational records only as long as needed for the service, legal obligations, audit, and dispute handling.
  • We support masking, redaction, lifecycle controls, and GDPR erasure workflows inside the product.

Retention, responsibilities, and privacy rights

Do not include unnecessary sensitive information in tickets or announcements. Where possible, describe the situation without health data or other special-category personal data.

Sicket includes privacy rights workflows, configurable retention settings, and auditability features inside the product. Customers can request a DPA and can contact us regarding access, correction, restriction, deletion, export, or objection requests at [email protected].

We aim to keep data only as long as it is needed for contractual, legal, support, or security purposes.

Email communications and consent

Sicket explains its product-email categories, consent approach, and in-app preference controls on the Email communications page. That includes operational announcement categories, news and newsletter preferences, and the separate opt-in for Sicket product updates.