Privacy policy

1. Who we are

SavvyPlace Ltd (“we”, “us”) operates savvyplace.co.uk, a self-management portal for Right to Manage (RTM) leaseholders in England and Wales. We are the data controller for the personal data described in this policy.

SavvyPlace Ltd is a company registered in England and Wales. Company number: 17208717. Registered address: 167-169 Great Portland Street, 5th Floor, London W1W 5PF.

We are registered with the Information Commissioner's Office (ICO) as a data controller. Registration number: ZC147903. View our entry on the ICO register.

Contact: privacy@savvyplace.co.uk

2. What personal data we collect

• Account data — name, email address, and a hashed password when you create an account.
• Phone number — only if you enable SMS two-factor authentication.
• Building membership — which building(s) you belong to and your role (resident, director, or lead director).
• Content you create — discussion posts, comments, maintenance reports, votes, financial transactions, and uploaded documents.
• Payment information — processed by Stripe; we store only a Stripe customer ID, never card details.
• Device identifiers — if you enable push notifications, we store the browser push subscription endpoint and encryption keys.
• AI feature content — questions you type in the leasehold advice chat, and the text of discussion threads you request an AI summary of. Author names are stripped before summaries are generated; advice chat content is not stored on our servers after the response is returned.

3. Why we process it (lawful basis)

• Performance of contract (UK GDPR Art 6(1)(b)) — providing the portal service you signed up for: account management, building management, document storage, voting, and financial records.
• Legitimate interest (Art 6(1)(f)) — sending operational notifications (maintenance updates, vote deadlines, compliance reminders) and hosting the service securely.
• Consent (Art 6(1)(a)) — SMS two-factor authentication and browser push notifications, both of which you explicitly opt into.
• Performance of contract (Art 6(1)(b)) — processing content you submit to the leasehold advice chat and thread summarisation features, which are part of the portal service.

4. Who we share it with

We share personal data only with the following processors, each of which has a Data Processing Agreement in place:

• Neon — Postgres database hosting (London region, eu-west-2).
• Amazon Web Services (S3) — document storage (London region, eu-west-2).
• SendGrid (Twilio) — transactional email delivery.
• Twilio — SMS verification codes (only if you enable SMS 2FA).
• Vercel — application hosting.
• Stripe — subscription payment processing.
• Upstash — Redis-backed rate limiting to protect the service from abuse. We only send pseudonymised identifiers (HMAC-hashed IP addresses, email addresses, and user IDs) — never your raw email or IP address. London region (AWS eu-west-2).
• Sentry — error monitoring so we can find and fix bugs. Receives a stable user id, the URL path (no query strings), and the technical details of the error. Names, emails, IP addresses, request bodies, and cookies are stripped before anything is sent. EU region (Frankfurt).
• OpenAI— AI language model processing for the leasehold advice chat and discussion thread summarisation. Content you submit to these features is sent to OpenAI's API (processed in the US under Standard Contractual Clauses). OpenAI does not use API-submitted data to train its models by default. See OpenAI's API data privacy policy.

We do not sell personal data to anyone.

5. What other members of your building can see

Inside the portal, your name and which building you belong to are visible to every other member of that building, so neighbours know who lives in the building and votes and discussions can be attributed to a real person.

Your email address is visible only to the directors of your building, who use it for building administration (such as following up on votes, maintenance issues, or membership changes). Other residents cannot see your email address.

Your phone number is never shown to other members of the building. It is used only to send you SMS two-factor authentication codes, if you enable that option.

6. How long we keep it

• Account data — until you delete your account.
• Building records(documents, transactions, votes) — retained for the building's configured retention period (minimum 6 years, to comply with HMRC and Companies Act requirements), then automatically deleted.
• SMS verification codes — expire after 5 minutes.
• Session cookies — expire after 24 hours (7-day absolute maximum).

See our full retention schedule for details.

7. Your rights

Under the UK GDPR, you have the right to:

• Access your personal data (Article 15).
• Rectify inaccurate data (Article 16).
• Eraseyour data (Article 17) — use the “Delete my account” option in Settings > Security.
• Data portability (Article 20) — request a copy of your data in a machine-readable format.
• Object to processing based on legitimate interest (Article 21).
• Withdraw consent at any time for SMS 2FA or push notifications, by disabling them in your settings.

To exercise any of these rights, email privacy@savvyplace.co.uk. We will respond within 30 days.

8. Cookies

As of the last review, SavvyPlace uses only strictly necessary cookies for authentication (session management). We currently use no analytics cookies, advertising cookies, or third-party tracking. Because the cookies we do set are essential for the service to function, no consent banner is required under the Privacy and Electronic Communications Regulations (PECR). If we ever add cookies that fall outside the strictly necessary exemption, we will introduce a consent mechanism before they are loaded.

We also store a small number of UI preferences in your browser's local or session storage. These are not cookies, are not sent to any server, and do not identify or track you across sites or sessions:

• Theme — your light or dark mode choice (localStorage).
• Animation play state— whether the home-page Savvy the Seal animation is playing or paused; respects your operating system's “reduce motion” setting (localStorage).
• Notification panel auto-open — a one-shot flag, scoped to a single browser session, so the notifications panel only opens itself on your first dashboard visit after sign-in (sessionStorage).

9. Security

All data is encrypted in transit (HTTPS/TLS) and at rest (Neon database and S3 encryption). Passwords are hashed with bcrypt (12 rounds). Row Level Security is enabled on all database tables. Access to personal data is restricted by authentication guards and role-based permissions.

10. Complaints

If you are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113

11. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page will always reflect the most recent version. If we make significant changes, we will notify you via the portal.