Privacy Policy

Last updated: April 2026

1. Who We Are

PurchaseSecured Ltd ("we", "us") is the data controller for personal data processed through our platform. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

Category	Data	Purpose
Agent Account	Name, email, phone, agency name, address	Account management, authentication
Buyer Details	Name, email, phone, address	Reservation agreement execution
Seller Details	Name, email, phone	Agreement countersigning
Property Data	Address, price, type, bedrooms	Agreement creation
Financial	Fee amounts, payment references	Payment processing
Identity Documents	Passport, driving licence uploads	AML compliance
Technical	IP address, browser info, timestamps	Security, audit trail

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract — processing necessary to perform our service agreement with Agents and facilitate reservation agreements between Buyers and Sellers
• Legal obligation — compliance with AML regulations, estate agency law, and financial services requirements
• Legitimate interest — platform security, fraud prevention, service improvement
• Consent — marketing communications, push notifications (withdrawal possible at any time)

4. How We Use Your Data

We use personal data to create and manage reservation agreements, process payments via our FCA-authorised partner (Stripe Payments UK, Ltd), send transactional emails and notifications, generate legally required disclosure documents (SDLT notices), provide customer support, prevent fraud and ensure platform security, and comply with legal obligations.

5. Data Sharing

We share personal data only with:

• Stripe Payments UK, Ltd — our FCA-authorised payment services provider (firm reference 900461), to process reservation fee payments
• Resend Inc — our email delivery provider, for transactional emails
• Twilio Inc — for SMS notifications (if enabled by the Agent)
• Parties to the agreement — Buyer, Seller, and Agent details are shared as necessary to execute the reservation agreement
• Law enforcement — where required by law or court order

We do not sell personal data. We do not use personal data for automated decision-making or profiling.

6. Data Retention

We retain personal data for the duration of your account plus 6 years (to comply with HMRC record-keeping requirements and the Limitation Act 1980). Identity documents are retained for 5 years after the business relationship ends, in accordance with AML regulations. You may request earlier deletion subject to our legal obligations.

7. Data Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS 1.2+), password hashing (bcrypt), session management, access controls, and regular security reviews. Reservation fees are held by an FCA-regulated entity, not by PurchaseSecured.

8. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data (available via Settings → Export Data)
• Rectification — correct inaccurate data via your account settings
• Erasure — request deletion (available via Settings → Delete Account)
• Portability — receive your data in machine-readable format (JSON export)
• Object to processing based on legitimate interest
• Restrict processing in certain circumstances
• Withdraw consent for marketing communications at any time

To exercise these rights, contact privacy@purchasesecured.com or use the self-service tools in your account settings.

9. Cookies

We use essential session cookies to maintain your login state. We do not use tracking cookies, advertising cookies, or third-party analytics that track individual users. No cookie consent banner is required as we only use strictly necessary cookies.

10. International Transfers

Some of our service providers (Resend, Twilio) are based in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the UK ICO. Payment services are provided within the UK.

11. Children

Our Platform is not intended for use by individuals under 18. We do not knowingly collect personal data from children.

12. Changes

We will notify Agents of material changes to this policy via email at least 14 days before they take effect.

13. Contact & Complaints

Data Protection queries: privacy@purchasesecured.com

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.