Compliance & Security

Every UK regulation,
one platform

EstateHQ is built specifically around UK estate agency law. Every feature maps to a specific legal obligation — nothing is bolted on.

MLR 2017OFSI MandatoryUK GDPRDPA 2018RRA 2025Estate Agents Act 1979PECRConsumer Duty
5yr
Minimum AML retention — MLR 2017
0
Third-party data sales — ever
100%
UK-hosted infrastructure
AES-256
Encryption standard for all stored data
MLR 2017 — Money Laundering Regulations
Anti-Money Laundering

UK estate agents are obligated to conduct Customer Due Diligence (CDD) on all clients before acting on their behalf. EstateHQ documents every assessment and stores the audit trail for HMRC supervision.

  • Risk-based customer due diligence
  • Enhanced DD for high-risk clients and PEPs
  • Source of funds documentation
  • 5-year retention (HMRC requirement)
  • HMRC-ready supervision reports
OFSI — Office of Financial Sanctions Implementation
Sanctions Screening

Mandatory for estate agents since May 2025 under the Russia (Sanctions) Regulations. EstateHQ screens every client against the HM Treasury consolidated sanctions list and records the result.

  • HM Treasury consolidated list
  • Automatic re-check on list updates
  • Immediate flag on match
  • Exportable screening records
  • Compliant with OFSI guidance EA(S)02
RRA 2025 — Renters' Rights Act
Tenancy Management

Section 21 no-fault evictions end 1 May 2026. EstateHQ manages tenancy documentation, Right to Rent checks, and deposit compliance under the new statutory regime.

  • Right to Rent documentation
  • Section 8 notice management
  • Deposit scheme compliance
  • Tenancy agreement tracking
  • Automatic updates as law evolves
UK GDPR / DPA 2018
Data Protection

EstateHQ operates on a soft-delete model — personal data is never hard-deleted without statutory authority. All data is UK-hosted and processed under UK GDPR by default.

  • Soft-delete only — no hard deletes on personal data
  • UK-hosted infrastructure
  • Encrypted at rest and in transit
  • Data subject request tooling
  • Consent and PECR opt-in recording
SI 2019/855 · SAMLA 2018 · OFSI Guidance EA(S)02
Financial Sanctions

Letting agents became relevant firms under the Russia (Sanctions) (EU Exit) Regulations 2019 (SI 2019/855 as amended) from 14 May 2025. You must screen landlords at instruction, tenants at offer acceptance, and guarantors before countersigning against the full OFSI consolidated list.

  • Landlords screened at instruction
  • Tenants screened at offer acceptance
  • Guarantors screened before countersigning
  • Mandatory reporting to OFSI on reasonable suspicion
  • Timestamped audit trail of every screening
DMCC Act 2024 — s.21 · CMA Enforcement from 6 April 2025
Material Information

The NTSELAT guidance was withdrawn on 8 May 2025 following the DMCC Act 2024 coming into force from 6 April 2025. The obligation to disclose material information now falls under s.21 DMCC Act 2024. The CMA holds enforcement powers and does not require a court order. Omission is automatically an unfair commercial practice regardless of its effect on any consumer's decision.

  • Per-property material information completion tracking
  • Incomplete properties flagged before listing
  • Parts A, B, and C coverage (sales and lettings)
  • Timestamped audit record for CMA inspection
  • Linked to each property instruction
Built secure from the start

Security and compliance are architectural decisions, not features added after the fact. Every layer of EstateHQ is designed with UK data protection requirements in mind.

Encrypted at rest & transit
AES-256 encryption for all stored data. TLS 1.3 for all data in transit. No plaintext storage of any personal or financial information.
UK-hosted infrastructure
All data stays in UK data centres. No cross-border data transfers to US or EU without explicit lawful basis. GDPR-compliant by architecture.
Role-based access
Granular permission controls per user per branch. Staff can only access the records their role requires. Full audit log of all access events.
Immutable audit trail
Every compliance action is timestamped and recorded. The trail cannot be modified or deleted — meeting the 5-year retention requirement for AML and MLR 2017.
Automated law updates
When HMRC, OFSI, or Parliament updates guidance, EstateHQ is updated automatically. You don't need to monitor regulatory changes or retrain your team.
Exportable evidence packs
One-click export of your full compliance record for HMRC AML supervision inspections, redress scheme reviews, or internal audits — at any time.

Your data,
your control

EstateHQ never sells or shares your data with portals, third-party marketing platforms, or any affiliate networks. You retain full ownership and control.

  • Export all your data at any time, in open formats
  • Portability guaranteed — no vendor lock-in
  • Data deletion on request (subject to retention law)
  • No advertising or data monetisation
  • Full data processing agreement (DPA) available
5 years
Minimum AML record retention — MLR 2017
0
Third-party data sales — ever
100%
UK-hosted infrastructure
AES-256
Encryption standard for all stored data

Start your 14-day free trial

No credit card required. Full access to all features from day one.

Get started freeSee how it works →