Legal

Privacy policy

Last updated: 22 April 2026

1. Who we are

This privacy policy (“Policy”) explains how we collect, use, store, and share personal data when you use the Landy platform, website, and related services (together, the “Service”), and what choices you have.

For the purposes of applicable data-protection law (including the UK General Data Protection Regulation, as amended and retained in UK law (“UK GDPR”), and the Data Protection Act 2018), the controller of your personal data is the operator of the Service as identified in the Service or on our website (referred to as “we”, “us”, or “our”).

2. Scope

This Policy applies to personal data we process about visitors to our marketing site, registered users (including landlords, estate agents, tenants, and internal staff where applicable), and individuals who contact us or otherwise interact with us in connection with the Service.

Where you use the Service on behalf of an organisation, that organisation may also have responsibilities as a separate controller for data it enters or manages (for example tenancy records). This Policy describes our processing in our role as provider of the Service.

3. Personal data we collect

Depending on how you use the Service, we may process:

  • Account and profile data: name, email address, password or authentication credentials, organisation name, role, preferences, and similar profile fields you provide or we derive from your use of the Service.
  • Service and tenancy content: information you or others submit through the Service (for example property details, tenancy information, documents, messages, issue reports, and metadata such as timestamps and user identifiers).
  • Transaction and billing data: subscription status, payment-related identifiers, and billing contact details processed by us or our payment providers.
  • Technical and usage data: IP address, device and browser type, approximate location from IP, log and diagnostic data, cookies and similar technologies, and analytics about how you navigate and use the Service (where enabled).
  • Communications: messages you send us (for example support requests, feedback, or contact form submissions) and related correspondence.

We do not require you to provide special-category (sensitive) personal data. If you or your organisation choose to upload such information into the Service, we will process it only as needed to provide the Service and as described in this Policy or our agreement with you.

4. How we use personal data and legal bases

We use personal data for the following purposes, relying on the legal bases indicated:

  • Providing and securing the Service (performance of a contract; legitimate interests in operating a reliable and secure platform): account management, authentication, hosting, troubleshooting, security monitoring, and service improvements.
  • Billing and administration (performance of a contract; legal obligation where applicable): processing payments, invoices, tax, and records.
  • Communications (performance of a contract; legitimate interests; consent where required): service notifications, administrative messages, and, where you have opted in, marketing about Landy.
  • Compliance and protection (legal obligation; legitimate interests): detecting abuse, enforcing our terms, responding to lawful requests, and protecting rights, safety, and property.
  • Analytics and product insight (legitimate interests; consent where required by law): understanding usage in aggregate or pseudonymous form to improve the Service, subject to your cookie preferences where applicable.

Where we rely on legitimate interests, we balance those interests against your rights. You may object to certain processing as described in section 10.

5. Sharing and processors

We share personal data only as needed to run the Service, comply with law, or as you direct. Recipients may include:

  • Service providers who process data on our instructions (for example hosting, email delivery, authentication, payment processing, analytics, error reporting, and customer-support tooling).
  • Professional advisers where reasonably required (for example lawyers or accountants bound by confidentiality).
  • Authorities or third parties when we believe disclosure is required by law, court order, or lawful request, or necessary to protect rights, safety, or security.
  • Business transfers: a successor or buyer in a merger, acquisition, or asset sale, subject to appropriate safeguards and notice where practicable.

We do not sell your personal data. Where we use subprocessors, we impose data-protection terms consistent with this Policy and applicable law.

6. International transfers

We primarily store and process personal data in the United Kingdom and/or the European Economic Area. If we transfer personal data to countries not subject to an adequacy decision, we use appropriate safeguards (such as standard contractual clauses approved for use in the UK) unless an exception applies.

7. Retention

We keep personal data only for as long as necessary for the purposes described in this Policy, including to provide the Service, meet legal, tax, or accounting requirements, resolve disputes, and enforce our agreements.

Retention periods may depend on the nature of the data and your relationship with us. When retention is no longer required, we delete or anonymise personal data, subject to limited archival or backup copies that are isolated and overwritten in the ordinary course.

8. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, or alteration. No method of transmission or storage is completely secure; we encourage you to use strong passwords and protect your account credentials.

9. Your rights

Subject to applicable law, you may have the right to: access your personal data; rectify inaccuracies; erase certain data; restrict processing; object to processing based on legitimate interests; request portability of data you provided; and withdraw consent where processing was based on consent.

You may also lodge a complaint with the UK Information Commissioner’s Office ( ico.org.uk ) or, if you are in the EEA, with your local supervisory authority.

To exercise your rights, contact us using the details in section 14. We may need to verify your identity before responding.

10. Cookies and similar technologies

We use cookies and similar technologies for essential operation of the Service, security, preferences, and (where you consent) analytics or marketing. You can manage non-essential cookies through our cookie controls where provided and through your browser settings.

For more detail about specific cookies and choices, see any cookie notice or preference centre presented in the Service.

11. Marketing

Where the law requires consent, we will obtain your consent before sending promotional communications. You can opt out of marketing emails at any time using the unsubscribe link in those emails or by contacting us.

12. Children

The Service is not directed at children under 16, and we do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will take appropriate steps to delete it.

13. Changes to this Policy

We may update this Policy from time to time. We will post the revised Policy on this page and update the “Last updated” date. Where changes are material, we will provide additional notice where practicable (for example by email or in-product message).

14. Contact

If you have questions about this Policy or wish to exercise your rights, please use the contact details provided within the Service, on our website, or on our contact page. For data-protection enquiries, please mark your message for the attention of the data protection contact (or “Privacy”) if that address is published in the Service.

15. Related documents

Our terms and conditions govern use of the Service and include provisions relating to your content and our role as a technology provider.