Last updated: 28 February 2026
LeaseholdConnect is committed to protecting the privacy and security of your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we fulfil our obligations as a data controller.
LeaseholdConnect acts as the data controller for personal data collected through our platform. This means we determine the purposes and means of processing your personal data.
For enquiries about data protection, contact us at: privacy@leaseholdconnect.com
We process personal data under the following lawful bases as defined by Article 6 of UK GDPR:
Processing necessary to provide the LeaseholdConnect platform, manage your account, and deliver the services you have subscribed to.
Processing necessary for platform security, fraud prevention, service improvement, and analytics. We conduct balancing tests to ensure our interests do not override your rights.
Processing required to comply with legal and regulatory obligations, such as financial record keeping.
Where applicable, such as for marketing communications. You may withdraw consent at any time.
As a data subject, you have the following rights. We aim to respond to all valid requests within one calendar month.
Right of Access (Article 15)
Request a copy of the personal data we hold about you.
Right to Rectification (Article 16)
Request correction of inaccurate or incomplete personal data.
Right to Erasure (Article 17)
Request deletion of your personal data where there is no compelling reason for continued processing.
Right to Restrict Processing (Article 18)
Request limitation of processing in certain circumstances.
Right to Data Portability (Article 20)
Receive your personal data in a structured, commonly used, machine-readable format.
Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing purposes.
We use the following third-party sub-processors to deliver our services:
| Provider | Purpose | Location |
|---|---|---|
| Clerk | Authentication and identity management | US (with UK GDPR adequate safeguards) |
| Convex | Database and backend infrastructure | US (with UK GDPR adequate safeguards) |
| Stripe | Payment processing | US/EU (PCI DSS compliant) |
| Vercel | Application hosting and delivery | Global CDN (with UK GDPR adequate safeguards) |
Some of our sub-processors are based outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO, and we verify that the receiving organisations maintain adequate data protection standards.
In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours where feasible, if the breach is likely to result in a risk to individuals' rights and freedoms. We will also notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
If you are unhappy with how we handle your personal data, please contact us first at privacy@leaseholdconnect.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):