Privacy Policy

Last Updated: 30 October 2025

1. Introduction

1.1 QUALISYNC LIMITED (trading as "Lettie") ("we", "us", "our") is committed to protecting your privacy and ensuring your personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.2 This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website (asklettie.com) and our AI-powered WhatsApp chatbot service (the "Service").

1.3 Company Details:

Legal Name: QUALISYNC LIMITEDCompany Number: 16392735Registered Office: Unit A, 82 James Carter Road, Mildenhall, United Kingdom, IP28 7DETrading As: LettieEmail: support@asklettie.comICO Registration: Application C1814430

1.4 By using our Service or website, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Who This Policy Applies To

This Privacy Policy applies to:

  • Landlords who register for and use our Service
  • Tenants whose landlords have enrolled them in the Service
  • Website visitors to asklettie.com
  • Prospective customers who contact us or sign up for marketing

3. Data Controller vs Data Processor

3.1 For Landlord Data:

We act as the Data Controller for personal data we collect directly from landlords (account information, billing details, etc.).

3.2 For Tenant Data:

We act as the Data Processor on behalf of landlords (who are the Data Controllers) when processing tenant personal data. Landlords are responsible for:

  • Obtaining valid consent from tenants
  • Ensuring they have a lawful basis to share tenant data with us
  • Informing tenants of their data protection rights
  • Maintaining records of consent

3.3 We process tenant data only on the lawful instructions of landlords and in accordance with this Privacy Policy and our Terms and Conditions.

4. What Personal Data We Collect

4.1 Information from Landlords

When you register for and use our Service, we collect:

Account Information:

  • Full name
  • Email address
  • Phone number
  • Company name (if applicable)
  • Password (encrypted)

Billing Information:

  • Payment card details (processed and stored by Stripe - we do not store full card details)
  • Billing address
  • Transaction history

Property Information:

  • Property addresses you manage
  • Number of properties
  • Property-related notes or details you provide

Communication Data:

  • Contact preferences (email, phone, WhatsApp)
  • Your communications with us (support emails, feedback)
  • Records of your interactions with our Service

Usage Data:

  • How you use the Service
  • Features you access
  • Time spent on the platform
  • Technical data (IP address, browser type, device information)

4.2 Information About Tenants

When landlords onboard tenants (with their consent), we collect:

Tenant Contact Information:

  • First name
  • Phone number (for WhatsApp)

Chat Data:

  • All WhatsApp messages between tenants and our AI chatbot
  • Timestamps of conversations
  • Issues reported and resolutions provided
  • Escalation records

Technical Data:

  • WhatsApp metadata
  • Message delivery status

4.3 Information from Website Visitors

When you visit asklettie.com, we may collect:

  • Technical Information: IP address, browser type, device information, operating system
  • Usage Information: Pages viewed, time spent, click patterns, referring websites
  • Cookie Data: See Section 10 (Cookie Policy) for details

4.4 Information You Provide Voluntarily

  • Demo interactions: If you use our demo chatbot on the website
  • Marketing communications: If you subscribe to our newsletter or updates
  • Feedback: Through Canny or customer surveys
  • Support requests: Via Crisp live chat or email

5. How We Collect Personal Data

We collect personal data through:

Directly from you:

  • When you create an account
  • When you onboard tenants
  • When you contact us for support
  • When you fill out forms on our website
  • When you subscribe to marketing communications

Automatically:

  • Through cookies and similar technologies on our website
  • Through your use of the Service
  • Through WhatsApp Business API interactions

From third parties:

  • Stripe (payment confirmation and billing data)
  • WhatsApp (message delivery status, technical metadata)
  • Landlords (for tenant data - with tenant consent)

6. Legal Basis for Processing

We process your personal data under the following legal bases:

6.1 For Landlords:

Contract Performance (Article 6(1)(b) UK GDPR):

  • To provide the Service you've subscribed to
  • To process payments
  • To manage your account
  • To provide customer support

Legitimate Interests (Article 6(1)(f) UK GDPR):

  • To improve our Service and develop new features
  • To detect and prevent fraud or abuse
  • To analyze usage patterns
  • To send service-related communications
  • To maintain security and prevent cyber attacks

Consent (Article 6(1)(a) UK GDPR):

  • To send marketing emails (you can opt out anytime)
  • To use cookies for analytics and marketing (where required)

Legal Obligation (Article 6(1)(c) UK GDPR):

  • To comply with tax and accounting requirements
  • To respond to legal requests or court orders

6.2 For Tenants:

Consent (Article 6(1)(a) UK GDPR):

  • Processing tenant data is based on consent obtained by the landlord
  • Tenants can withdraw consent at any time by contacting us or their landlord

Legitimate Interests (Article 6(1)(f) UK GDPR):

  • To improve AI accuracy and Service quality (using anonymized data where possible)

6.3 Special Note on Children

If a tenant is under 18, parental or guardian consent must be obtained by the landlord before onboarding them to the Service. We do not knowingly collect data from children without appropriate consent.

7. How We Use Personal Data

7.1 To Provide the Service

  • Create and manage your account
  • Process tenant maintenance requests via AI chatbot
  • Escalate issues to landlords when necessary
  • Provide 24/7 automated support to tenants
  • Store chat history for your reference
  • Send service notifications and updates
  • Process payments and manage subscriptions
  • Provide customer support

7.2 To Improve Our Service

  • Train and improve our AI models
  • Analyze usage patterns to enhance features
  • Identify and fix technical issues
  • Develop new features and functionality
  • Conduct research and analytics
  • Test new technologies

7.3 To Communicate with You

  • Send service-related emails (account confirmations, billing notices, security alerts)
  • Respond to your inquiries and support requests
  • Send marketing communications (if you've opted in)
  • Provide product updates and newsletters
  • Request feedback on our Service

7.4 For Business Operations

  • Detect and prevent fraud or misuse
  • Comply with legal obligations
  • Enforce our Terms and Conditions
  • Protect our rights and property
  • Resolve disputes
  • Maintain security and prevent cyber attacks

7.5 AI Training and Development

  • We use chat logs and interactions to train our AI models
  • Where possible, we anonymize or pseudonymize data used for training
  • This helps improve response accuracy and safety detection
  • Personal identifiers are removed where appropriate for training purposes

8. Who We Share Data With

We may share your personal data with the following categories of recipients:

8.1 Essential Service Providers

Payment Processing:

  • Stripe - Processes all payments securely (PCI-DSS compliant)

AI and Technology:

  • Google AI - AI processing and natural language understanding
  • Perplexity AI - AI processing and knowledge retrieval
  • WhatsApp Business API - Message delivery and communications
  • Twilio - Communications infrastructure

Infrastructure and Hosting:

  • Vercel - Website and application hosting
  • Hostinger - Additional hosting services
  • Neon - Database hosting and management

Communication Services:

  • Resend - Email delivery services
  • Crisp - Live chat customer support
  • Canny - Customer feedback collection

Analytics and Monitoring:

  • Google Analytics - Website analytics (when implemented)
  • Tinybird - Data analytics and monitoring

8.2 Legal and Compliance

We may share data with:

  • Law enforcement or regulatory authorities when required by law
  • Legal advisors in connection with legal proceedings
  • Government bodies for tax or regulatory compliance
  • Courts or tribunals when necessary

8.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner (you will be notified).

8.4 With Your Consent

We may share data with other parties when you've given explicit consent.

8.5 What We DON'T Do

We do NOT:

  • Sell your personal data to third parties
  • Share data with advertisers for targeted advertising
  • Use data for purposes unrelated to the Service
  • Share tenant data with anyone other than their landlord (except service providers as listed above)

9. International Data Transfers

9.1Some of our service providers may store or process data outside the United Kingdom and European Economic Area (EEA), particularly in the United States.

9.2 Countries Involved:

  • United States: Google AI, Perplexity AI, Stripe, potentially others

9.3 Safeguards in Place:We ensure international transfers comply with UK GDPR through:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
  • Adequacy decisions where applicable
  • Service provider certifications and security commitments
  • Data Processing Agreements with all processors

9.4Where data is transferred to the US, we ensure providers comply with appropriate data protection frameworks and have adequate security measures in place.

9.5You have the right to obtain information about the safeguards we use for international transfers by contacting us.

10. Cookie Policy

10.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide a better user experience and analyze website performance.

10.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Required for the website to function
  • Enable core features like account login and security
  • Cannot be disabled
  • Legal basis: Legitimate interests (essential for Service provision)

Analytics Cookies:

  • Google Analytics (when implemented) - Tracks website usage, visitor behavior, and performance metrics
  • Helps us understand how users interact with our website
  • Data is anonymized where possible
  • Legal basis: Consent (you can opt out via cookie banner)

Functional Cookies:

  • Remember your preferences and settings
  • Enhance user experience
  • Legal basis: Consent

Marketing Cookies (if implemented in future):

  • Track visitor activity to show relevant advertisements
  • Measure campaign effectiveness
  • Legal basis: Consent (opt-in required)

10.3 Managing Cookies

Browser Settings:You can control cookies through your browser settings:

  • Block all cookies
  • Delete existing cookies
  • Set preferences for specific websites

Cookie Banner:When you first visit our website, you'll see a cookie banner allowing you to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize your cookie preferences

Note: Disabling necessary cookies may affect website functionality.

10.4 Third-Party Cookies

Third-party services (like Google Analytics) may set their own cookies. We don't control these cookies. Refer to their privacy policies:

10.5 Cookie Duration

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Remain until expiry date or manual deletion (typically 12-24 months)

11. Data Retention

11.1 Active Accounts

We retain your data for as long as:

  • Your account remains active
  • Necessary to provide the Service
  • Required by law or legitimate business purposes

11.2 Cancelled Subscriptions

If you cancel your subscription but don't delete your account:

  • Account data is retained until you manually delete the account
  • Chat logs remain accessible to you
  • Tenant data remains until you remove it or delete your account

11.3 Deleted Accounts

When you delete your account:

  • All personal data is deleted immediately
  • This includes all landlord and tenant information
  • Chat logs are permanently deleted
  • Backups are overwritten within 30 days

11.4 Tenant Data Deletion

  • When a landlord removes a tenant or property:
    • Data is deleted immediately from active systems
    • Backups are overwritten within 30 days
  • When a tenant requests deletion:
    • Data is deleted immediately upon verification
    • We notify the landlord of the deletion

11.5 Legal and Compliance Retention

We may retain certain data longer if:

  • Required by law (e.g., tax records - typically 6 years)
  • Necessary for legal proceedings or disputes
  • Needed to comply with regulatory requirements
  • Retained data is stored securely and access is restricted.

11.6 Anonymized Data

We may retain anonymized, aggregated data indefinitely for:

  • AI model training and improvement
  • Statistical analysis
  • Service development
  • This data cannot identify individuals.

12. Data Security

12.1 Security Measures

We implement appropriate technical and organizational measures to protect your data:

Technical Measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure authentication and password hashing
  • Regular security updates and patches
  • Firewalls and intrusion detection systems
  • Secure API integrations
  • Regular backups stored securely

Organizational Measures:

  • Access controls and role-based permissions
  • Staff training on data protection
  • Confidentiality agreements with employees and contractors
  • Data Protection Impact Assessments for high-risk processing
  • Incident response procedures
  • Regular security audits

Service Provider Security:

  • All third-party processors meet high security standards
  • Data Processing Agreements in place
  • Regular vendor security assessments

12.2 Your Security Responsibilities

You are responsible for:

  • Keeping your password confidential
  • Using a strong, unique password
  • Notifying us immediately of any unauthorized access
  • Logging out of shared devices
  • Keeping your contact information up to date

12.3 Data Breach Notification

If we experience a data breach that poses a risk to your rights:

  • We will notify the ICO within 72 hours (as required by law)
  • We will notify affected individuals without undue delay
  • We will provide information about the breach and steps being taken
  • We will offer guidance on protecting yourself

13. Your Data Protection Rights

Under UK GDPR, you have the following rights:

13.1 Right of Access (Article 15)

  • You can request:
    • Confirmation that we process your data
    • A copy of your personal data
    • Information about how we use it
  • How to exercise: Contact us via support@asklettie.com or our website contact page
  • Response time: Within 1 month (free of charge for first request)

13.2 Right to Rectification (Article 16)

  • You can request correction of:
    • Inaccurate personal data
    • Incomplete personal data
  • How to exercise: Update your account settings or contact us

13.3 Right to Erasure / "Right to be Forgotten" (Article 17)

  • You can request deletion of your data when:
    • No longer necessary for the purposes collected
    • You withdraw consent (where consent is the legal basis)
    • You object to processing (with no overriding legitimate grounds)
    • Data was unlawfully processed
    • Required by legal obligation
  • How to exercise: Delete your account or contact us
  • Limitations: We may retain data if required by law or for legitimate interests (e.g., ongoing legal proceedings)

13.4 Right to Restriction of Processing (Article 18)

  • You can request we restrict processing when:
    • You contest the accuracy of data
    • Processing is unlawful but you don't want erasure
    • We no longer need the data but you need it for legal claims
    • You've objected to processing pending verification
  • How to exercise: Contact us

13.5 Right to Data Portability (Article 20)

  • You can request:
    • Your data in a structured, commonly used format
    • Transfer of data to another controller
  • How to exercise: Contact us - we'll provide data in CSV or JSON format
  • Applies to: Data processed by automated means based on consent or contract

13.6 Right to Object (Article 21)

  • You can object to:
    • Processing based on legitimate interests
    • Direct marketing (including profiling)
    • Processing for research or statistical purposes
  • How to exercise:
    • Marketing: Click unsubscribe in emails or contact us
    • Other processing: Contact us with reasons for objection

13.7 Rights Related to Automated Decision-Making (Article 22)

  • Our AI chatbot makes automated decisions about escalating issues. You have the right to:
    • Be informed about the logic involved
    • Express your point of view
    • Contest the decision
    • Request human intervention
  • Note: Tenants can always request direct escalation to their landlord, overriding AI decisions.

13.8 Right to Withdraw Consent

  • Where processing is based on consent, you can withdraw it at any time:
    • This doesn't affect the lawfulness of processing before withdrawal
    • We will stop processing unless we have another legal basis
  • How to exercise: Contact us or your landlord (for tenant data)

13.9 Right to Lodge a Complaint

  • You have the right to complain to the supervisory authority:
    • Information Commissioner's Office (ICO)
    • Website: https://ico.org.uk
    • Helpline: 0303 123 1113
    • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • We encourage you to contact us first so we can try to resolve your concern.

13.10 How to Exercise Your Rights

For Landlords:

  • Email: support@asklettie.com
  • Contact page: asklettie.com/contact
  • Account settings (for some rights)

For Tenants:

  • Contact us via website contact page
  • Contact your landlord who can forward the request
  • Email: support@asklettie.com

We will:

  • Respond within 1 month (extendable by 2 months for complex requests)
  • Verify your identity before processing requests
  • Provide information free of charge (unless requests are manifestly unfounded or excessive)

14. Marketing Communications

14.1 What Marketing We Send

With your consent, we may send:

  • Product updates and new features
  • Tips for using Lettie effectively
  • Industry news and insights
  • Special offers or promotions
  • Newsletter and blog updates
  • Webinar or event invitations

14.2 Legal Basis

  • For landlords: Soft opt-in (legitimate interest for existing customers) or explicit consent for non-customers
  • We comply with the Privacy and Electronic Communications Regulations (PECR)

14.3 Frequency

  • We aim to send marketing emails no more than twice per month
  • Frequency may vary based on your preferences

14.4 Managing Preferences

You can:

  • Unsubscribe: Click the unsubscribe link in any marketing email
  • Update preferences: Manage which types of emails you receive via your account settings
  • Opt out completely: Contact us to opt out of all marketing
  • Note: You'll still receive essential service-related emails (account notifications, billing updates, security alerts) even if you opt out of marketing.

14.5 Service Communications

These are not marketing and cannot be opted out of:

  • Account creation confirmations
  • Password reset emails
  • Billing and payment notifications
  • Security alerts
  • Changes to Terms or Privacy Policy
  • Service disruption notifications
  • Support responses

15. Third-Party Links

15.1 Our website and Service may contain links to third-party websites, services, or applications.

15.2 We are not responsible for the privacy practices of third parties. This Privacy Policy applies only to Lettie.

15.3 We encourage you to review the privacy policies of any third-party sites you visit.

15.4 Third-party services we integrate with:

  • Stripe: https://stripe.com/privacy
  • WhatsApp: https://www.whatsapp.com/legal/privacy-policy
  • Google: https://policies.google.com/privacy

16. Children's Privacy

16.1 Our Service is not intended for children under 13 years of age.

16.2 We do not knowingly collect personal data from children under 13.

16.3 For tenants aged 13-17:

  • Landlords must obtain parental or guardian consent before onboarding
  • Parents/guardians can exercise data rights on behalf of their child
  • We process such data with extra care and limited retention

16.4 If we become aware we've collected data from a child under 13 without proper consent:

  • We will delete the data immediately
  • We will notify the landlord
  • We may suspend the landlord's account if there's systematic non-compliance

16.5 If you believe we have data from a child without proper consent, contact us immediately at support@asklettie.com.

17. Changes to This Privacy Policy

17.1 We may update this Privacy Policy from time to time to reflect:

  • Changes to our practices
  • Legal or regulatory requirements
  • New features or services
  • Feedback from users or regulators

17.2 How we notify you:

  • Email notification at least 7 days before material changes take effect
  • Updated "Last Updated" date at the top of this policy
  • Prominent notice on our website
  • In-app notification (if applicable)

17.3 Material changes include:

  • New purposes for data processing
  • New categories of data collected
  • Changes to data retention periods
  • New third-party recipients of data
  • Changes to your rights
  • International transfers to new countries

17.4 Non-material changes (e.g., clarifications, formatting, minor updates) may be made without specific notice.

17.5 Your acceptance:

  • Continued use of the Service after changes take effect means you accept the updated policy
  • If you don't agree, you must stop using the Service and may request deletion of your data

17.6 We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.

18. Data Protection Officer

18.1 Our Data Protection Officer (DPO) is responsible for overseeing our data protection practices and ensuring compliance with UK GDPR.

18.2 Contact our DPO:

  • Data Protecion Officer
  • Email: data@asklettie.com
  • Address: Unit A, 82 James Carter Road, Mildenhall, United Kingdom, IP28 7DE

18.3 Contact us about:

  • Questions about this Privacy Policy
  • Exercising your data protection rights
  • Concerns about how your data is handled
  • Data breaches or security issues
  • Complaints or feedback

19. Legal Framework

This Privacy Policy complies with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR) 2003
  • Human Rights Act 1998
  • Other applicable UK data protection laws

20. Contact Information

QUALISYNC LIMITED (trading as Lettie)

General Enquiries:

  • Email: support@asklettie.com
  • Website: asklettie.com/contact
  • Company Number: 16392735
  • ICO Registration: Application 00012041906

Supervisory Authority: Information Commissioner's Office (ICO)

  • Website: https://ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

By using Lettie, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described herein.