Privacy policy.

1. Who is the data controller

Ledger & Lease is operated by Ledger and Lease Ltd(company number 17226653), registered in England and Wales. Ledger and Lease Ltd is the data controller for personal data processed through Ledger & Lease. For data-protection questions write to office@ledgerandlease.co.uk.

2. What we collect

• Account details: email address, optional display name, and the alias you choose for forwarding.
• Evidence content: emails you forward and any files you upload to build a draft proof record.
• Record details: the facts you confirm at the point of issue.
• Payment metadata: Stripe charge identifiers, last four digits of the card, and country. We do not see or store the full card number.
• Operational telemetry: login times, IP address and approximate sign-in location (country, region and city, derived from the IP — never a precise address), browser user-agent, and minimal logs needed to run the service securely.

3. Lawful basis

• Contract: to operate your account, create drafts, and issue proof records.
• Legitimate interests: to keep the service secure, prevent abuse, improve the service, and measure where new landlords find us so paid acquisition is honest. You have the right to object at any time.
• Legal obligation: to keep tax and accounting records, and to respond to lawful requests.
• Consent: for any non-essential cookies or optional contact, where applicable.

4. What is and is not shown publicly

A proof record’s public verification page shows only public-safe metadata: obligation, jurisdiction, service date, record created date, tenant count, sender role, evidence category, source version, and integrity status. It does not show tenant names, property addresses, rent figures, deposit amounts, email addresses, raw email bodies, uploaded files, or private evidence. See About proof records for the full boundary.

5. Where data is processed

Application data sits in Supabase (Postgres) hosted in the EU. Payment is handled by Stripe. Inbound email routing uses Cloudflare Email Routing. Outbound email uses Resend. Where any processor uses servers outside the UK or EEA, transfers rely on adequacy decisions or Standard Contractual Clauses.

Marketing measurement may be sent to advertising platforms (currently Meta; in future, also Google Ads and Reddit Ads) when someone visits the site, starts a check, starts checkout, or completes a purchase. See section 6 below for what is sent and what is not.

6. Conversion measurement

We use Meta Pixel in the browser for page views and generic conversion events. Meta may set or read marketing cookies when the Pixel loads. Pixel events use generic labels such as Proof Record, Lead, checkout, and purchase value.

When a purchase completes or an evidence email is forwarded into your draft, our server may also send a pseudonymised conversion event to the configured advertising platforms. Server-side events may contain:

• The event name (for example Purchase or Lead).
• A hashed (SHA-256) form of your email address. The platform cannot read your email; it can only check whether the hash matches an account hash it already holds.
• A hashed internal customer reference.
• For purchases: the amount paid, the currency, the plan code, and the Stripe session id.

We do not send your name, address, the property, the tenant, rent figures, uploaded file names, or the evidence content to Meta. Browser page-view events may include the page URL. You can object to this measurement at any time by writing to office@ledgerandlease.co.uk; objection is honoured account-wide.

7. How long we keep data

• Draft evidence: kept while a draft is active; discarded or merged at the point you issue or delete the draft.
• Issued proof records: kept for as long as the verification link remains available, so verification remains possible.
• Payment and tax records: kept for at least six years, as required by HMRC.
• Operational logs: kept for up to 90 days unless an incident extends the retention window.

8. Your rights under UK GDPR

You may ask us to access, correct, or erase the personal data we hold about you; to restrict or object to processing; or to receive your data in a portable format. Write to office@ledgerandlease.co.uk. We respond within one calendar month.

Erasure may be limited where a public verification record is relied on by a third party, or where we are obliged to retain information for tax, accounting, or legal reasons.

You also have the right to complain to the Information Commissioner’s Office (ico.org.uk).

9. Security

We use transport encryption, access controls, and audit logging. Forwarded email is inspected only for the purpose of building a draft. We aim to fix material security issues quickly; the service status page records any user-facing incident.

10. Children

Ledger & Lease is for adults acting in a tenancy capacity. We do not knowingly collect data from anyone under 18.

11. Changes

We update this policy when our processing changes. Material changes are noted in service notices.