Privacy Policy
EstateAigents.com Ltd (Company No. 07801820) | Last updated: 7 May 2026
Who This Policy Applies To
By using our website or services, you agree to the processing of your personal data as described in this Privacy Policy.
EstateAigents.com Ltd ("we", "our", "us") is committed to keeping your data secure and giving you control over it. This policy explains what we collect, why, how we use it, who we share it with, and your rights under UK GDPR, the Data Protection Act 2018, and other applicable UK data protection law.
1. Who We Are (Data Controller)
EstateAigents.com Ltd Unit 13, Freeland Park, Wareham Road, Lytchett Matravers, Poole, Dorset, BH16 6FA Company No. 07801820 (England and Wales) VAT No. GB209168995 š§ admin@estateaigents.com š estateaigents.com ICO Registration Number: Z2884897
We are the data controller for personal data collected and processed through our website and our software platform.
Where our customers (property professionals) use our platform to process personal data of their own contacts (such as their tenants or landlords), our customers act as the data controller for that data and we act as a data processor on their behalf under our standard data processing terms.
2. What Personal Data We Collect
We collect personal data in the following categories:
Identity and Contact Data Name, email address, phone number, postal address, profile photo, organisation name and role.
Account and Authentication Data Username, hashed password, multi-factor authentication tokens, login history, session data, OAuth identifiers from connected providers (Google, Microsoft).
Subscription and Billing Data Payment method tokens (held by Stripe ā we do not store card numbers), billing address, VAT details, subscription tier, transaction history.
Content and Communications Data Messages, documents, listings, contacts, and other content you upload to the platform; messages routed through the platform on your behalf; support correspondence.
Technical and Usage Data IP address, browser type, operating system, device identifiers, pages visited, feature usage, session duration, error logs, cookies and similar tracking data (see our Cookie Policy).
Marketing and Preference Data Communication preferences, survey responses, in-product preferences.
3. How We Collect Your Data
We collect data:
- Directly from you ā when you register, configure your account, upload content, or contact us
- Automatically ā via cookies, server logs, and analytics tools when you use our website (see Cookie Policy)
- From third parties ā identity providers (Google, Microsoft) when you sign in with them, and fraud-prevention services where we use them
4. Legal Basis for Processing
Under UK GDPR Article 6, we process your data on the following legal bases:
| Processing Activity | Legal Basis | UK GDPR Article |
|---|---|---|
| Creating and managing your account | Contract | Art. 6(1)(b) |
| Delivering the platform to subscribers | Contract | Art. 6(1)(b) |
| Billing and payment | Contract / Legal obligation | Art. 6(1)(b)(c) |
| Processing data on a customer's behalf | Contract (with the customer) | Art. 6(1)(b) |
| Security monitoring and fraud prevention | Legitimate interests | Art. 6(1)(f) |
| Website analytics | Consent | Art. 6(1)(a) |
| Marketing communications | Consent | Art. 6(1)(a) |
| Improving the Service | Legitimate interests | Art. 6(1)(f) |
| Responding to legal requests | Legal obligation | Art. 6(1)(c) |
Where we rely on legitimate interests, we have carried out a balancing test to confirm our interests are not overridden by your rights. You may request a copy of this assessment by contacting us at admin@estateaigents.com.
5. How We Use Your Data
To provide the Service:
- Authenticate your account and keep it secure
- Deliver the platform and its features to you
- Route communications you send through the platform
- Provide AI-assisted features (drafting, summarisation, classification)
- Process subscription payments
To comply with legal obligations:
- Tax reporting and financial record-keeping
- Responding to lawful requests from regulators, law enforcement, or courts
To protect the platform:
- Detect and prevent fraud, abuse, and security incidents
- Conduct security monitoring and risk assessments
- Enforce our Terms of Service
For marketing (with your consent):
- Send you product updates, newsletters, and offers
- Run targeted advertising on third-party platforms (Meta, Google, LinkedIn)
- Conduct surveys and gather feedback
6. AI Sub-Processors and How We Use AI
Our platform uses third-party AI providers to power features such as drafting, summarisation, classification, and search. When you use these features, the relevant content is transmitted to and processed by the AI provider on our behalf.
| Provider | Region | Purpose |
|---|---|---|
| Anthropic (Claude) | US (UK SCCs in place) | Drafting, reasoning, summarisation |
| Google (Gemini, optional via BYOK) | US / EU | Optional user-supplied AI |
| OpenAI (optional via BYOK) | US (UK SCCs in place) | Optional user-supplied AI |
We do not permit our AI sub-processors to train their models on your content. Where you bring your own API key (BYOK) for a third-party AI provider, your use of that provider is also governed by the provider's own terms and privacy policy.
7. Other Sub-Processors
We use trusted third parties to deliver the Service. They process personal data only as instructed by us under written data processing agreements.
| Sub-processor | Region | Purpose |
|---|---|---|
| Vercel | EU / Global | Hosting and CDN |
| Supabase | EU (eu-west-2, London) | Database and authentication |
| Cloudinary | EU / Global | Public media storage |
| Google Cloud (GCS) | UK (europe-west2) and Asia (asia-southeast1) | Private document storage |
| Stripe | UK / EU | Subscription billing |
| Resend | EU | Transactional email |
| Twilio | EU / US | SMS and voice routing |
| Timelines.ai | EU | WhatsApp routing |
| Telegram | Global | Messaging integration |
| Google Maps Platform | US | Mapping |
| Google Analytics 4 | US (Google Consent Mode v2) | Website analytics (consent only) |
8. Sharing Your Data
We share personal data only where necessary and always with appropriate safeguards.
With our sub-processors as set out in Sections 6 and 7.
With your organisation. Where you use the Service on behalf of an organisation that has an EstateAigents subscription, your account and usage data is visible to the organisation's administrators.
Regulatory and legal bodies. We may disclose data to HMRC, the ICO, law enforcement, courts, or other authorities where legally required.
Business transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred to the relevant parties, subject to equivalent privacy protections.
We do not sell your personal data.
9. International Data Transfers
Some of our sub-processors are based outside the UK. Where we transfer personal data internationally, we rely on appropriate safeguards, including:
- UK-US Data Bridge for transfers to certified US organisations
- UK Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs)
- Adequacy regulations for countries deemed adequate by the UK Secretary of State
You may request details of the specific transfer mechanism used for any given transfer by contacting admin@estateaigents.com.
10. Data Retention
We retain personal data only for as long as necessary, or as required by law.
| Data Category | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of account + 12 months | Account recovery |
| Closed account data | Deleted within 90 days of account closure | Data minimisation |
| Billing records | 6 years | HMRC / tax obligations |
| Marketing consent records | Until consent withdrawn + 1 year | ICO guidance |
| Website analytics data | 26 months | Google Analytics default / ICO guidance |
| General correspondence | 3 years after last contact | Legitimate interests |
| Security logs | 12 months | Incident investigation |
After the applicable retention period, data is securely deleted or anonymised.
11. Automated Decision-Making and Profiling
The platform uses AI to assist users in producing and processing content, but we do not make any legal or similarly significant decisions about you using fully automated processes.
Where AI features produce content for review (drafts, classifications, summaries), a human user reviews the output before any external action is taken. If you believe an automated process has had a significant effect on you, you have the right to request human review, express your point of view, and contest the decision. Contact us at admin@estateaigents.com.
12. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- TLS encryption for data in transit
- Encryption at rest for our database and storage
- Role-based access controls and least-privilege access
- Multi-factor authentication for our staff
- Continuous logging and monitoring
- Regular security reviews and dependency audits
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay, as required by UK GDPR Articles 33-34.
13. Your Rights
Under UK GDPR, you have the following rights:
| Right | What It Means |
|---|---|
| Access | Request a copy of the personal data we hold about you (Subject Access Request) |
| Rectification | Ask us to correct inaccurate or incomplete data |
| Erasure | Ask us to delete your data ("right to be forgotten") where it is no longer necessary |
| Restrict processing | Ask us to pause processing while accuracy or legitimacy is disputed |
| Data portability | Receive your data in a structured, machine-readable format |
| Object | Object to processing based on legitimate interests or for direct marketing |
| Withdraw consent | Withdraw consent at any time for consent-based processing (e.g. marketing) |
| Human review | Request human review of any automated decision that significantly affects you |
To exercise any right, contact us at: š§ admin@estateaigents.com š® Unit 13, Freeland Park, Wareham Road, Lytchett Matravers, Poole, Dorset, BH16 6FA
We will respond within 30 days. We may ask you to verify your identity before acting on your request. This service is free of charge unless requests are manifestly unfounded or excessive.
14. Cookies
We use cookies and similar technologies on our website. For full details, see our Cookie Policy.
15. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. Please review their individual privacy policies.
16. Children
Our services are not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact us immediately at admin@estateaigents.com.
17. How to Complain
If you are unhappy with how we handle your data, please contact us first at admin@estateaigents.com ā we aim to resolve all complaints promptly.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time:
š ico.org.uk/make-a-complaint š 0303 123 1113 š® Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
18. Changes to This Policy
We review this policy at least annually. The "Last updated" date at the top reflects the current version. Where we make material changes, we will notify you by email at least 10 days before the changes take effect. Continued use of our services after that date constitutes acceptance of the revised policy.
Company Information
EstateAigents.com Ltd Registered in England and Wales Company number: 07801820 Registered office: Unit 13 Freeland Park, Wareham Road, Lytchett Matravers, Poole, Dorset, BH16 6FA VAT number: GB209168995 ICO registration number: Z2884897 Data controller contact: admin@estateaigents.com
This Privacy Policy should be read alongside our Cookie Policy and Terms of Service.