Privacy Policy

LetClear is a software service operated from the United Kingdom. We are the data controller for the personal data described in this policy. We do not currently process special-category data.

We collect only what we need to run the service:

• Account data. Email address and a password hash, set during signup.
• Property data. Address, type, and country of properties you add.
• Tenancy data. Start date, deposit details, prescribed-information status, and tenancy type.
• Compliance data. Certificate issue and expiry dates you record for gas safety, EPC, EICR, and smoke alarm checks.
• Documents. Files you upload to attach to a property or compliance record.
• Service logs. Standard request logs (IP address, user agent, timestamp) used to run and secure the service.

We rely on contract performance as the lawful basis for processing the account, property, tenancy, compliance, and document data. Without it we cannot deliver the service you signed up for.

We rely on legitimate interest for service logs, used solely to keep the service running and to detect abuse.

Application data is stored in Supabase Postgres in London (UK region). Uploaded documents are stored in Supabase Storage in the same region. Auth emails are sent via our email provider, and your email address is shared with them solely to deliver service messages.

We do not transfer your personal data outside the UK or EEA.

We share data only with the service providers we use to operate the product:

• Supabase, for database, auth, and storage.
• Vercel, for application hosting.
• Vercel Web Analytics, for aggregate, anonymous usage statistics. No cookies are set and no personal data is collected.
• Resend, for transactional emails (signup confirmation, password reset, future reminder emails).
• Stripe, when subscription billing is enabled, for payment processing only.

We do not sell your data. We do not share it with advertisers.

We keep account, property, tenancy, compliance, and document data for as long as you have an active account. When you delete your account, we delete the associated records within 30 days. Service logs are retained for up to 90 days for security and debugging.

Under UK GDPR you have the right to:

• access the personal data we hold about you
• request correction of inaccurate data
• request deletion of your data
• request a copy of your data in a portable format
• object to or restrict processing in certain circumstances
• lodge a complaint with the Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, email hello@letclear.co.uk. We will respond within one calendar month.

LetClear uses only essential cookies, required to keep you signed in and to remember your preferences. We do not use advertising cookies or third-party tracking cookies.

We use Vercel Web Analytics to understand which pages visitors use. Vercel Web Analytics is cookieless and does not collect personal data: it records aggregate information such as page views and approximate location at country level. If we adopt any analytics product that does set cookies, we will update this page and ask for your consent before any non-essential cookies are set.

Your data is encrypted in transit and at rest. Access is gated by row-level security in our database, so users can only read and write their own records. We regularly review the security advisories provided by our infrastructure provider and act on them.

We may update this policy. Material changes will be announced via email to your account address before they take effect.

Questions about this policy or your data: hello@letclear.co.uk.