Privacy Policy

Last updated: March 2025

This Privacy Policy explains how LettingDesk ("we", "us", "our") collects, uses, and protects your personal data when you use our platform. We are committed to handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

LettingDesk is a property management and accounting platform operated by [Company Name], registered in England and Wales. If you have questions about this policy, contact us at [email protected].

2. Data we collect

  • Account information: name, email address, and password (hashed) when you register.
  • Property and financial data: property addresses, transaction records, lease details, and documents you upload.
  • Usage data: pages visited, actions taken, and timestamps, used to improve the service.
  • Billing data: payment is handled by Stripe. We do not store card numbers. We receive billing status and subscription identifiers from Stripe.
  • Communications: messages you send via in-app support tickets or case threads.

3. How we use your data

  • To provide and maintain the LettingDesk service.
  • To process payments and manage subscriptions via Stripe.
  • To send transactional emails (account verification, invitations, billing updates).
  • To respond to support requests.
  • To comply with legal obligations.

4. Legal basis for processing

We process your data on the following bases under UK GDPR:

  • Contract: processing necessary to perform the service you have signed up for.
  • Legitimate interests: service improvement, security monitoring, and fraud prevention.
  • Legal obligation: where required by applicable law.
  • Consent: for optional communications such as product updates, where separately obtained.

5. Third parties

We share data with the following third-party services only to the extent necessary to operate the platform:

  • Stripe — payment processing. Stripe Privacy Policy
  • Email provider — transactional email delivery (e.g. SendGrid / Postmark).
  • Hosting (Heroku / Salesforce) — server infrastructure located within the EU/UK.
  • Error tracking (Sentry) — optional, used to diagnose application errors.

We do not sell your data to third parties.

6. Data retention

We retain your data for as long as your account is active. If you close your account, we will delete or anonymise your personal data within 90 days, except where retention is required to comply with legal obligations (for example, financial records under HMRC requirements).

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
  • Object to or restrict certain processing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies

LettingDesk uses a session cookie to keep you logged in. We do not use tracking or advertising cookies. No third-party analytics scripts are loaded.

9. Security

We use HTTPS for all data in transit, store passwords using industry-standard hashing, and restrict access to personal data to authorised staff only. We will notify you of any breach affecting your data as required by law.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or an in-app notice. Continued use of the service after changes constitutes acceptance.

Questions? Email [email protected]