Let SafeBook →
Legal

Privacy Policy

Last updated · 21 May 2026 · Version 1.0

1. Who we are

This policy explains how Let Safe Limited (“Let Safe”, “we”, “us”) collects and uses personal data. We are a UK company registered in England and Wales, company number 16024889, registered office at 9 Nelson Street, Southend-on-Sea, SS1 1EF.

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Let Safe is the data controller for the personal data described below.

Questions, requests, or complaints about this policy: email support@let-safe.comor write to the registered address above. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

2. What personal data we collect

We collect the minimum we need to deliver compliance services and run our business. In practice that means three categories:

From letting agents and landlords (our clients)

  • Name, branch/business name, email, phone
  • Property addresses you instruct us to inspect
  • Invoicing and payment details (account name, bank/BACS reference)
  • Service history — certificates issued, dates, outcomes

From tenants (when our client instructs a job)

  • Name and mobile number (so we can text booking slot options)
  • Property address being inspected
  • Time-slot preference and the slot they accept
  • SMS conversation history limited to the booking exchange

We do not market to tenants. The only messages we send are about the specific job our client has instructed.

From website visitors

  • Anything you type into the contact form (name, email, message)
  • Server logs (IP address, user-agent, timestamp) for security and abuse prevention — held briefly

3. Why we use it (lawful basis)

  • Performance of a contract — delivering the compliance services our client has instructed (UK GDPR Art. 6 (1)(b)).
  • Legal obligation — keeping certification records to satisfy our statutory and accreditation requirements (UK GDPR Art. 6 (1)(c)).
  • Legitimate interests — running our business, responding to enquiries, preventing fraud, improving the service. Where we rely on this we have weighed the impact and can explain the assessment on request (UK GDPR Art. 6 (1)(f)).
  • Consent — if we ever ask you to opt in to marketing emails or similar, we will only act on that consent until you withdraw it.

4. Who we share data with (sub-processors)

We use a small number of vetted third-party services to run the business. We do not sell data and we do not share it for advertising. The sub-processors below act under written data processing agreements and are the only places your data routinely travels:

Service
Used for
Region
Supabase
Operational database, certificate storage
EU (Ireland)
Vercel
Website hosting and edge delivery
EU + global edge
Resend
Transactional email (contact form, notifications)
US
Twilio
Tenant SMS booking exchange
EU (Ireland)
Anthropic
Email/PDF parsing (Claude API)
US
Google (Calendar, Maps)
Engineer scheduling, travel-time routing
EU + US
Xero
Invoicing and bookkeeping
UK

We will also share data where the law requires (HMRC, ICO, courts) or where you ask us to (e.g. providing a certificate to your local authority on request).

5. International transfers

Some of the sub-processors above process data outside the UK and the EEA. Where they do, the transfer is covered either by an adequacy decision or by the ICO’s International Data Transfer Agreement (IDTA), with appropriate supplementary measures. The detail is in the relevant processor’s DPA — available on request.

6. How long we keep data

  • Compliance certificates — kept for the full life of the certificate and at least 6 years after, to meet our obligations as the issuing contractor.
  • Invoicing records— 6 years, in line with HMRC’s record-keeping requirements.
  • Tenant SMS exchanges — retained for 24 months after the job, then deleted.
  • Contact form enquiries — 24 months after the last meaningful contact, unless the enquiry becomes an active client.
  • Server logs — 30 days for security and abuse investigation.

If you ask us to delete your data sooner, we will — unless we have a legal obligation to keep it (e.g. tax records).

7. Your rights

Under UK GDPR you have the right to:

  • Ask for a copy of the personal data we hold about you
  • Ask us to correct anything that’s wrong
  • Ask us to delete data we no longer have a lawful reason to keep
  • Ask us to restrict how we use it while a query is resolved
  • Object to processing carried out on a legitimate-interests basis
  • Ask for your data in a portable, machine-readable format
  • Withdraw consent at any time where consent was the basis

Email support@let-safe.comand we’ll respond within one calendar month. If you’re not satisfied with our response, you can complain to the ICO.

8. Cookies

When you first visit the site we ask for your cookie preferences. Cookies are grouped into three categories:

  • Essential — required to serve pages, remember your consent choice, and keep the site secure. Always on; no consent required under PECR.
  • Analytics — aggregate, anonymised stats about how visitors use the site. Off until you accept.
  • Marketing — used to measure campaign effectiveness. Off until you accept.

You can change your choice any time from the Cookie preferences link in the footer. Your choice is stored locally in your browser; clearing site data resets it.

9. Security

All site traffic is over HTTPS. Operational data is stored encrypted at rest in Supabase. Access to systems is restricted to named staff with multi-factor authentication. We do not store card details — payment is handled by Xero / bank transfer.

10. Changes to this policy

We’ll change this policy from time to time. Material changes (new sub-processors, new categories of data, changed retention periods) will be highlighted at the top of the page for at least 30 days. The version number and last-updated date above are the source of truth.

11. Contact

Let Safe Limited
9 Nelson Street, Southend-on-Sea, SS1 1EF
support@let-safe.com · +44 204 586 4529