drrent

Privacy Policy

Last updated: 15 May 2026

This Privacy Policy explains how drrent ("we", "us") collects, uses and protects personal data when you use our Platform. We are the data controller for the personal data we process about you under the UK GDPR and the Data Protection Act 2018.

1. Data we collect

  • Account data: name, email, phone, password (hashed), role (tenant/landlord/contractor).
  • Tenant requirements: location, budget, household details, employment status, pets, notes.
  • Verification data: ID documents, credit check results, references - collected by our partners on our behalf.
  • Landlord & property data: property addresses, certificates (Gas, EPC, EICR), photos, listing details.
  • Contractor data: business name, qualifications, DBS, insurance documents.
  • Usage data: pages viewed, features used, IP address, browser type, device identifiers.
  • Communications: messages, viewing requests, support tickets.

2. Lawful bases

  • Contract - to operate your account and deliver the services you request.
  • Legal obligation - anti-fraud checks, accounting, responding to lawful requests.
  • Legitimate interests - keeping the Platform secure, preventing abuse, improving the service.
  • Consent - marketing emails, optional cookies, sensitive verification data. You can withdraw consent at any time.

3. Who we share data with

  • Other users: tenant contact details are shared with a landlord only after they unlock a verified lead.
  • Stripe Payments UK Ltd - payment processing.
  • Supabase / Cloudflare - hosting and infrastructure (data stored in EU/UK regions).
  • Verification partners - credit reference agencies (Equifax/Experian), referencing providers, ID verification providers.
  • Email provider - Resend, for transactional and notification emails.
  • Authorities - when required by law (e.g. court order, anti-fraud investigation).

We do not sell your personal data.

4. International transfers

Where data is transferred outside the UK/EEA, we rely on UK Addendum to the EU Standard Contractual Clauses or adequacy decisions to ensure equivalent protection.

5. Retention

  • Active accounts: for as long as your account is open.
  • Closed accounts: 30 days soft-delete grace period, then anonymised.
  • Financial records: 6 years (HMRC requirement).
  • Verification documents: up to 12 months after the related tenancy concludes, unless required for legal defence.
  • Marketing preferences and unsubscribes: retained indefinitely so we honour your choice.

6. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten") - subject to our legal obligations.
  • Restrict or object to processing.
  • Data portability - receive a copy of your data in a machine-readable format.
  • Withdraw consent at any time.
  • Complain to the Information Commissioner's Office (ICO) - ico.org.uk.

To exercise any right, email privacy@drrent.co.uk or use the data tools in your account settings (coming soon).

7. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest, role-based access controls, audit logging on sensitive operations, and least-privilege database policies (Row Level Security).

8. Cookies

See our Cookie Policy.

9. Children

The Platform is not intended for anyone under 18. We do not knowingly collect data from children.

10. Contact

Data protection enquiries: privacy@drrent.co.uk. General contact: Contact page.