Privacy Policy

Last updated: March 2026

LetChamp is a product of Frosse Ltd ("we", "us", "our"), a company registered in England and Wales (Company No. 10131141). We are committed to protecting your privacy and handling your data responsibly.

This policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who is the data controller?

Frosse Ltd is the data controller for personal data processed through LetChamp. If you have questions about how we handle your data, contact us at privacy@letchamp.com.

2. What data we collect

Account data: When you register, we collect your name, email address, and password (stored as an irreversible hash — we never store your actual password).

Property and portfolio data: Property addresses, compliance certificate details (types, dates, expiry dates, provider names, reference numbers), tenant names, contact details, tenancy dates, rent amounts, and expenses. This is the data you enter to manage your portfolio.

Documents: Certificate PDFs, receipts, and other files you upload.

Usage data: We log actions taken within the application (such as adding a property or updating a certificate) for security and audit purposes. We also collect basic analytics data such as pages visited and features used to improve the product.

Payment data: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number. Stripe provides us with a token, the last four digits of your card, and the card expiry date for your account management. Stripe's privacy policy applies to payment processing.

Technical data: IP address, browser type, and device information collected automatically when you use the service.

3. Why we collect it (lawful basis)

Contract performance: We process your account data, property data, and documents because they are necessary to provide the LetChamp service to you — this is the contract we enter into when you register.

Legitimate interests: We process usage data and technical data to maintain security, prevent fraud, improve the product, and provide customer support. We have assessed that these interests do not override your rights.

Consent: We send you compliance reminder emails based on your notification preferences. You can change these preferences or unsubscribe at any time in your account settings.

4. Tenant data you enter

You may enter personal data about your tenants (names, email addresses, phone numbers) into LetChamp to manage your tenancies. In this context, you are the data controller for your tenants' personal data and we are your data processor. You are responsible for ensuring you have a lawful basis to store your tenants' data and for responding to any data rights requests from your tenants.

We process tenant data only on your instructions and as necessary to provide the service. We do not use tenant data for any other purpose.

5. AI processing

When you upload a compliance certificate, we use an AI service to extract the expiry date from the document. The document content is sent to our AI provider (Anthropic) for processing. Only the document data is sent — it is not used to train AI models and is not retained by the AI provider beyond the processing request. We will clearly inform you whenever AI is used to process your data.

6. Where your data is stored

Your data is stored on servers located in the United Kingdom. Documents are stored using encrypted cloud storage. We use industry-standard security measures including encrypted connections (TLS), access controls, and database-level isolation between accounts.

7. Who we share data with

We share data only with the following categories of service provider, all of whom act as our data processors under appropriate contracts:

• Hosting provider: to store and serve the application and database.
• Stripe: to process payments.
• Email provider: to send compliance reminders and account notifications.
• AI provider (Anthropic): to extract certificate data from uploaded documents.

We do not sell your data to third parties. We do not share your data with advertisers. We will disclose data to law enforcement if required to do so by law.

8. How long we keep your data

We retain your account and portfolio data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (for example, financial records may need to be retained for up to 7 years).

Audit logs (records of actions taken in the system) are retained for 2 years for security purposes.

9. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Delete your personal data (subject to legal retention requirements).
• Export your data in a portable format.
• Restrict or object to certain processing.
• Withdraw consent for processing based on consent (such as marketing emails).

To exercise any of these rights, email privacy@letchamp.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

LetChamp uses only essential cookies required for the service to function (such as authentication tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Children

LetChamp is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email or through the application. The "last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

Frosse Ltd
Email: privacy@letchamp.com
Company No. 10131141
Registered in England and Wales