Privacy Policy

Your Privacy Matters

Last updated: February 23, 2026

We're committed to protecting your personal information and your right to privacy. This policy explains what data we collect, how we use it, and your rights under UK GDPR.

Quick Summary

What we collect:

  • • Account & contact information
  • • Property & tenancy data
  • • Payment information (via Stripe/GoCardless)
  • • Usage & analytics data

Your rights:

  • • Access your data anytime
  • • Request corrections or deletion
  • • Export your data (portability)
  • • Opt out of marketing

Introduction

Häuses Limited ("we", "us", or "our") operates the Häuses property management platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This policy outlines our data practices in clear, simple language.

By using Häuses, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

We collect several types of information to provide and improve our Service:

**Personal Information**
- Name, email address, phone number
- Postal address (for landlords and tenants)
- Date of birth (for tenant verification)
- National Insurance number (for Right to Rent checks, tenants only)
- Bank account details (for rent payments and disbursements)
- Payment card information (processed securely by Stripe)
- Direct Debit mandate details (processed securely by GoCardless)

**Property Information**
- Property addresses and details
- Tenancy agreements and related documents
- Compliance certificates (gas safety, EPC, electrical, etc.)
- Inventory reports and check-in/check-out documents
- Maintenance records and contractor information

**Financial Information**
- Rent payment history and transaction records
- Deposit amounts and protection scheme details
- Invoice and receipt data
- Tax-related documentation (for landlords)

**Usage Information**
- Device information (IP address, browser type, operating system)
- Login times and access logs
- Pages visited and features used
- Communication preferences

**Communications**
- Messages sent through the platform between landlords, tenants, and agents
- Support tickets and customer service correspondence
- Email communications and notifications

How We Use Your Information

We use the information we collect for the following purposes:

**Service Delivery**
- Create and manage your account
- Process rent payments and financial transactions
- Facilitate tenancy agreements and document signing
- Enable communication between landlords, tenants, and agents
- Provide maintenance tracking and contractor management

**Legal Compliance**
- Verify tenant identity and Right to Rent status
- Comply with anti-money laundering regulations
- Meet tax reporting obligations
- Fulfill deposit protection requirements
- Maintain compliance audit trails

**Payment Processing**
- Process rent payments via Stripe (card payments) and GoCardless (Direct Debit)
- Manage subscription billing for landlords and agencies
- Handle refunds and disputed transactions
- Generate invoices and receipts

**Service Improvement**
- Analyze usage patterns to improve features
- Monitor platform performance and uptime
- Identify and fix technical issues
- Develop new features based on user needs

**Communication**
- Send transactional emails (payment confirmations, document expiry reminders)
- Provide customer support
- Send important service updates and security notices
- Marketing communications (with your consent, opt-out available)

How We Share Your Information

We share your information only in the following circumstances:

**Service Providers**
- **Stripe**: Payment processing for card transactions (PCI DSS compliant)
- **GoCardless**: Direct Debit processing for automated rent collection
- **DocuSign**: Electronic signature services for tenancy agreements
- **AWS/Supabase**: Cloud infrastructure and database hosting (UK data centers)
- **Resend**: Transactional email delivery
- **Sentry**: Error monitoring and application performance

**Legal Requirements**
We may disclose your information if required by law or in response to:
- Court orders or legal processes
- Requests from law enforcement or regulatory authorities
- Protection of our rights, property, or safety
- Investigation of fraud or security issues

**Business Partners**
- **Letting agents**: If your property is managed by an agency using Häuses
- **Landlords**: If you are a tenant, your landlord can access your tenancy information
- **Deposit protection schemes**: To register and protect tenant deposits
- **Reference agencies**: For tenant referencing (with your consent)

**Business Transfers**
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you of any such change.

**With Your Consent**
We may share information with third parties when you explicitly consent to such sharing.

We do not sell your personal information to third parties for marketing purposes.

Data Security

We implement industry-standard security measures to protect your information:

**Technical Safeguards**
- 256-bit SSL/TLS encryption for data in transit
- AES-256 encryption for data at rest
- Secure, isolated database architecture
- Regular security audits and penetration testing
- SOC 2 Type II compliance

**Access Controls**
- Multi-factor authentication for all accounts
- Role-based access permissions
- Audit logs for all data access
- Regular access reviews and revocations
- Employee background checks and security training

**Payment Security**
- PCI DSS Level 1 compliance via Stripe
- Tokenization of payment card data
- No storage of full card numbers or CVV codes
- Secure Direct Debit mandate processing via GoCardless
- Fraud detection and prevention systems

**Data Backup**
- Automated daily backups
- Encrypted backup storage
- Geographic redundancy across multiple UK data centers
- Disaster recovery procedures tested quarterly

**Incident Response**
- 24/7 security monitoring
- Automated threat detection
- Incident response team on standby
- Notification procedures for data breaches (within 72 hours as required by GDPR)

While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our protections.

Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

**Active Accounts**
- Information retained while your account is active
- Updated as you use the Service

**Closed Accounts**
- Account data retained for 7 years after closure (HMRC requirement)
- Financial records retained for 7 years (tax compliance)
- Tenancy agreements and related documents retained for 6 years after tenancy ends (Limitation Act 1980)

**Legal Holds**
Information may be retained longer if required for:
- Ongoing litigation or disputes
- Regulatory investigations
- Legal compliance obligations

**Anonymization**
After retention periods expire, we either:
- Permanently delete your information, or
- Anonymize it so it can no longer identify you

**Right to Deletion**
You may request deletion of your information before retention periods expire, subject to legal requirements. See "Your Rights" section below.

Your Rights (GDPR)

Under the UK GDPR, you have the following rights:

**Right to Access**
You can request a copy of all personal information we hold about you. We will provide this within 30 days at no charge.

**Right to Rectification**
You can correct inaccurate or incomplete information through your account settings or by contacting us.

**Right to Erasure ("Right to be Forgotten")**
You can request deletion of your information, except where we have legal obligations to retain it (e.g., tax records, tenancy agreements).

**Right to Restrict Processing**
You can request we limit how we use your information in certain circumstances.

**Right to Data Portability**
You can request your data in a structured, machine-readable format (CSV, JSON) to transfer to another service.

**Right to Object**
You can object to processing based on legitimate interests or for direct marketing purposes.

**Right to Withdraw Consent**
Where processing is based on consent, you can withdraw it at any time.

**Right to Complain**
You can lodge a complaint with the Information Commissioner's Office (ICO) if you believe we've mishandled your data:
- Website: ico.org.uk
- Helpline: 0303 123 1113

**How to Exercise Your Rights**
Email us at privacy@hauses.com with your request. We will respond within 30 days.

Cookies & Tracking

We use cookies and similar tracking technologies to improve your experience:

**Essential Cookies**
Required for the Service to function:
- Authentication tokens
- Session management
- Security features

**Analytics Cookies**
Help us understand how you use the Service:
- Page views and navigation patterns
- Feature usage statistics
- Performance monitoring

**Preference Cookies**
Remember your settings:
- Language preferences
- Display settings
- Notification preferences

**Cookie Management**
You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using the Service.

We do not use third-party advertising cookies or sell your browsing data.

Children's Privacy

Häuses is not intended for use by anyone under the age of 18. We do not knowingly collect information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@hauses.com and we will delete such information.

International Data Transfers

Your data is primarily stored in UK data centers. However, some of our service providers operate globally:

**Data Transfer Safeguards**
- Standard Contractual Clauses (SCCs) approved by the UK ICO
- Privacy Shield (where applicable)
- Adequacy decisions for transfers to approved countries
- Data Processing Agreements with all processors

**Third-Party Locations**
- Stripe: Global (PCI DSS compliant)
- GoCardless: UK and EU
- AWS: UK region (eu-west-2)
- DocuSign: EU data centers

All international transfers comply with UK GDPR requirements.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect:
- Changes in our data practices
- New features or services
- Legal or regulatory requirements

**Notification of Changes**
- We will post the updated policy on this page
- The "Last Updated" date will be revised
- For material changes, we will email you at your registered address
- Continued use of the Service after changes constitutes acceptance

We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

**Data Protection Officer**
Email: privacy@hauses.com
Address: Häuses Limited, 123 Property Street, London, UK, SW1A 1AA

**General Support**
Email: support@hauses.com
Phone: +44 20 1234 5678

**Information Commissioner's Office**
For complaints about our data handling:
Website: ico.org.uk
Helpline: 0303 123 1113

We aim to respond to all privacy inquiries within 5 business days.