Privacy Policy
1. Who we are
Letzen is operated by Starling Group Enterprises Ltd, a company registered in England and Wales under company number 11779468, with its registered office at 124 City Road, London, England, EC1V 2NX.
Our ICO registration application has been submitted and the public registration number will be added here once issued. Until then, the ICO registration field is clearly marked as pending.
For UK data protection law, we are the controller for account, billing, marketing, and platform operations data. When landlords upload tenant, tenancy, property, compliance, or maintenance data into Letzen, we usually act as processor for that data and the landlord remains the controller.
Contact us at privacy@letzen.app. ICO registration: ZC147968.
2. Data we collect
- Account data: name, email, password hash, role, workspace membership, and session security data.
- Landlord and workspace data: business name, contact details, billing email, settings, audit logs, and support messages.
- Property data: addresses, notes, compliance records, document metadata, maintenance history, and uploaded files.
- Tenant data: tenant name, email, phone, tenancy dates, rent amount, deposit amount, and maintenance reports.
- Billing data: Stripe customer ID, subscription ID, plan, billing cycle, invoice and payment status. We do not store full card details.
- Technical data: IP address, browser, device, timestamps, pages used, error logs, and security events.
- Marketing data: demo requests, waitlist forms, lead forms, and email preferences.
3. Why we use data
| Purpose | Lawful basis |
|---|---|
| Provide the Letzen workspace, authentication, property records, tenant reports, compliance tools, and support. | Contract; legitimate interests. |
| Process subscriptions, billing, invoices, taxes, fraud checks, and payment failures through Stripe. | Contract; legal obligation; legitimate interests. |
| Send service emails such as email verification, password reset, security notices, invitations, and billing messages. | Contract; legitimate interests. |
| Send product updates and onboarding messages to customers. | Legitimate interests, with opt-out at any time. |
| Keep audit logs, protect accounts, investigate misuse, and improve reliability. | Legitimate interests; legal obligation where applicable. |
| Respond to lawful requests from regulators, courts, or authorities. | Legal obligation. |
4. Tenant and property data
Landlords are responsible for making sure they have a lawful basis to add tenant data to Letzen and for giving tenants suitable privacy information. Letzen processes tenant data only to provide the service: maintenance reporting, tenancy records, compliance tracking, rent reminders, and related support.
Tenant maintenance report links are designed to collect only the information needed to understand and respond to the issue.
5. Sub-processors
We use trusted providers to run Letzen:
| Provider | Purpose |
|---|---|
| Vercel | Application hosting, serverless functions, deployment, and logs. |
| Neon | PostgreSQL database hosting. |
| Stripe | Checkout, subscriptions, invoices, payment processing, and webhook events. |
| Resend | Transactional email delivery. |
| Hetzner Object Storage | Private object storage for uploaded maintenance photos and compliance documents. |
| Sentry | Error monitoring and reliability diagnostics, when configured. |
We do not sell personal data or share it with advertising networks.
6. International transfers
Some providers may process data outside the UK or EEA. Where that happens, we rely on appropriate safeguards such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum, or EU Standard Contractual Clauses.
7. Retention
- Active workspace data is kept while the workspace is active.
- Closed workspace data may be retained briefly for restoration, export, billing, legal, and security reasons.
- Billing and tax records may be retained for up to 6 years where required by law.
- Audit logs are retained for security and accountability.
- Marketing leads are kept until they are no longer useful, consent is withdrawn, or deletion is requested.
8. Your rights
You may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also withdraw consent where processing relies on consent. Requests should be sent to privacy@letzen.app.
We aim to respond within one month. If you are unhappy with our response, you can complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.
9. Security
We use HTTPS, security headers, hashed passwords, secure sessions, role-based access, signed webhooks, audit logging, protected environment variables, private object storage, and managed infrastructure. No online service is perfectly secure, but we work to reduce risk and respond quickly to incidents.
See our Security page for more detail.
10. Cookies
We use strictly necessary cookies for authentication and security. See our Cookie Policy for details.
11. Changes
We may update this policy as the service changes. If a change is material, we will notify customers in the app or by email where appropriate.