Skip to main content

Privacy Policy

Last updated: 12 April 2026

This Privacy Policy explains how CompliLet Ltd("CompliLet", "we", "us", or "our") collects, uses, stores, and protects personal data when you use the CompliLet platform, website (https://complilet.com), and WhatsApp-based services. We are registered with the Information Commissioner's Office (ICO) under UK data protection law.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions, contact us at hello@complilet.com.

1. Who We Are

CompliLet Ltd is the data controller for personal data processed through the CompliLet platform. We are a company registered in England and Wales. Our registered correspondence address and data protection queries should be directed to: hello@complilet.com.

2. What Personal Data We Collect

We collect personal data from two categories of user: landlords (who use CompliLet to manage their properties and screen tenants) and tenants (who are contacted by CompliLet as part of the screening process initiated by a landlord).

2.1 Landlords

  • WhatsApp phone number (used to identify your account and deliver reports)
  • Name and email address (for billing, support, and account management)
  • Property addresses (for compliance tracking and inspection scheduling)
  • Billing information (processed by our payment provider — CompliLet does not store card details)
  • Usage data (how you interact with the CompliLet service, for product improvement)

2.2 Tenants

  • Full name, date of birth, and contact details (WhatsApp number)
  • Government-issued photo ID (passport, UK driving licence, or Biometric Residence Permit)
  • Proof of income (payslips, bank statements, or accountant's letter)
  • Proof of address (utility bill, bank letter, or equivalent)
  • Immigration status documents and Home Office share codes (for Right to Rent compliance)
  • Employment details (employer name, employment type, income level)
  • Previous landlord details (for reference purposes)

2.3 Third Parties (References)

  • Name and WhatsApp number of previous landlords and employers contacted for references. These individuals are contacted only to the extent necessary to complete a reference check.

3. Legal Basis for Processing

We process personal data under the following legal bases (UK GDPR Article 6):

  • Contract performance — processing tenant data during screening is necessary to perform the screening contract between CompliLet and the landlord.
  • Legal obligation — Right to Rent checks are a legal requirement under the Immigration Act 2014 and must be carried out before a tenancy begins.
  • Legitimate interests — we process landlord usage data to improve the CompliLet platform and to communicate service updates.
  • Consent — where we send marketing communications to landlords, we do so only with explicit opt-in consent. Consent can be withdrawn at any time.

4. How We Use Your Data

4.1 Tenant data is used to:

  • Conduct the tenant screening process on behalf of the landlord
  • Verify identity, income, address, and immigration status
  • Chase references from previous landlords and employers
  • Generate a screening report and Right to Rent compliance certificate
  • Store records in line with the landlord's legal obligation to retain Right to Rent records

4.2 Landlord data is used to:

  • Provide the CompliLet screening and tenancy management service
  • Process subscription payments
  • Send compliance reminders and tenancy management alerts
  • Provide customer support
  • Improve the CompliLet platform (in aggregate, anonymised form)

5. Data Retention

We retain personal data only for as long as necessary. Our retention periods are:

  • Tenant screening records — retained for the duration of the tenancy plus 12 months, in line with the Home Office Right to Rent record-keeping requirement. After this period, all tenant documents and personal data are automatically and irreversibly deleted.
  • Landlord account data — retained for the duration of your CompliLet subscription plus 7 years (UK statutory accounting requirement for billing records). Personal contact details are deleted within 30 days of account closure.
  • Reference contact data (previous landlords and employers) — deleted within 30 days of the screening being completed or abandoned.

6. Data Security

CompliLet implements industry-standard security measures to protect all personal data:

  • AES-256 encryption for all data at rest
  • TLS 1.3 encryption for all data in transit
  • Access-controlled, UK-based cloud infrastructure (no data stored outside the UK/EEA)
  • Role-based access controls — CompliLet staff access only the minimum data needed to provide support
  • Automated deletion protocols for data past its retention period
  • Annual penetration testing and security review

7. Data Sharing

CompliLet does not sell personal data. We share data only in the following circumstances:

  • With the instructing landlord — screening reports, Right to Rent certificates, and documents collected are shared with the landlord who initiated the screening. The landlord is responsible for storing and handling this data in compliance with UK GDPR.
  • With payment processors — Stripe processes payment card data on our behalf. CompliLet does not store or access full card details.
  • With cloud infrastructure providers — Supabase (database) and Vercel (hosting), both operating under UK/EEA-compliant data processing agreements.
  • With Konfir (part of Experian)— when a tenant's employment and income is verified via the Konfir API, the tenant's name and phone number are shared with Konfir solely for the purpose of conducting the verification. Konfir is UK Government DIATF certified, ICO registered, ISO 27001 certified, and operates under a UK GDPR-compliant data processing agreement. Tenant consent is obtained directly by Konfir via SMS before any employment or income data is retrieved.
  • With the Home Office— if a tenant's Right to Rent expires and they cannot demonstrate a renewed right to rent, the landlord (not CompliLet) is legally required to report this to the Home Office under the Immigration Act 2014.
  • When required by law — we may disclose data to law enforcement or regulatory authorities where required by a valid legal order.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your data, subject to legal retention requirements.
  • Right to restrict processing — request that we limit how we use your data.
  • Right to data portability — request your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests or for marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at hello@complilet.comor message us on WhatsApp. We will respond within 30 days. If you are dissatisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies and Website Data

The CompliLet website (https://complilet.com) uses the following categories of cookies:

  • Strictly necessary cookies — required for the site to function. These cannot be disabled.
  • Analytics cookies — we use Vercel Analytics to understand aggregate site usage (no personally identifiable data is collected; IP addresses are anonymised).

We do not use advertising cookies, social media tracking cookies, or third-party retargeting cookies. You may disable analytics cookies in your browser settings without affecting site functionality.

10. Tenant Data and Landlord Responsibility

CompliLet processes tenant data as a data processor on behalf of the instructing landlord, who is the data controllerfor that tenant's data. Landlords are responsible for:

  • Informing tenants that their data will be processed by CompliLet on their behalf
  • Handling Right to Rent records in line with the Home Office Code of Practice
  • Complying with UK GDPR in their own use of data provided in screening reports

CompliLet's Data Processing Agreement (available on request) governs this controller-processor relationship.

11. International Transfers

All personal data processed by CompliLet is stored in UK or EEA-based infrastructure. We do not transfer personal data to countries outside the UK or EEA. Our sub-processors (Supabase, Vercel, Stripe, Konfir) operate under UK GDPR-compliant data processing agreements. Konfir is headquartered in the UK and processes all verification data within UK/EEA infrastructure.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify landlords via WhatsApp or email and update the "Last updated" date above. Continued use of the CompliLet service after notification constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, data subject requests, or concerns:

For complaints not resolved to your satisfaction: ico.org.uk/make-a-complaint