Privacy Policy

This policy explains how PHP PERRTHEO LIMITED ("we", "us") collects and uses personal data when you use LettingsLedger. We are the data controller for personal data processed through the Platform. We are registered in England and Wales (07179540). For queries about this policy, use the contact page.

1. What data we collect

We collect and process the following categories of personal data:

• Account data: name, email address, password (hashed), account creation date
• Property and tenancy data: property addresses, tenancy start dates, tenant names where entered, rent amounts
• Compliance records: dates tasks were completed, documents uploaded, evidence entries, certificate dates
• Usage data: pages visited, features used, session timestamps, browser and device type
• Payment data: billing email and transaction references. Payment card details are processed by LemonSqueezy and are not stored by us.
• Communications: emails or messages you send us

2. How we use your data

• To provide and operate the Platform and your compliance evidence pack
• To send account and compliance reminders (expiry alerts, deadline notifications)
• To process subscription payments via LemonSqueezy
• To respond to queries and provide support
• To improve the Platform based on aggregated, anonymised usage patterns
• To comply with legal obligations applicable to us

3. Legal basis for processing

We process your personal data on the following legal bases under the UK GDPR:

• Contract: processing necessary to provide the Platform services you have subscribed to
• Legitimate interests: security monitoring, fraud prevention, and platform improvement
• Legal obligation: where we are required to retain or disclose data by law
• Consent: for marketing communications, where you have opted in

4. Data retention

We retain your account and compliance data for the duration of your subscription and for a minimum of 24 months following account closure, to allow you to retrieve your evidence pack. After that period, data is deleted or anonymised unless we are required to retain it by law.

Compliance records in your evidence pack are your records — we do not delete them during the active retention period regardless of subscription status.

5. Data sharing

We do not sell your personal data. We share it only with:

• LemonSqueezy — payment processing (your billing email and transaction references)
• Hosting providers — infrastructure providers used to operate the Platform (data processed within the EEA or UK)
• Anthropic — where you use AI-assisted document generation features, prompts and context are sent to the Anthropic API. No data is retained by Anthropic beyond the immediate processing of your request.
• Legal authorities — where required by a court order or applicable law

6. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (subject to legal retention obligations)
• Restrict or object to certain processing
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent where processing is based on consent

To exercise any of these rights, use the contact page. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies

We use cookies for session management and analytics. See our Cookie Policy for details.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, or loss. These include encrypted connections (HTTPS), hashed password storage, and access controls. No system is completely secure and we cannot guarantee absolute security.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to registered users by email or in-platform notification. The date at the top of this page reflects the most recent update.