Privacy Policy

1. Introduction

Welcome to Landlord Guard ("we," "our," or "us"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our property management and compliance tracking service (the "Service").

This Privacy Policy should be read in conjunction with our Terms of Service. By using our Service, you agree to the collection and use of information in accordance with this policy.

Landlord Guard is the data controller for the personal data we collect about you. We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide to Us

When you create an account and use our Service, we collect the following information:

• Account Information: Email address, password (encrypted), first name, last name, and phone number
• Property Information: Property addresses, postcodes, property types, number of bedrooms, notes, and other property details you choose to enter
• Compliance Data: Compliance certificate information, due dates, renewal frequencies, reminder preferences, and related notes
• Documents: Certificates, documents, and files you upload to the Service
• Payment Information: Billing details processed securely through our payment provider (Stripe). We do not store complete credit card numbers on our servers

2.2 Information Automatically Collected

When you use our Service, we automatically collect certain information:

• Usage Data: Information about how you interact with the Service, including pages visited, features used, and actions taken
• Device Information: Browser type, operating system, IP address, device identifiers, and general location information
• Log Data: Server logs, error reports, and diagnostic information
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your experience (see Section 9)

2.3 Information from Third Parties

We may receive information from third-party services we use to provide the Service:

• Authentication Data: Authentication tokens and session information from Supabase
• Payment Data: Payment confirmations, transaction details, and subscription status from Stripe
• Email Delivery Data: Email delivery status, bounce notifications, and engagement metrics from Resend

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 To Provide and Maintain the Service

• Create and manage your account
• Store and organize your property and compliance data
• Process and store documents you upload
• Calculate compliance deadlines and track status
• Enable you to access and manage your information

3.2 To Communicate with You

• Send automated email reminders for compliance deadlines
• Send account verification and password reset emails
• Provide customer support and respond to your inquiries
• Send transactional emails related to your subscription and payments
• Send important service updates and security notifications
• Send marketing communications (with your consent, which you can withdraw at any time)

3.3 To Process Payments

• Process subscription payments through Stripe
• Manage billing cycles and payment methods
• Handle refunds and payment disputes
• Track subscription status and payment history

3.4 To Improve and Develop the Service

• Analyze usage patterns to improve features and user experience
• Monitor and troubleshoot technical issues
• Develop new features and functionality
• Conduct research and testing

3.5 For Security and Legal Compliance

• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service
• Comply with legal obligations and respond to lawful requests
• Protect our rights and the rights of other users

3.6 Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the Service you've subscribed to
• Legitimate Interests: Improving our Service, ensuring security, and conducting business operations
• Consent: Marketing communications and optional features (you can withdraw consent at any time)
• Legal Obligation: Compliance with applicable laws and regulations

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Third-Party Service Providers

We work with trusted third-party service providers who help us deliver the Service:

• Supabase: Provides database hosting, authentication, and file storage infrastructure. Your data is stored on Supabase's secure servers.View Supabase Privacy Policy →
• Stripe: Processes subscription payments and manages billing. Stripe handles payment information securely according to PCI DSS standards.View Stripe Privacy Policy →
• Resend: Sends transactional and reminder emails on our behalf. Email addresses and message content are processed by Resend.View Resend Privacy Policy →

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government agencies).

4.3 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.

4.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

5. Data Storage and Security

5.1 Where We Store Your Data

Your data is stored using Supabase's infrastructure. Supabase may store data in multiple locations for redundancy and performance. Data centers are located in secure facilities with appropriate technical and organizational measures.

5.2 How We Protect Your Data

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using AES encryption
• Access Controls: Strict access controls ensure only authorized personnel and systems can access your data
• Authentication: Secure authentication through Supabase with password hashing and session management
• Regular Security Audits: We conduct regular security reviews and updates
• Row Level Security (RLS): Database policies ensure users can only access their own data

5.3 Data Security Limitations

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

6.1 Active Accounts

We retain your personal data for as long as your account is active or as needed to provide you with our services. This includes:

• Account information and profile data
• Property details and compliance documentation
• Support tickets and communications history
• Service usage data and activity logs

6.2 Canceled Accounts

When you cancel your subscription, we retain your account data for 30 days after the subscription ends. After 30 days, your account and associated personal data are automatically and permanently deleted. We retain data for this period to:

• Allow you to reactivate your subscription and recover your data
• Complete any pending transactions or support requests
• Comply with legal obligations (e.g., tax records, payment history)
• Resolve disputes and enforce our agreements
• Prevent fraud and abuse

6.3 Past Due Accounts

If your account remains in a "past due" status for 30 consecutive days due to failed payment, your account and all associated data will be permanently deleted. We will make reasonable efforts to notify you via email before deletion occurs.

6.4 User-Requested Deletion

You may request deletion of your account and personal data at any time through your account settings or by contacting us (see Section 7 on Your Rights). When you request deletion:

• We provide a 7-day grace period during which you can cancel your deletion request
• After the grace period, your account and personal data are permanently deleted within 30 days
• Your subscription (if active) is cancelled immediately when deletion is processed
• You will receive confirmation once deletion is complete

6.5 Financial Records

In accordance with UK tax law and accounting regulations, we retain certain financial records for 7 years after the end of the relevant tax year. This includes:

• Payment transaction records
• Subscription history and invoices
• VAT-related documentation

These records are stored securely in our payment processor's systems and are only accessible for audit and compliance purposes. Personal identifiers in these records may be anonymized where legally permissible.

6.6 What Gets Deleted

When your account is deleted (either automatically or by request), the following data is permanently removed:

• All personal information (name, email, address)
• Property information and compliance documents
• Support tickets and communications
• User preferences and settings
• Activity logs and usage data
• Any exported data files you generated

6.7 Legal Basis for Retention

We retain data based on the following legal grounds:

• Contractual Obligation: To fulfill our service agreement with you
• Legal Obligation: To comply with UK tax, accounting, and regulatory requirements
• Legitimate Interests: To prevent fraud, resolve disputes, and improve our services

6.8 Automated Deletion Process

We use automated systems to ensure data is deleted according to our retention policies. These systems run daily to:

• Identify accounts that have reached the end of their retention period
• Process pending deletion requests after the grace period expires
• Permanently remove data from our systems
• Clean up temporary files and expired data exports

This automated approach ensures consistent and timely data deletion in accordance with GDPR requirements.

7. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights regarding your personal data:

7.1 Right of Access

You have the right to request a copy of the personal data we hold about you. You can access most of your data directly through your account dashboard.

7.2 Right to Rectification

You have the right to correct inaccurate or incomplete personal data. You can update most information directly in your account settings.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data. You can delete your account through your account settings or by contacting us. We will delete your data within 30 days, subject to any legal retention requirements.

7.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of data or assess the legitimacy of our processing.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. You can export your data through your account dashboard.

7.6 Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis. You also have the right to object to marketing communications at any time.

7.7 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

7.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@landlordguard.co.uk. We will respond to your request within 30 days.

8. Children's Privacy

Our Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies to enhance your experience and improve our Service.

9.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function, including authentication and session management. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings to provide enhanced features.
• Analytics Cookies: Help us understand how you use the Service so we can improve it.

9.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. However, if you disable essential cookies, you may not be able to use all features of the Service.

10. International Data Transfers

Some of our third-party service providers (Supabase, Stripe, Resend) may process data outside the United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK authorities
• Adequacy decisions recognizing equivalent data protection standards
• Compliance with applicable data protection frameworks

11. Third-Party Links and Services

Our Service may contain links to third-party websites, services, or resources. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date at the top of this policy
• Sending you an email notification for significant changes

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

13. Data You Control as a Data Controller

When you use our Service to store information about your properties, tenants, or other individuals, you may be acting as a data controller for that information. You are responsible for:

• Ensuring you have a lawful basis to collect and process such information
• Complying with data protection laws in your use of the Service
• Providing appropriate privacy notices to individuals whose data you process
• Responding to data subject requests from those individuals
• Ensuring the accuracy of the information you store

We act as a data processor for this information and process it only according to your instructions through your use of the Service.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.

15. Summary of Key Points

16. Acknowledgment

By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.