Privacy Policy

Last updated: March 2026

⚠️

Legal review required. This policy is draft placeholder content and must be reviewed by a qualified solicitor and updated with ICO registration number before launch.

1. Who We Are

Data Controller: The Emergency Accommodation Company Ltd, registered in England and Wales.

Contact for data matters: privacy@theemergencyaccommodationcompany.com

ICO Registration: [Registration number to be added before launch]

2. What Data We Collect

  • Account data: Name, email address, phone number, organisation name.
  • Host profile data: Company registration details, VAT number, address, compliance documents, identity documents.
  • Listing data: Property details, photographs, availability, pricing.
  • Enquiry data: Enquiry content, contact preferences, move-in requirements.
  • Billing data: Payment method type (card/BACS), last 4 digits, billing history. Full card details are held by Stripe — not by us.
  • Usage data: Login events, search queries, listing views, enquiry history.

3. Lawful Basis for Processing

  • Contract: To provide the platform service to registered users and hosts.
  • Legal obligation: Compliance document retention, billing records (7 years for HMRC).
  • Legitimate interests: Platform security, fraud prevention, improving our service.
  • Consent: Marketing emails (optional, can be withdrawn at any time).

4. Third Parties We Share Data With

  • Stripe — payment processing. Data Processing Agreement in place.
  • Resend — transactional email delivery.
  • Cloudinary — image and document storage.
  • Go High Level — CRM for host relationship management. Data Processing Agreement in place.
  • Neon / PostgreSQL — database hosting (UK/EU region).

We do not sell your personal data to any third party.

5. Data Retention

  • User and host account data: 3 years after account closure.
  • Compliance documents: 3 years after document expiry.
  • Billing records: 7 years (HMRC legal requirement).
  • Enquiry records: Anonymised on account deletion; record structure retained indefinitely.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of all data we hold about you (Subject Access Request).
  • Right to rectification — correct inaccurate data.
  • Right to erasure — request deletion of your account and personal data (subject to legal retention obligations).
  • Right to restriction — restrict processing in certain circumstances.
  • Right to portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — for any processing based on consent (e.g., marketing emails).

To exercise any of these rights, contact us at privacy@theemergencyaccommodationcompany.com or use your privacy dashboard if you're logged in.

7. Cookies

We use essential cookies required for the platform to function (authentication session). We will request your consent before setting any optional analytics or marketing cookies. See our Cookie Policy [link to be added].

8. Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and access controls. We never store full payment card details.

9. Complaints

If you're unhappy with how we've handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or via a notice on the platform.