Privacy Policy
Last updated: 11 April 2026
1. Who we are
ProperDocs is an AI-powered tenancy agreement service for UK private landlords. For the purposes of UK GDPR, ProperDocs is the data controller for personal data collected through this website.
To contact us about your data, please use the contact page.
2. Data we collect
Account data
If you create an account, we store your email address via Supabase Auth. We use this solely to authenticate you and associate your generated documents with your account.
Document content
When you generate a tenancy agreement, the form data you submit (landlord name, property address, tenant details, tenancy terms) is sent to an AI model to produce the document. If you are signed in, the resulting document is stored in our database so you can retrieve it later. Anonymous users' documents are not persisted.
IP address
We apply rate limiting to prevent abuse. Your IP address is held in memory for up to 10 minutes solely for this purpose and is never written to a database or shared.
Contact form
If you use the contact form, we collect your name, email address, and message in order to respond to your enquiry. This data is transmitted to us by email and is not stored in our database.
3. Lawful basis for processing
- Contract performance — processing your form data and generating a document is necessary to deliver the service you requested.
- Legitimate interests — rate limiting and fraud prevention.
- Consent — where you voluntarily create an account or submit a contact form.
4. How we share your data
We do not sell your personal data. We share it only with:
- Supabase — our database and authentication provider, hosted in the EU (West Europe). Data processing agreement in place.
- Anthropic — the AI provider that processes your form content to generate the tenancy agreement. Please review Anthropic's privacy policy.
- Stripe — payment processing (once enabled). Stripe handles all card data; we never see or store it.
- Resend — used to deliver contact form submissions to us by email.
5. Data retention
Account data and saved documents are retained until you delete your account. You can request deletion at any time via the contact page and we will remove your data within 30 days.
6. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data ("right to be forgotten").
- Restriction — ask us to limit how we process your data.
- Portability — receive your data in a machine-readable format.
- Object — object to processing based on legitimate interests.
To exercise any of these rights, please contact us. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
7. Cookies
We use a small number of cookies that are strictly necessary for the service to function. We do not use advertising or tracking cookies.
| Cookie | Purpose | Duration |
|---|---|---|
| sb-* | Supabase session authentication. Keeps you logged in. | Session / 1 week |
Because these cookies are strictly necessary for the service to work, they are set without requiring your consent under the Privacy and Electronic Communications Regulations (PECR).
8. Security
All data is transmitted over HTTPS. Supabase enforces row-level security so that you can only access your own documents. We do not store payment card details.
9. Changes to this policy
We may update this Privacy Policy from time to time. The "last updated" date at the top of this page will always reflect the most recent revision. Significant changes will be communicated via the service.
10. Governing law
This Privacy Policy is governed by the laws of England and Wales and UK GDPR.