LetShield

Privacy policy

Last updated: March 2026

LetShield Ltd ("we", "us", "our") is committed to protecting your personal data. This policy explains what data we collect, why we collect it, how we use it, and your rights.

What we collect

Account information

When you register, we collect your name, email address, and a hashed version of your password. We never store your password in plain text.

Property data

You provide property addresses, postcodes, certificate details, tenancy information, and tenant names and contact details. This data is necessary to provide our compliance tracking service.

EPC data

When you enter a postcode, we look up Energy Performance Certificate data from the government's EPC register (epc.opendatacommunities.org). We cache this data to reduce API calls and improve performance.

Usage data

We use privacy-friendly analytics to understand how the service is used. We do not use Google Analytics. We do not track you across other websites.

Why we collect it

We process your data to provide the compliance tracking service you signed up for. The legal basis is contract (we need the data to deliver the service) and legitimate interest (for sending compliance reminders you've opted into).

Who we share it with

We do not sell your data. We share data only with the following service providers who process it on our behalf:

  • Vercel (hosting and infrastructure)
  • Resend (transactional email delivery)
  • Stripe (payment processing)

How long we keep it

While your account is active, we retain all data necessary to provide the service. If you delete your account, personal data is permanently deleted within 30 days. We retain anonymised analytics data indefinitely.

Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability (export your data)

To exercise any of these rights, email us at privacy@letshield.co.uk.

Cookies

We use a single session cookie (ls_session) to keep you logged in. This is a strictly necessary cookie and does not require consent. We do not use advertising or tracking cookies.

Security

All data is encrypted in transit (TLS/HTTPS). Passwords are hashed using bcrypt with a high work factor. We never store passwords in plain text.

Changes to this policy

We may update this policy from time to time. We'll notify registered users by email of any significant changes.

Contact

LetShield Ltd, registered in England and Wales.
Email: privacy@letshield.co.uk