Privacy Policy

1. Introduction

ProperLet Ltd (“we”, “our”, “us”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our selective licensing monitoring services.

ProperLet is a B2B SaaS platform that helps UK letting agents, property managers, and landlords monitor selective licensing boundaries and maintain compliance with their legal obligations.

This policy explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Account Information

When you register for ProperLet, we collect:

• Full name
• Email address
• Company name
• Job title or role
• Account password (stored securely using industry-standard encryption)
• Telephone number (if provided)

Lawful Basis: Performance of a contract (providing you with access to our services)

2.2 Property Data

To provide our monitoring services, we collect:

• Property addresses and postcodes for properties you wish to monitor
• Property reference identifiers (if you provide them)
• Notes or tags you add to properties within the platform

Lawful Basis: Performance of a contract (providing the boundary monitoring service you've purchased)

2.3 Usage Data

We automatically collect information about how you use our platform:

• Pages visited and features used
• Time spent on different sections
• Actions taken within the platform
• Device information (browser type, operating system, device type)
• IP address and approximate geographic location
• Referring website or source

Lawful Basis: Legitimate interests (improving our service, understanding user behaviour, and detecting security issues)

2.4 Payment Information

We process subscription payments through Stripe, our payment processor:

• Billing address
• Payment method details (card brand and last 4 digits only)
• Transaction history

Lawful Basis: Performance of a contract (processing your subscription payments)

2.5 Communication Data

When you contact us or we communicate with you:

• Email correspondence
• Support ticket messages
• Feedback and survey responses
• Marketing communication preferences

Lawful Basis:

• Performance of a contract (customer support)
• Legitimate interests (improving our services, responding to enquiries)
• Consent (for marketing communications, which you can withdraw at any time)

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Delivery

• Creating and managing your account
• Monitoring selective licensing boundaries for your specified properties
• Sending alerts when properties fall within licensing zones
• Providing access to our platform and features
• Processing your subscription payments

3.2 Communication

• Sending service-related notifications and updates
• Responding to your enquiries and support requests
• Sending important account or service changes
• Marketing communications (only with your consent, which can be withdrawn)

3.3 Service Improvement

• Analysing how users interact with our platform
• Identifying and fixing technical issues
• Developing new features and improvements
• Conducting research and analysis on user behaviour

3.4 Legal and Security

• Complying with legal obligations
• Enforcing our Terms of Service
• Detecting and preventing fraud or abuse
• Protecting the security and integrity of our platform

4. Data Sharing and Third Parties

We share your personal data only in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who process data on our behalf:

4.2 Legal Requirements

We may disclose your personal data if required by law, regulation, legal process, or governmental request, or to:

• Comply with applicable laws or respond to valid legal processes
• Protect the rights, property, or safety of ProperLet, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Enforce our Terms of Service

4.3 Business Transfers

If ProperLet is involved in a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring organisation. We will notify you of any such change and the choices you may have.

5. International Data Transfers

While we primarily use UK-based hosting, some of our service providers (notably Posthog for analytics) may process data outside the United Kingdom, including in the United States.

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
• Adequacy decisions where the destination country is deemed to provide adequate protection
• Binding Corporate Rules or other approved transfer mechanisms

You have the right to request information about the safeguards we have in place for international transfers.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

After the retention period expires, we securely delete or anonymise your personal data. You can request earlier deletion by exercising your right to erasure (see Section 8).

7. Data Security

We implement industry-standard security measures to protect your personal data:

7.1 Technical Measures

• Encryption in transit: All data transmitted using TLS/SSL encryption (HTTPS)
• Encryption at rest: Database and file storage encrypted
• Password protection: Passwords hashed using bcrypt or similar algorithms
• Access controls: Role-based access with principle of least privilege
• Regular security updates: Systems and dependencies kept up to date

7.2 Organisational Measures

• Staff training: All team members trained on data protection
• Limited access: Personal data accessible only to authorised personnel
• Vendor assessment: Third-party processors vetted for security practices
• Incident response: Procedures in place for detecting and responding to breaches

7.3 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware
• Notify affected individuals without undue delay if there is a high risk
• Document the breach and our response measures

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

8.1 Right of Access

You can request a copy of the personal data we hold about you. We will provide this free of charge within one month of your request.

8.2 Right to Rectification

You can ask us to correct inaccurate or incomplete personal data. You can also update most information directly through your account settings.

8.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data in certain circumstances:

• The data is no longer needed for the purposes it was collected
• You withdraw consent (where consent was the lawful basis)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Legal obligations require deletion

8.4 Right to Restriction of Processing

You can request we limit how we use your data in certain situations:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data, but you need it for legal claims
• You've objected to processing pending verification of legitimate grounds

8.5 Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format and have it transferred to another controller where technically feasible.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

8.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us:

• Email: privacy@properlet.co.uk
• Subject Line: “Data Subject Rights Request”
• Include: Your full name, email address, and specific request

We will respond within one month. If your request is complex, we may extend this by two months and will inform you of the extension.

Verification: We may need to verify your identity before processing your request to protect your data security.

No Fee: Exercising your rights is free unless your request is manifestly unfounded or excessive.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our services. For detailed information about the cookies we use, please see our Cookie Policy.

Summary:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Posthog cookies to understand product usage (can be opted out)
• No Advertising Cookies: We do not use advertising or third-party tracking cookies

You can manage cookie preferences through your browser settings or our cookie consent banner.

10. Children's Privacy

ProperLet is a B2B service intended for use by businesses and professionals in the property letting industry. Our services are not directed at individuals under 18 years of age.

We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@properlet.co.uk and we will delete it.

11. Marketing Communications

We may send you marketing communications about our services, new features, industry insights, and special offers if:

• You have given consent (e.g., ticked an opt-in box), or
• You are an existing customer and we are marketing similar products/services (soft opt-in)

Your Rights:

• You can opt out at any time by clicking “unsubscribe” in any marketing email
• You can manage preferences in your account settings
• Opting out does not affect essential service communications (e.g., security alerts, billing notifications)

12. Third-Party Links

Our platform may contain links to third-party websites, services, or resources. This Privacy Policy applies only to ProperLet. We are not responsible for the privacy practices of external sites. We encourage you to read the privacy policies of any third-party services you use.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

• Our data processing activities
• Legal or regulatory requirements
• Industry best practices

Notification of Changes:

• We will update the “Last updated” date at the top of this policy
• For material changes, we will notify you by email or through an in-app notification
• Continued use of our services after changes indicates acceptance

We encourage you to review this policy periodically.

14. Your Right to Complain

You have the right to lodge a complaint with the UK's supervisory authority for data protection:

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first at privacy@properlet.co.uk.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

We aim to respond to all enquiries within 5 business days.