Privacy policy.

PRIVACY POLICY Last updated June 10, 2026

1. Introduction

This Privacy Policy explains how Amoka Limited (“we”, “us”, “our”, or “Amoka”) collects, uses, stores, shares and protects personal information about you when you interact with us. It applies to information collected through our website at https://www.amoka.co.uk, our lead-generation forms on Meta platforms (Facebook and Instagram), our newsletter, our WhatsApp Business communications, our Calendly booking flow, and any other interaction you have with us in connection with our property services.

Amoka is a real estate consultancy and design practice. Our services span UK off-plan property investment, residential and commercial estate agency (buy and sell), property management, and interior design. Our particular focus is on cross-border investors and clients building or diversifying UK property portfolios. Our co-founder and Director, Sawan Ruparel, is a Chartered Surveyor regulated by the Royal Institution of Chartered Surveyors (RICS). Our co-founder Gurtej Kaur leads our interior design practice and brings experience from leading global real estate consultancies. Amoka Limited is registered in England and Wales.

If you do not agree with how we handle your personal information as described in this Privacy Policy, please do not use our services or provide us with your personal information.

2. Who we are and how to contact us

Amoka Limited is the data controller of the personal information described in this Privacy Policy. Our contact details:

  • Company: Amoka Limited, registered in England and Wales.

  • Correspondence address: C/O Apex Accountancy, Office Suite 134, 4 Longwalk Road, Stockley Park, Uxbridge, England, UB11 1FE.

  • General enquiries: info@amoka.co.uk

  • Phone: 020 8432 4697

  • Data Protection contact: Sawan Ruparel, Director (MRICS), at sawan.ruparel@amoka.co.uk

  • ICO registration reference: 00013132411

If you have any questions about this Privacy Policy or how we handle your information, please use the Data Protection contact above. You also have the right to make a complaint to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

3. What personal information we collect

We collect personal information that you provide to us directly, and a small amount of information automatically when you use our digital services. The categories below are exhaustive of the information we routinely process.

Information you provide to us

  • Identity data: first name, last name, salutation.

  • Contact data: email address, telephone number, mobile number, country of residence.

  • Investor profile data: budget range, investment timeline, prior UK property ownership status, preferred locations, response to qualification questions on our Meta Instant Forms.

  • Communication content: emails, WhatsApp messages, SMS, call notes you provide during conversations with us or our partners.

  • Booking data: when you book a call through our Calendly link, Calendly captures your name, email, time zone, and any notes you include.

  • Newsletter and marketing consent: your selections in our subscription forms, and any opt-out actions you take subsequently.

Service-specific information

  • Estate agency clients: property details, viewing preferences, sale particulars, references for prospective tenants where applicable, identity and proof-of-address documents for AML/KYC, and information about your wider property portfolio if relevant.

  • Property management clients: tenant details, rental income data, maintenance records, supplier invoices, and any other information necessary to manage the property on your behalf.

  • Interior design clients: design brief, room measurements and floor plans, style preferences, budget, supplier and product preferences, photographs of the space, and where applicable lifestyle information relevant to the design brief.

Information we collect automatically

  • Technical data: IP address, browser type, device type, operating system, referring URL, pages visited on our website, time and date of visits.

  • Cookie data: information stored via cookies and similar tracking technologies on our website. See our Cookie Policy for detail.

Information we receive from third parties

  • From Meta Platforms: when you submit one of our Meta Lead Ad forms, Meta provides us with the information you entered into that form.

  • From Zoho Marketing Automation: engagement data on emails sent to you (opens, clicks, unsubscribes).

  • From WhatsApp: delivery and read status of WhatsApp Business messages sent to you.

  • From our calling partner (AMA): outcomes and notes from qualification calls placed on our behalf.

Automated assistant: if you contact us via the WhatsApp link on our website, your messages may be answered by our digital assistant (provided through Zoho SalesIQ), which always identifies itself as such. The assistant records your responses in our CRM so we can respond to your enquiry, and a member of our team can take over the conversation at any time on request.

We do not collect sensitive personal information (special category data under UK GDPR Article 9) such as health, race, religion, or sexual orientation. Some of our financing-related signposting may discuss Sharia-compliant financing for investors who require it, but we do not record religious affiliation.

4. How we use your personal information (legal bases)

Under UK GDPR we must have a valid legal basis to process your personal information. We rely on four legal bases, depending on the purpose:

4.1 Consent

We rely on consent for direct marketing communications by email, WhatsApp, and SMS. When you subscribe to our newsletter, submit a Meta Lead Ad form which states that submission constitutes consent to be contacted, or otherwise tick a consent box, we treat that as your consent to receive related communications.

You can withdraw consent at any time. The mechanisms are described in Section 9 (Your rights). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

4.2 Legitimate interests

We rely on legitimate interests for:

  • Following up on enquiries you have made about our services.

  • Improving our website, services, and marketing effectiveness.

  • Managing our business operations and internal record-keeping.

  • Preventing fraud and ensuring the security of our systems.

  • Analysing how you interact with our communications (for example, opens and clicks) to score the likely relevance of our services to you and to prioritise our follow-up. This does not produce legal or similarly significant effects for you, and you may object at any time.

In each case we have considered whether our legitimate interest is outweighed by your rights and freedoms. If you would like to understand how we have made that assessment for a specific processing activity, please contact us.

4.3 Performance of a contract

Where you become a paying client of Amoka, we rely on contract performance to process information necessary to deliver the services we have agreed to provide, including making introductions to our network of solicitors, surveyors, financiers, FX specialists, and property managers.

4.4 Legal obligation

We rely on legal obligation to process information for anti-money-laundering (AML) and Know-Your-Customer (KYC) compliance under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, and to retain records for the periods required by HM Revenue & Customs and Companies House.

5. Who we share your personal information with

We share your personal information only with the third parties listed below, and only where necessary for the purposes described. We do not sell your personal information.

5.1 Service providers acting as processors on our behalf

  • Zoho Corporation (UK / EU): provides our CRM, Marketing Automation, email, calendar, and live chat systems, including the Zoho SalesIQ platform that powers our website and WhatsApp digital assistant. Personal information you provide may be stored on Zoho servers in the EU. zoho.com/privacy.html

  • Meta Platforms (Facebook, Instagram, WhatsApp): provides our Lead Ads forms (capturing form submissions), and the WhatsApp Business platform we use for messaging. Meta is also a joint controller for lead-ad data with us. We also share limited information with Meta through its Conversions API, in the form of hashed contact identifiers and the status of your enquiry, to measure and improve the relevance of our advertising. This information is matched by Meta against its own records and is not used by us to make decisions about you. facebook.com/privacy/policy

  • Calendly: provides our call-booking service. When you book a call, your booking details are stored with Calendly. calendly.com/pages/privacy

  • Squarespace: provides our website hosting and newsletter signup form. squarespace.com/privacy

  • HubSpot: where applicable, our calling and CRM partner AMA uses HubSpot to track calls and outcomes; we sync call results between HubSpot and our Zoho CRM. legal.hubspot.com/privacy-policy

  • Property portal listing providers (including 99 Homes): where we are instructed to list a property for sale or to let, we use third-party portal providers such as 99 Homes (the99homes.co.uk) to publish listings to major UK property portals including Rightmove, Zoopla, OnTheMarket, and their partner sites. Property details, photographs, floor plans, EPCs, and where applicable vendor contact information are shared with the provider and onward with the portals so prospective buyers and tenants can enquire. The portals operate as separate data controllers in respect of the personal information of enquirers, and their own privacy notices apply on their sites.

  • Off-plan master agents and developers: where we source off-plan property opportunities, we share your contact information, reservation form details, identity documents, proof of address, and source of funds evidence with the master agent appointed by the developer for the relevant scheme, and onward with the developer and the developer’s solicitors. The master agent and the developer’s solicitor are responsible for the customer due diligence checks required under the Money Laundering Regulations 2017; Amoka relies on those checks for the purposes of facilitating the introduction. Each master agent, developer, and developer’s solicitor acts as a separate data controller and operates under its own privacy notice, which we will signpost on request.

  • Veriphy (Eligo Group Limited): provides our regulated AML customer due diligence platform. Where Amoka is required to perform CDD as estate agent on a transaction, identity documents, proof of address, screening results (sanctions, PEP), and source of funds evidence are processed through Veriphy on our behalf and retained in line with MLR 2017 record-keeping requirements. veriphy.co.uk

  • Back-office property management partner: we may use a third-party back-office partner to support delivery of our property management services. The partner operates under contract with Amoka, under Amoka’s direction, and under the Amoka brand, and acts as a data processor on our behalf in respect of any personal information shared with them about a landlord, tenant, or property. The identity of the partner is treated as commercially confidential.

  • AMA (our calling partner): AMA receives lead contact details to make qualification calls on our behalf. AMA is a separate company bound by contract to handle personal information in accordance with UK GDPR.

  • Apex Accountancy: provides our accountancy services and registered correspondence address.

  • Google: where website analytics or advertising pixels are used, we rely on Google Analytics or Google Ads, which receive anonymised or pseudonymised information about your interactions with our site.

5.2 Professional advisors

When you engage us as a client, we may share your information with carefully selected third-party professionals you have asked us to introduce you to, including solicitors, mortgage brokers, surveyors, FX specialists, accountants, insurance providers, and property managers. We share only what is necessary for the introduction and the engagement.

5.3 Legal and regulatory disclosures

We may disclose your personal information where required by law, including to HMRC, law enforcement, regulators (such as the Information Commissioner’s Office or RICS), or courts. We may also disclose information to enforce our legal rights or to protect the rights, property, or safety of Amoka, our clients, or others.

5.4 Business transfers

If Amoka is involved in a merger, acquisition, restructuring, or sale of assets, your personal information may be disclosed to the relevant counterparties under appropriate confidentiality arrangements

6. International transfers

Some of the service providers listed in Section 5 process personal information outside the United Kingdom and the European Economic Area. Where this happens we rely on UK Government adequacy decisions or, where these do not apply, on Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA). These mechanisms ensure your information receives a level of protection essentially equivalent to UK GDPR.

7. How long we keep your information

We keep personal information only for as long as we have a lawful purpose to retain it. The principal retention periods are:

  • Marketing contacts (newsletter subscribers, leads): for as long as you remain subscribed and engaged. If you have not opened any of our communications for 24 months, we will either re-engage or suppress your record.

  • Client records (active relationship): for the duration of the engagement and for six years afterwards, in line with HMRC requirements and contractual limitations periods.

  • AML/KYC records: five years after the end of a business relationship, as required by the Money Laundering Regulations 2017.

  • Website analytics: up to 26 months for Google Analytics data, then automatically deleted.

  • WhatsApp Business messages: stored for the duration of the active conversation and up to 12 months after the last interaction, then archived in line with Zoho data retention.

Where we have no remaining lawful basis to keep your information, we will delete or anonymise it, or, where this is not technically possible (for example because of backup archives), securely isolate it from further processing until deletion is possible.

8. How we protect your information

We have implemented organisational and technical security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. These include access controls, multi-factor authentication for staff accounts, encryption in transit (HTTPS, TLS), encryption at rest where supported by our processors, and regular review of who has access to what.

No internet transmission is ever fully secure. While we take security seriously, we cannot guarantee absolute security of information transmitted to or stored on our systems.

9. Your rights under UK GDPR

You have the following rights in relation to your personal information:

  • Right of access: request a copy of the personal information we hold about you.

  • Right of rectification: request correction of any information we hold that is inaccurate or incomplete.

  • Right of erasure (right to be forgotten): request deletion of your personal information, subject to legal obligations that may require us to retain it.

  • Right to restrict processing: request that we limit how we use your information.

  • Right to data portability: request a copy of your information in a structured, machine-readable format.

  • Right to object: object to processing carried out on the basis of legitimate interests or for direct marketing.

  • Right to withdraw consent: withdraw any consent you have given for processing, at any time.

  • Right to complain: complain to the Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your information lawfully.

9.1 How to exercise your rights

To exercise any of these rights, please contact our Data Protection contact, Sawan Ruparel, at sawan.ruparel@amoka.co.uk. We will respond within one calendar month of receiving your request, in line with UK GDPR Article 12.

9.2 Opting out of marketing

You can opt out of our marketing communications at any time using these methods:

  • Email: click the “unsubscribe” link in the footer of any marketing email we send. You will be removed from all email marketing within seven days.

  • WhatsApp: reply with the word STOP, OPT OUT, UNSUBSCRIBE, or REMOVE. We will cease WhatsApp messaging to you within 48 hours.

  • SMS: reply with STOP.

  • Phone or written request: contact us using the details in Section 2 and we will action your request manually.

Note that even after opting out of marketing, we may still send you essential service communications related to an active client engagement (for example, exchange and completion-related correspondence). These are not marketing communications.

10. Cookies and tracking technologies

Our website uses cookies and similar tracking technologies for essential functionality, analytics, and marketing measurement. Cookies are managed via Squarespace’s cookie banner on your first visit, where you can accept or decline non-essential cookies.

Categories of cookies we use:

  • Strictly necessary cookies: required for the website to function. These cannot be disabled.

  • Analytics cookies: Google Analytics (or similar) to understand how visitors use our website. Anonymised by default.

  • Marketing cookies: Meta Pixel and similar tags to measure the effectiveness of our advertising and to retarget visitors with related advertising on Meta platforms. Only set if you accept marketing cookies.

You can change your cookie preferences at any time by clearing your browser cookies for amoka.co.uk and revisiting the site.

11. Children’s privacy

Our services are not directed at children, and we do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from a person under 18, we will delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of the page indicates when the policy was last revised. If we make material changes, we will notify you by email (if you are an active subscriber or client) or by a prominent notice on our website. Your continued use of our services after the changes take effect constitutes acceptance of the updated policy.

13. How to contact us

If you have any questions, requests, or complaints about this Privacy Policy or our handling of your personal information, please contact:


Sawan Ruparel, MRICS
Director and Data Protection Contact
Amoka Limited
C/O Apex Accountancy, Office Suite 134, 4 Longwalk Road, Stockley Park, Uxbridge, UB11 1FE
Email: sawan.ruparel@amoka.co.uk
General enquiries: info@amoka.co.uk
Phone: 020 8432 4697

If you are unhappy with our response, you have the right to complain to the Information Commissioner’s Office: ico.org.uk.