AI & Open Banking Addendum

1. Purpose of this Addendum

LetAdmin includes optional AI functionality and optional Open Banking integrations. This Addendum provides clear, plain-English details on:

• what data is processed
• how it is protected
• how third-party providers are involved
• how agencies can control or disable these features

2. Data sent to the AI

When a user interacts with AI features, LetAdmin may send the following data to AI providers:

• the text the user types
• relevant context required to fulfil the request (e.g., property details, key notes, message history)
• documents or text excerpts selected by the user for summarisation

LetAdmin minimises the data sent, and only sends what is required to complete the action.

3. How AI providers handle the data

LetAdmin's AI providers process the data only for the purpose of returning the requested output.

They do not:

• use LetAdmin customer data to train their public models
• store data longer than necessary to return the output
• access LetAdmin data for their own purposes

LetAdmin has contractual agreements ensuring compliance with UK GDPR.

4. AI log retention

To support safe use, fraud detection, and abuse monitoring:

• AI logs may be stored for up to 30 days
• Logs are encrypted and access-controlled
• Logs are automatically purged after the retention period

5. Turning AI features off

If an agency prefers not to use AI, they may:

• disable AI features for all users
• restrict AI usage to selected roles
• request that AI features be turned off platform-wide

LetAdmin will always respect the agency's configuration.

6. What data is retrieved

LetAdmin retrieves:

• account name
• account number
• sort code
• account balances
• transaction feed and descriptions

LetAdmin does not and will never access:

• bank login credentials
• security answers
• passwords
• PINs
• card numbers

All authentication happens directly between the Agency and the Open Banking provider.

7. How Open Banking data is used

Open Banking data is used solely for:

• reconciling rent payments
• matching tenant receipts
• generating landlord statements
• detecting missed or unexpected payments
• simplifying accounting workflows

Open Banking data is not used for marketing, training AI models, or any purpose outside the scope of the LetAdmin platform.

8. Revoking access

Agencies may revoke Open Banking access at any time by:

• disconnecting the bank inside LetAdmin
• revoking access directly with the Open Banking provider

Once revoked, LetAdmin will stop all data retrieval immediately.

9. Storage and security

Open Banking data is:

• encrypted at rest
• encrypted in transit
• access-controlled
• stored exclusively in AWS S3 in the UK (eu-west-2)

LetAdmin retains Open Banking data only as needed for accounting and legal financial record-keeping.

10. Subprocessors involved

AI and Open Banking involve the following subprocessors:

• OpenAI — AI model processing
• Anthropic — AI model processing
• Finexer — Open Banking (AIS)
• Email/SMS providers — where AI drafts communications
• Hosting and infrastructure providers — Heroku, AWS, Vercel

11. Changes to this Addendum

LetAdmin may update this Addendum to:

• reflect new AI capabilities
• reflect changes in Open Banking providers
• maintain compliance with UK GDPR

Significant changes will be communicated to agencies.

12. Contact

For privacy questions regarding AI or Open Banking:

LetAdmin Ltd
224 Wellesbourne, 139–145 Preston Road
Brighton, BN1 6BA, United Kingdom
Email: privacy@letadmin.com