Trust Centre

Product Privacy Policy

For agencies using the LetAdmin platform.

LetAdmin Ltd
224 Wellesbourne, 139–145 Preston Road
Brighton, BN1 6BA, United Kingdom
Email: privacy@letadmin.com

1. Introduction

This Product Privacy Policy explains how LetAdmin Ltd ("LetAdmin", "we", "us") handles personal data inside the LetAdmin platform — including landlord, tenant, applicant, staff and financial data.

If you are an agency using LetAdmin, you are the Data Controller. LetAdmin acts as your Data Processor, meaning we only process personal data based on your instructions.

This policy covers everything that happens inside the app. For the public website, please see our separate Website Privacy Policy.

2. What this policy covers

This policy applies when:

  • your agency uses the LetAdmin platform
  • your staff log into LetAdmin
  • you store or upload property, landlord, tenant or applicant data
  • you connect Open Banking
  • you use LetAdmin's AI features
  • you send or receive messages inside LetAdmin

It does not apply to your own website or other systems you use.

3. Data roles

You (the agency)

You are the Data Controller. You decide what data to collect, store, update, or delete.

LetAdmin Ltd

We are your Data Processor. We only process data to provide the service you've asked us to deliver.

We do not:

  • use your data for our own purposes
  • train public AI models on your data
  • contact your landlords or tenants unless your team instructs the system to

4. What data LetAdmin processes

To deliver the service, we process the following information on your behalf:

4.1 Landlord & tenant data

  • Names, addresses, email addresses, phone numbers
  • Tenancy details (rent, dates, documents)
  • Messages, notes, tasks
  • Uploaded documents (ID, ASTs, certificates)

4.2 Applicant data

  • Contact details
  • Viewing history
  • Application notes
  • Referencing status (if you store it in LetAdmin)

4.3 Property information

  • Address, features & descriptions, photos
  • Safety certificates, EPC data
  • Inspection reports, maintenance notes

4.4 Staff data

  • Names, work emails
  • Roles & permissions
  • Activity logs

4.5 Financial data

Via Open Banking:

  • Account name, account number, sort code
  • Balances
  • Transaction feed

LetAdmin never sees or stores banking credentials.

4.6 AI-processed content

We process data you send to our AI tools, including:

  • Draft messages and summaries
  • Property descriptions
  • Internal assistant prompts

AI processing is covered in Section 8.

5. What we use the data for

Only to provide the service you expect, including:

  • Managing properties, landlords, tenants, and applicants
  • Sending emails and SMS (when you instruct the system)
  • Running automations and workflows
  • Reconciling payments
  • Generating statements and reports
  • Providing support
  • Maintaining audit logs
  • Improving platform performance

We never use your data for marketing to your customers.

6. How we store & secure your data

Infrastructure

  • Marketing site: Vercel (EU region)
  • Application: Heroku (EU region)
  • Storage: AWS S3 (London / eu-west-2)

Security measures

  • All data encrypted at rest
  • All traffic encrypted in transit (TLS 1.2+)
  • Role-based access controls
  • Mandatory MFA for staff
  • Audit logs for key actions
  • Daily encrypted backups
  • Least-privilege access policies
  • Environment secrets protected in Heroku/Vercel vaults

We continuously monitor system performance and access.

7. Sharing data with subprocessors

LetAdmin uses trusted third-party providers ("subprocessors") to run the platform.

We only share data with vendors who:

  • comply with UK GDPR
  • act strictly under our instruction
  • cannot use your data for their own purposes
  • sign data protection agreements

We never sell personal data.

8. AI Processing

LetAdmin uses AI providers (currently OpenAI and Anthropic) to help you:

  • draft emails and replies
  • generate property descriptions
  • summarise notes, messages, and documents
  • receive guidance from your AI assistant

How AI handles your data

  • Data you send to the AI is processed only to fulfil your request
  • It is not used to train public or shared models
  • AI models act as subprocessors under contract
  • Logs are retained for a short period (up to 30 days)
  • We minimise the data sent whenever possible

You may switch off AI features for your agency if required.

9. Open Banking

LetAdmin uses an FCA-regulated provider (currently Finexer) to retrieve:

  • transaction feed
  • balances
  • basic account details (name, sort code, account number)

Important

  • LetAdmin never sees or stores bank credentials
  • You connect directly to the provider
  • You may revoke consent at any time
  • Data is used only for reconciliation and statements
  • All banking data is encrypted and access controlled

Open Banking access is optional but required for automated reconciliation.

10. How long we keep data

Unless you ask us to delete data sooner:

  • Customer account data — kept until your contract ends
  • Tenant/landlord/applicant data — deleted within 90 days of account closure
  • Financial records — retained as required by law
  • AI logs — kept for up to 30 days
  • Backups — retained for 30 days

You can request full deletion at any time.

11. International transfers

Some of our subprocessors (including AI models) operate outside the UK/EU. Where this happens, we rely on:

  • UK GDPR adequacy regulations
  • International Data Transfer Agreements (IDTAs)
  • The UK Addendum to the EU SCCs
  • Strong contractual protections

Your data is always protected to UK GDPR standards.

12. Your rights

As a Data Controller, you maintain full control of your data.

Individuals whose data you store in LetAdmin (landlords, tenants, applicants) have the right to:

  • access their data
  • request correction
  • request deletion
  • restrict processing
  • object to processing
  • portability (where applicable)

You can carry out these actions directly in LetAdmin or request our assistance.

Agencies may contact us at privacy@letadmin.com for data requests.

13. Breach notifications

If we become aware of a data breach affecting your agency, we will:

  • notify you without undue delay
  • share all relevant details
  • support you in meeting your own legal obligations

14. Changes to this policy

We may update this policy occasionally. If changes are significant, we will notify all agencies.

15. Contact

For privacy or data protection enquiries:

LetAdmin Ltd
224 Wellesbourne, 139–145 Preston Road
Brighton, BN1 6BA, United Kingdom
Email: privacy@letadmin.com