Protecting letting agency data

Trust Centre

How LetAdmin protects your data: security, privacy, AI, Open Banking, and compliance for letting agencies.

LetAdmin handles sensitive information every day — tenant details, landlord data, tenancy documents, payments and Open Banking feeds. This page explains how we protect that data, how we comply with UK GDPR, and how we operate as a privacy-first platform.

Our approach is simple: be transparent, take security seriously, respect your data, and act only on your instructions.

1. Security

LetAdmin is built on modern, secure infrastructure and follows industry-standard practices to protect your data.

Infrastructure

  • Application hosting: Heroku (EU region)
  • File storage: AWS S3 (London, eu-west-2)
  • Marketing site: Vercel (EU region)

Data encryption

  • In transit: TLS 1.2+ encryption
  • At rest: AES-256 encryption for databases and files
  • Encrypted S3 buckets in the UK for uploads and backups

Access control

  • Mandatory multi-factor authentication for internal access
  • Strict role-based access control (RBAC)
  • Least-privilege permissions for staff
  • Audit logging of key actions

Backups & reliability

  • Daily encrypted database backups
  • Backups retained for 30 days
  • Monitored infrastructure and error tracking

2. Privacy

LetAdmin acts as a Data Processor. Your agency remains the Data Controller. We only process data on your instructions — never for our own purposes.

Full details of what we process and why are set out in our privacy documentation:

3. AI Safety

AI is a core part of LetAdmin — from property descriptions and email drafting to summaries and workflow guidance. We use OpenAI and Anthropic under strict contractual terms.

How AI handles your data

  • Data is used only to fulfil the request you make.
  • Customer data is not used to train public models.
  • Providers act as subprocessors under UK GDPR-compliant contracts.
  • AI logs are retained for a short period (up to 30 days) for safety.

Control & configuration

  • Agencies can restrict AI access to specific roles.
  • AI features can be disabled entirely if required.
  • We minimise the data sent to AI models wherever possible.

4. Open Banking

LetAdmin integrates with an FCA-regulated Open Banking provider (Finexer) to automate reconciliation and financial workflows.

What we receive

  • Account name
  • Sort code and account number
  • Account balances
  • Transaction feed and descriptions

What we never access

  • Bank login credentials
  • PINs or security answers
  • Card numbers
  • Online banking passwords

You authenticate directly with the Open Banking provider. You can revoke access at any time. Open Banking data is encrypted and stored only in AWS S3 in the UK and retained only as needed for accounting and legal record-keeping.

5. Subprocessors

LetAdmin uses a small number of carefully vetted subprocessors to run the platform. We only work with vendors who meet strict security and data protection standards.

For full details, including locations and roles, see our Subprocessor List.

  • Hosting and infrastructure (Heroku, AWS, Vercel)
  • Email and SMS providers
  • AI providers (OpenAI, Anthropic)
  • Open Banking provider (Finexer)
  • Logging, monitoring and analytics tools

We never sell your data. We only share data with subprocessors who act on our instructions and under contract.

6. Data retention

Different data types have different retention periods. In general, we keep data only for as long as it is needed for the purposes of the platform or to meet legal requirements.

  • Customer account data: for the duration of the contract.
  • Landlord/tenant/applicant data: removed within 90 days of account closure.
  • Financial records: retained as required by accounting law.
  • AI logs: up to 30 days.
  • Backups: retained for 30 days.

7. Your rights

Under UK GDPR, individuals whose data you store in LetAdmin (landlords, tenants, applicants) have the right to:

  • Access their personal data
  • Request correction or deletion
  • Restrict or object to certain types of processing
  • Request portability (where applicable)

You can fulfil most of these rights directly within LetAdmin. If you need help, email us at privacy@letadmin.com.

8. Breach response

In the unlikely event of a personal data breach affecting your agency, we will:

  • Notify you without undue delay.
  • Share all relevant information as it becomes available.
  • Support you in meeting any regulatory or notification obligations.

9. Contact

If you have any questions about security, privacy or compliance, we're happy to help.

LetAdmin Ltd

224 Wellesbourne, 139–145 Preston Road
Brighton BN1 6BA
United Kingdom

Email: privacy@letadmin.com

LetAdmin is built with care, and designed for trust. This page is the single source of truth for how we handle your data.