EstateHQ
Compliance-First Estate Agency
Legal

Privacy policy

This policy explains how EstateHQ collects, uses, and protects your personal data in accordance with UK GDPR and the Data Protection Act 2018.

Last updated: May 2026

Disclaimer: This document is provided for informational purposes. We recommend seeking independent legal advice to ensure your compliance with applicable laws.

Who we are

EstateHQ is the trading name of the company operating this platform. We provide a SaaS compliance management platform for UK estate agencies. We are the data controller for the personal data described in this policy.

Company registration number: 17209704 (registered in England and Wales).

You can contact us at any time by email: hello@estatehq.co.uk

What data we collect

We collect and process the following categories of data when you use EstateHQ:

Account data

  • Your name and email address when you create an account
  • Your organisation name and branch details
  • Billing information (payment method details are processed by Stripe and not stored by us)
  • Role and access level within your organisation

Property and client data

  • Landlord client names, contact details, and AML risk assessment records that you enter into the platform
  • Property addresses and certificate records
  • Sales and lettings instruction details
  • Offer, viewing, and pipeline data

Usage and analytics data

  • Pages visited and features used within the platform
  • Browser type, operating system, and device information
  • IP address and approximate location (country/region)
  • Session duration and interaction events

Cookies

We use essential, functional, and analytics cookies. Please see our Cookie policy for full details of the cookies we use and how to control them.

Legal basis for processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Article 6(1)(b) — Contract

Processing is necessary to perform our contract with you (providing the EstateHQ platform) and to take steps at your request prior to entering into a contract.

Article 6(1)(c) — Legal obligation

We may be required to process certain data to comply with legal obligations, including record-keeping requirements under UK tax law.

Article 6(1)(f) — Legitimate interests

We process usage analytics data to improve the platform and prevent fraud, where this is not overridden by your rights and interests.

How we use your data

  • To provide, operate, and maintain the EstateHQ platform
  • To manage your account and subscription
  • To send transactional emails (account notifications, certificate expiry alerts, staff invitations)
  • To process payments via Stripe
  • To respond to support requests and enquiries
  • To improve platform performance and fix issues
  • To detect and prevent fraud and abuse
  • To comply with applicable law

We do not sell your personal data to third parties. We do not use your data for automated profiling that produces legal or similarly significant effects.

Who we share data with

We use the following sub-processors to operate the platform. Each is bound by a data processing agreement and appropriate safeguards. For full details of how we process your data as a data processor, see our Data Processing Agreement.

Sub-processorPurposeLocation
SupabaseDatabase hosting, authentication, and file storageEU (London)
StripePayment processing and subscription managementUSA (SCCs)
ResendTransactional email deliveryUSA (SCCs)
VercelPlatform hosting and edge networkUSA / EU (SCCs)

SCCs = UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses, as approved by the UK ICO for international data transfers under UK GDPR.

We may also disclose your data to law enforcement or regulatory authorities where required by law.

How long we keep your data

We retain personal data only for as long as necessary:

  • Account and subscription data: for the duration of your subscription, plus 90 days after account closure to allow data export, then deleted
  • Billing records: 7 years from the end of the relevant tax year, to comply with HMRC requirements
  • AML and compliance records: we recommend your agency retains AML records for a minimum of 5 years under the Money Laundering Regulations 2017; you are responsible for your own retention obligations
  • Usage and analytics data: aggregated and anonymised within 13 months
  • Support correspondence: 2 years from the date of the last communication

Your rights

Under UK GDPR, you have the following rights regarding your personal data. Please see our GDPR & Your Rights page for full details of how to exercise each right.

  • Right of access — obtain a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure — ask us to delete your data in certain circumstances
  • Right to restriction — ask us to restrict processing of your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right not to be subject to automated decision-making with legal or significant effects

Contact us & complaints

To exercise any of your rights, or if you have any questions about this policy, please contact us at hello@estatehq.co.uk. We will respond within 30 calendar days.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Telephone: 0303 123 1113

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Questions about your data?

We are committed to handling your data transparently and responsibly. Get in touch with any questions.

Contact us