Skip to content
Lettings Compliance Tracker

Last updated: February 11, 2026

Privacy Policy

Introduction

Lettings Compliance Tracker is a UK-based SaaS platform for managing property compliance. This Privacy Policy explains how we collect, use, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

The data controller responsible for your personal data is:

Kieran Townsend, trading as Lettings Compliance Tracker
Email: admin@lettings-compliance.com

Information We Collect

Account information such as your name and email address.

Property data including addresses, compliance dates, and uploaded documents.

Payment information is processed by Stripe. We do not store full card details.

Anonymous performance metrics collected via Vercel Speed Insights (web vitals such as page load times). This data contains no personal information and cannot identify individual users.

How We Use Your Information

  • Provide and operate the service.
  • Send compliance reminder emails and account notifications.
  • Process payments and manage subscriptions.
  • Monitor and improve platform performance using anonymous metrics.

Legal Basis for Processing (UK GDPR)

  • Contract performance — to deliver the service you signed up for, including sending transactional emails (reminders, account notifications).
  • Legitimate interests — to monitor and improve platform performance and security.

We do not send marketing emails. All emails are transactional and necessary for the operation of the service.

Data Storage & Security

Data is stored in Supabase (hosted in the EU). We use TLS for encryption in transit and encryption at rest. Documents are stored in Supabase Storage with row-level security policies.

Internal Access to Your Data

A limited number of authorised personnel within our organisation may access your account and property data where necessary for the following purposes:

  • Responding to support requests you have raised.
  • Diagnosing and resolving technical issues affecting your account.
  • Ensuring the continued operation and security of the platform.

Access is limited to what is necessary for the task at hand and is subject to our internal data handling procedures. All significant administrative actions are recorded in an audit log. We do not access your data for marketing, profiling, or any purpose unrelated to delivering and maintaining the service.

International Data Transfers

Some of our third-party service providers are based in the United States. Where personal data is transferred outside the UK, these transfers are protected by the UK International Data Transfer Agreement (UK IDTA) and/or Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office. The specific providers and their locations are listed in the Third-Party Services section below.

Data Retention

We retain your data as follows:

  • Account and property data — retained while your account is active.
  • After account deletion — all personal data is deleted within 30 days of your deletion request.
  • Payment records — Stripe retains payment data in accordance with their own retention policy and legal obligations.
  • Transactional email logs — retained by Resend for up to 30 days.

Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights:

  • Right to access — request a copy of your personal data.
  • Right to rectification — correct inaccurate data.
  • Right to erasure — request deletion of your data.
  • Right to restrict processing — limit how we use your data.
  • Right to data portability — receive your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests.

You can exercise your rights to data portability and erasure directly from your account settings page, or by contacting us at the email address below.

Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

Third-Party Services

We use the following third-party data processors:

ServicePurposeLocation
SupabaseDatabase, authentication, and file storageEU
StripePayment processing and subscription managementUS
ResendTransactional email delivery (reminders, notifications)US
VercelHosting, deployment, and Speed Insights (anonymous performance metrics)US
Google AnalyticsAnonymous website usage analytics (only with your consent)US

Cookies

We use essential cookies for authentication and optional analytics cookies (Google Analytics) with your consent. We do not use advertising cookies. For full details, see our Cookie Policy.

Children's Privacy

This service is not intended for individuals under the age of 18.

Changes to This Policy

We will notify users via email of material changes to this policy.

Contact Us

Email: admin@lettings-compliance.com

Back to Dashboard