Lettd

Privacy Policy

Last updated: 26 February 2026

1. Who we are

Lettd operates as a Making Tax Digital service for UK landlords. We act as the data controller for the personal data you provide to us. This policy explains what we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

2. Data we collect

We collect the following when you use Lettd:

  • Email address and password (hashed — never stored in plain text)
  • Property information (address, type, rental details)
  • Financial transaction records (rental income and expenses)
  • National Insurance number (required for HMRC submissions)
  • HMRC authentication tokens (encrypted)
  • Stripe customer ID (for subscription management)
  • Basic usage analytics

3. How we use your data

We use your data to:

  • Manage your account and provide the service
  • Store your property records and transactions
  • Submit quarterly updates and End of Period Statements to HMRC on your behalf
  • Process your subscription payment via Stripe
  • Send you deadline reminders and service notifications
  • Provide customer support
  • Improve the product

We process your data on the basis of contractual necessity (to provide the service) and legitimate interests (to improve it).

4. Who we share your data with

We share data only with the following third parties, solely to provide the service:

  • HMRC — for your quarterly tax submissions
  • Supabase — database and storage infrastructure
  • Stripe — payment processing
  • Resend — transactional email delivery
  • Vercel — application hosting

We do not sell your data. We do not share it with advertisers or data brokers.

5. Data retention

We retain your data for as long as your account is active. If you delete your account, we remove your data within 30 days, except where we are required to retain it for legal or tax purposes (typically 6 years under HMRC record-keeping requirements).

6. Security

All data is encrypted in transit using TLS 1.2+ and encrypted at rest. Access to your data within the application is restricted to your account only via row-level security.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data (right to erasure)
  • Export your data in a portable format (CSV export is available in your account)
  • Restrict or object to certain processing
  • Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, contact us at hello@lettd.app.

8. Cookies

We use only essential session cookies required to keep you logged in. We do not use advertising or tracking cookies.

9. Changes to this policy

If we make material changes to this policy, we'll notify you by email before they take effect.

10. Contact

Questions about this policy? Email us at hello@lettd.app.