Privacy
Privacy policy
Last updated: 16 May 2026 (version 2.0)
1. About this notice
This notice explains how PropertyLord AI collects, uses, shares, and stores personal data when you visit propertylord.ai, use our free calculators, save reports, create an account, or contact us. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and our use of cookies under the Privacy and Electronic Communications Regulations (PECR).
We update this notice when our practices change. Material changes will be highlighted on this page. The version above is the current one.
2. Who we are (data controller)
The data controller for personal data processed through propertylord.ai is PropertyLord AI.
- Registered office: TODO(re-add-ltd-on-incorporation): registered office address
- Company number: TODO(re-add-ltd-on-incorporation): UK companies house number
- VAT number: TODO(re-add-ltd-on-incorporation): VAT number if registered
- ICO registration: TODO(re-add-ltd-on-incorporation): ICO data protection registration number
- Privacy contact: privacy@propertylord.ai
3. What personal data we collect
We collect only the personal data needed to run the service. Categories:
- Account data. Email address, password hash (we never store your password in plain text), name if you choose to provide it, the date you signed up, and the page or feature that led to your signup.
- Usage data. Calculator inputs you type into our tools, saved reports, watchlists, projects, and notes you store in your account.
- Billing data. Stripe customer ID, subscription status, plan tier, and invoice metadata. We do not store your card details; Stripe processes and stores those directly.
- Analytics data. Anonymised IP address, page views, button clicks, feature usage events, browser type, device type, approximate region (country / city). Only collected after you give cookie consent on the banner.
- Waitlist data. Email address and the product surface you joined from.
- Support data. The contents of any email, form submission, or message you send us.
- Security data. Bot-protection challenge results (Cloudflare Turnstile), authentication session tokens, and abuse-prevention rate-limit counters.
4. Where we get personal data
- Directly from you when you sign up, save a report, or contact us.
- From your browser when you visit the site (request headers, device data).
- From Stripe via webhook events when you pay, upgrade, or cancel.
- From Supabase authentication when you sign in (including future social-login providers if you use one).
- From Cloudflare Turnstile when you complete a bot-challenge.
5. How we use personal data (purposes and lawful bases)
Under Article 6 of the UK GDPR we must have a lawful basis for each use of personal data. The table below sets out what we do and why.
| Purpose | Lawful basis |
|---|---|
| Service delivery: running calculators, storing saved reports and projects, syncing watchlists. | Contract (Article 6(1)(b)) |
| Account management: signing you in, password resets, plan changes. | Contract (Article 6(1)(b)) |
| Billing, invoicing, tax records, fraud prevention. | Contract (Article 6(1)(b)) and legal obligation (Article 6(1)(c)) |
| Product analytics and improvement (aggregate usage, funnel performance, error tracking). | Consent for cookie-based analytics (Article 6(1)(a)) and PECR; legitimate interests for server-side aggregates (Article 6(1)(f)) |
| Marketing emails about launches, new features, and property research, where you have opted in. | Consent (Article 6(1)(a)) |
| Operational emails: account confirmations, password resets, billing receipts, plan changes. | Contract (Article 6(1)(b)) |
| Security: bot detection, abuse prevention, audit logs. | Legitimate interests (Article 6(1)(f)) and legal obligation (Article 6(1)(c)) |
6. Cookies and similar technologies
We use a small number of cookies and similar storage technologies to keep you signed in, protect the service, and (with your consent) measure how the product is used. Under PECR we must ask for your consent before setting any cookie that is not strictly necessary.
- Strictly necessary. Authentication session (Supabase), bot-protection tokens (Cloudflare Turnstile), Stripe checkout session. These do not require consent.
- Analytics (opt-in).PostHog product analytics. Only set after you select "Accept all" on the cookie banner.
- Advertising cookies. None. We do not run third-party advertising on propertylord.ai.
A full per-cookie table is on our cookies page. You can change your cookie preference at any time from the link in the footer.
7. Who we share personal data with
We use a small number of trusted processors to run the service. Where personal data leaves the UK or EEA, we rely on appropriate safeguards (UK adequacy decision, UK International Data Transfer Addendum, or EU Standard Contractual Clauses where required).
| Recipient | Purpose | Country | Transfer safeguard |
|---|---|---|---|
| Supabase | Auth, database, storage | EU (eu-west-2) | UK adequacy decision |
| Stripe | Payments, subscriptions, invoicing | United States | UK IDTA / EU SCCs |
| Resend | Transactional and product email | United States | UK IDTA / EU SCCs |
| Cloudflare | Bot protection (Turnstile), CDN | Global edge | UK IDTA / EU SCCs |
| Vercel | Application hosting and CDN | United States | UK IDTA / EU SCCs |
| PostHog | Product analytics (consent-gated) | EU (eu.i.posthog.com) | UK adequacy decision |
We do not sell personal data. We do not share personal data with third-party advertisers, data brokers, or list-rental services.
8. How long we keep personal data (retention)
- Account data. While the account is active, plus 6 years after deletion for UK tax and accounting records (HMRC requirement).
- Saved reports, projects, watchlists. Deleted within 30 days of account deletion, unless you ask for earlier deletion or export.
- Billing and invoice data. 6 years after the end of the tax year in which the transaction occurred (HMRC).
- Analytics events. 24 months from collection.
- Waitlist data. Until product launch plus 12 months, unless you unsubscribe earlier.
- Operational logs. 90 days.
- Database backups. 35 days rolling.
9. Your rights under UK GDPR
You have the following rights over your personal data:
- Right of access. Ask for a copy of the personal data we hold about you.
- Right to rectification. Ask us to correct inaccurate or incomplete data.
- Right to erasure. Ask us to delete your data (subject to retention obligations such as tax records).
- Right to restrict processing. Ask us to pause processing while a question is resolved.
- Right to data portability. Ask for your data in a portable, machine-readable format.
- Right to object. Object to processing based on legitimate interests, including direct marketing.
- Rights related to automated decision-making. We do not currently make decisions about you that have legal or similarly significant effects using only automated means.
- Right to withdraw consent. Where we rely on consent, you can withdraw it at any time (including the cookie consent banner and marketing email unsubscribe link).
To exercise any of these rights, email privacy@propertylord.ai. We will respond within 30 days. There is no charge for exercising your rights unless the request is manifestly unfounded or excessive.
10. Security
We protect personal data using industry-standard measures: TLS 1.2 or higher in transit, encryption at rest on managed database and storage services, role-based access controls, Row-Level Security on customer-scoped tables, audit logging, and least-privilege service accounts. No service can be guaranteed to be 100 percent secure; if we discover a personal data breach that risks your rights and freedoms we will notify the ICO within 72 hours and, where required, notify you.
11. Children
PropertyLord AI is not directed at people under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, email privacy@propertylord.ai and we will delete it.
12. Changes to this notice
We will update this notice as the product evolves. The current version and date are at the top of the page. Material changes will be highlighted to existing account holders by email or an in-app notice before they take effect. Prior versions are available on request from privacy@propertylord.ai.
13. Complaints
We want to fix any concerns you have. Please contact privacy@propertylord.ai first and we will work with you to resolve it.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at any time, even if you have not raised it with us first:
- Helpline: 0303 123 1113
- Email: casework@ico.org.uk
- Website: ico.org.uk