Privacy Policy

1. Data Controller

Landlord Heaven is the data controller responsible for your personal data.

2. What Data We Collect

Information You Provide:

• Account Information: Name, email address, password (encrypted)
• Landlord Details: Property addresses, landlord name, contact information
• Tenant Information: Tenant names, addresses (for document generation only)
• Payment Information: Processed securely via Stripe (we never store full card details)
• Case Data: Information provided through our wizard for document generation

Information We Collect Automatically:

• Usage Data: Pages visited, features used, time spent on site
• Device Information: Browser type, IP address, device type
• Cookies: See our Cookie Policy for details

3. How We Use Your Data

We use your data to:

• Provide Services: Generate case bundles, manage your account, process payments
• Document Processing: Analyze your case information to generate accurate case bundles
• Communication: Send service emails, updates, and support responses
• Improvement: Improve our services, fix bugs, develop new features
• Legal Compliance: Comply with legal obligations, prevent fraud
• HMO Pro: Track compliance deadlines, send automated reminders

4. Legal Basis for Processing

We process your data under these legal bases:

• Contract: To provide services you've purchased
• Legitimate Interest: To improve services, prevent fraud
• Consent: For marketing emails (you can opt out anytime)
• Legal Obligation: To comply with tax and legal requirements

5. Third-Party Services

We share data with trusted third parties who help us provide services:

6. Data Retention

We retain your data for as long as you have an active account, plus:

• Account Data: Deleted within 30 days of account closure (unless legally required)
• Documents: Stored according to your plan (12 months or lifetime)
• Payment Records: 7 years (UK tax law requirement)
• Support Tickets: 2 years for service improvement

7. Your Rights (UK GDPR)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Restrict: Restrict certain types of processing
• Withdraw Consent: Unsubscribe from marketing emails

8. Data Security

We protect your data with:

• End-to-end encryption for sensitive data
• Secure HTTPS connections (TLS 1.3)
• Regular security audits and penetration testing
• Strict access controls (role-based permissions)
• Encrypted backups
• Two-factor authentication (optional for your account)

9. International Transfers

Your data is primarily stored on UK/EU servers. If transferred outside the UK/EU (e.g., to service providers), we ensure adequate safeguards through:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements
• Anonymization where possible

10. Cookies

We use cookies to improve your experience. See our Cookie Policy for details. You can control cookies via your browser settings.

11. Children's Privacy

Our services are not intended for anyone under 18. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email. Continued use after changes constitutes acceptance.

13. Complaints

If you're unhappy with how we handle your data, contact us first. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):