PropertyScan is registered with the Information Commissioner's Office and operates in full compliance with the UK GDPR and Data Protection Act 2018. Your personal data is never sold, never shared unnecessarily, and always protected.
We only collect data that is necessary for operating a compliant property deal marketplace. Here is a full breakdown of every category of personal data we process.
| Category | Who | Purpose | Retention |
|---|---|---|---|
| Identity Documents | Both | Photo ID, proof of address, and for investors: proof of funds and source of wealth. Stored encrypted, accessed only by our compliance team. | 5 years (MLR 2017) |
| Account Information | Both | Name, email address, company name (sourcers), role, and verification status. Used to operate your account and communicate with you. | Duration of account + 2 years |
| Deal Data | Sourcers | Property details, photos, deal pack PDFs, asking price, sourcing fee, yield, ROI, and BMV figures submitted when listing a deal. | Duration of listing + 2 years |
| Transaction Records | Both | Payment amounts, Stripe payment intent IDs, transfer IDs, sourcing fees, and fee breakdowns. Required for financial record-keeping and AML compliance. | 5 years (MLR 2017) |
| Messages | Both | Messages exchanged between sourcers and investors via the platform messaging system. Monitored for compliance (contact detail sharing is blocked). | 2 years |
| Technical Data | Both | IP address, browser type, and page visit logs collected automatically via Supabase. Used for security monitoring and fraud prevention. | 90 days |
We use the following sub-processors to operate PropertyScan. We have Data Processing Agreements in place with each. Standard Contractual Clauses (SCCs) govern any transfers outside the UK.
Database, authentication, and file storage
๐ EU / US (SCCs in place)
Payment processing and Stripe Connect payouts
๐ US (SCCs in place)
Transactional email delivery
๐ US (SCCs in place)
Application hosting and CDN
๐ US (SCCs in place)
Under the UK GDPR, you have the following rights over your personal data. We take these seriously and will always respond promptly.
You can request a copy of all personal data we hold about you at any time. We will respond within 30 days.
If any data we hold is inaccurate or incomplete, you can request it be corrected. Contact us and we will update it promptly.
You can request deletion of your personal data where we no longer have a lawful basis to hold it. Note: data subject to AML retention requirements (5 years) cannot be deleted before that period expires.
You can request your personal data in a commonly used, machine-readable format to transfer to another service.
You can object to processing of your data for direct marketing at any time. We will cease that processing immediately.
In certain circumstances you can request that we restrict processing of your data while a complaint or correction is being addressed.
To exercise any of these rights, contact us at privacy@propertyscan.uk
The Information Commissioner's Office (ICO) is the UK's independent authority for data protection and privacy. Any organisation that processes personal data in the UK must be registered with the ICO under the Data Protection Act 2018. Operating without registration when required is a criminal offence.
Yes. The UK GDPR (as retained and amended by the Data Protection Act 2018) applies to all personal data we process. We have a lawful basis for every category of data we collect, maintain a data processing register, and have Data Processing Agreements in place with all third-party processors.
All documents are stored in Supabase Storage with row-level security (RLS), meaning no user can access another user's documents. Only authorised members of our compliance team can view verification documents. Documents are encrypted at rest and in transit.
Where we rely on consent as our lawful basis, you can withdraw it at any time. Note that for some processing (such as AML record-keeping), we have a legal obligation that overrides withdrawal of consent โ we will always be transparent about which basis applies.
Email us at privacy@propertyscan.uk with your request. We will acknowledge within 5 working days and respond in full within 30 days. If you are unsatisfied with our response, you can escalate to the ICO at ico.org.uk.
We are registered with the ICO, GDPR compliant, and handle your personal data with the care it deserves.