This Data Processing Agreement ("DPA") forms part of the Terms of Service between the Operator ("Data Controller", "you") and D4N LTD trading as Lettivo ("Data Processor", "we", "us"), company number 17061504, registered office 3rd Floor, 86-90 Paul Street, London, EC2A 4NE.
1. Scope and Roles
1.1. You are the Data Controller. You determine the purposes and means of processing Tenant Data. 1.2. We are the Data Processor. We process Tenant Data only on your documented instructions, which are constituted by your use of Platform features and these Terms.
2. Personal Data Processed
| Data Category | Examples | Purpose |
|---|---|---|
| Tenant/student identity | Name, email, phone number | Tenancy management, communication |
| Financial data | Rent amounts, payment history, arrears | Rent collection, arrears management |
| Property data | Building, room assignment, lease dates | Portfolio management |
| Guarantor data | Name, contact details, relationship | Guarantor management |
| Communication records | SMS content, email content, AI call transcripts | Communication tracking |
| Voice recordings | AI call recordings | Quality assurance, dispute resolution |
| Access records | Fob assignments, portal logins | Security, access management |
3. Processing Instructions
3.1. We process Tenant Data only to provide the Platform services as configured by you. 3.2. We do not sell, share, or use Tenant Data for any purpose other than providing services to you. 3.3. We do not use Tenant Data to train AI models.
4. Sub-Processors
4.1. We use the following sub-processors to provide the Platform:
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Twilio Inc. | Voice calls, SMS messaging | Phone numbers, voice audio, SMS content | US (UK data centre available) |
| Groq Inc. | AI inference for call handling | Anonymised conversation context (PII stripped) | US |
| OpenAI Inc. | AI inference (alternative/fallback provider) | Anonymised conversation context (PII stripped) | US |
| Anthropic Inc. | AI inference (alternative/fallback provider) | Anonymised conversation context (PII stripped) | US |
| Stripe Inc. | Subscription billing | Operator payment details (not Tenant Data) | US/EU |
| GoCardless Ltd | Direct debit rent collection | Tenant name, bank sort code and account number, rent amount, mandate reference | UK/EU |
| Resend Inc. | Transactional email delivery | Email addresses, email content | US |
| Postmark (ActiveCampaign) | Transactional email (legacy/fallback) | Email addresses, email content | US |
| Hetzner / DigitalOcean | Infrastructure hosting | All Platform data (encrypted) | EU |
| Amazon Web Services (AWS) | Hosting and infrastructure | All Platform data (encrypted) | EU (London) |
4.2. We anonymise personal data before sending to AI inference providers. Names, phone numbers, email addresses, and other direct identifiers are stripped from all data sent to Groq or other AI providers. 4.3. We will notify you of any changes to sub-processors with 30 days' notice. You may object to a new sub-processor, in which case we will work to find an alternative or you may terminate the agreement.
5. Security Measures
5.1. Tenant database isolation: each organisation has its own database, not a shared schema. 5.2. Encryption in transit: all data transmitted via TLS 1.2+. 5.3. Encryption at rest: database encryption enabled. 5.4. Access control: role-based permissions within the Platform; internal access restricted to authorised personnel. 5.5. Audit logging: all administrative actions and data access events are logged. 5.6. Regular backups with encrypted storage.
6. Data Retention
6.1. AI call recordings: automatically deleted after 90 days. 6.2. AI call transcripts: automatically purged after 12 months. 6.3. SMS and email content: automatically purged after 12 months. 6.4. All other Tenant Data: retained for the duration of your subscription plus 30 days for export. 6.5. Billing and audit records: retained for 6 years per UK tax requirements.
7. Data Subject Rights
7.1. If you receive a data subject access request (DSAR), erasure request, or other rights request from a tenant, we will assist you in fulfilling it. 7.2. We provide data export functionality (CSV, JSON) to support portability requests. 7.3. We provide a tenant data erasure capability to support erasure requests. 7.4. We will respond to your assistance requests within 5 business days.
8. Data Breach Notification
8.1. In the event of a personal data breach affecting Tenant Data, we will notify you without undue delay and in any event within 72 hours of becoming aware of the breach. 8.2. Notification will include: the nature of the breach, categories of data affected, approximate number of records affected, likely consequences, and measures taken to mitigate.
9. International Transfers
9.1. Where Tenant Data is transferred to sub-processors outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms. 9.2. For AI inference processing, personal identifiers are stripped before transfer (see Section 4.2), minimising the data transferred internationally.
10. Audit Rights
10.1. You may request information about our data processing activities and security measures. 10.2. We will make available information necessary to demonstrate compliance with this DPA. 10.3. We support audits and inspections with reasonable notice and during normal business hours.
11. Termination
11.1. This DPA terminates automatically when your Lettivo subscription ends. 11.2. Upon termination, we will delete all Tenant Data within 30 days unless you request an export. 11.3. Deletion confirmation will be provided on request.
12. Contact
Data protection enquiries:
- Email: [email protected]
- Post: D4N LTD (trading as Lettivo), 3rd Floor, 86-90 Paul Street, London, EC2A 4NE