Locastica Privacy Policy
1. Introduction
Locastica provides licensing intelligence for England's private rented sector. This Privacy Policy explains how we collect, use, store, and protect personal data when you use locastica.com and the related product experience.
Data Controller: Locastica
Contact: privacy@locastica.com
2. Personal Data We Collect
2.1 Information you provide directly
| Data type | Examples | Purpose |
|---|---|---|
| Account information | Name, email address | Account creation, authentication, service communication |
| Property information | Address, postcode, portfolio metadata | Licensing analysis and monitoring |
| Uploaded documents | Certificates, notes, supporting files | Document storage and product workflows |
| Customer support messages | Emails, support context | Support and issue resolution |
| Billing metadata | Stripe customer, subscription, and payment status data | Subscription management |
2.2 Information collected automatically
| Data type | Examples | Purpose |
|---|---|---|
| Usage data | Pages visited, journeys completed, feature usage | Product improvement and troubleshooting |
| Device data | Browser, OS, IP address, approximate region | Security and reliability |
| Session data | Authentication cookies, session identifiers | Sign-in and account protection |
| Operational telemetry | Error and performance signals | Service health and debugging |
2.3 Information from third parties
| Source | Data type | Purpose |
|---|---|---|
| Google account sign-in data via WorkOS | Name, email address, basic profile identity needed for sign-in | Authentication, account creation, session continuity |
| WorkOS | Authentication identity and session data | Sign-in and account security |
| Stripe | Billing and subscription status data | Payments and subscription lifecycle |
| Postcodes.io and similar enrichment providers | Postcode and location metadata | Property enrichment and lookup support |
3. How We Use Personal Data
- create and manage user accounts
- authenticate users and protect accounts
- use Google sign-in data, where a user chooses Google authentication, to verify identity, create or match an account, and maintain access to the service
- deliver licensing-intelligence product features
- process subscription and billing events
- provide customer support
- monitor uptime, security, and service reliability
- improve the product using aggregated or consented analytics
- comply with legal obligations
4. Data Sharing And Disclosure
We share personal data only where needed to operate the service, for example with cloud hosting providers, authentication providers, payment providers, email delivery providers, analytics providers where consent has been given, and processors supporting product operations under contract.
We do not share identifiable personal data for third-party advertising or resale.
We do not sell Google user data and we do not use Google user data for advertising.
We may disclose information if required by law, court order, or where necessary to protect our rights, users, or the integrity of the service.
5. Data Retention And Deletion
| Data type | Typical retention |
|---|---|
| Account data | Until deletion request, plus reasonable retention for audit and legal purposes |
| Property and workspace data | Until deleted by the user or removed under retention policy |
| Uploaded documents | Retained while active in the workspace, then removed under product retention rules |
| Billing records | Retained as required for tax, accounting, and fraud-prevention purposes |
| Audit and operational logs | Retained for a limited period for security and debugging |
When deletion is requested, we delete or anonymize personal data within a reasonable operational period, except where we must retain it for legal, security, or accounting reasons.
6. Security
We use reasonable technical and organisational measures to protect personal data, including secure transport, access controls, and operational monitoring. No internet service can be guaranteed completely secure, but we work to reduce risk and respond quickly to incidents.
7. Cookies And Analytics
When you first visit Locastica, we ask whether you want to allow analytics cookies. You can accept or decline. Your choice is stored so we can respect it on future visits.
If you decline analytics cookies, analytics tracking will not be enabled for your session, though strictly necessary operational telemetry may still be used for security and reliability.
8. Your Rights
Subject to applicable law, you may have the right to:
- access personal data we hold about you
- correct inaccurate personal data
- request deletion of personal data
- request restriction of processing
- object to certain processing
- receive portable copies of certain data
- withdraw consent where consent is the legal basis
To exercise these rights, contact privacy@locastica.com.
9. Changes To This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated effective date.