Lettivo Back to site

Privacy Policy

How Lettivo handles personal data in its own role as a controller across the website and platform.

Version 2026-03-01-v1 Effective 1 March 2026 5 min read

1. Who We Are

Lettivo is a trading name of D4N LTD, a company registered in England and Wales (company number 17061504). Our registered office is 3rd Floor, 86-90 Paul Street, London, EC2A 4NE.

We are the data controller for personal data we collect about you when you visit our website, create an account, or interact with us directly. This privacy policy explains how we handle that data.

If you are an Operator using Lettivo to manage tenants, you are the data controller for your tenant data. Our role as data processor for that data is covered in our Data Processing Agreement.

2. What Data We Collect

Account and profile data

  • Name, email address, phone number
  • Organisation name and role
  • Login credentials (passwords are hashed and never stored in plain text)

Usage data

  • Pages visited, features used, session duration
  • Browser type, device type, operating system
  • IP address and approximate location (city-level)

Billing data

  • Billing contact name and email
  • Subscription plan and payment history
  • Payment method details are held by Stripe and GoCardless — we do not store card numbers or bank details directly

Communication data

  • Emails and messages you send to us
  • Support ticket content
  • Feedback and survey responses

Website visitor data

  • Pages visited on lettivo.co.uk
  • Referral source
  • Cookie identifiers (see Section 8)

3. How We Use Your Data

We use your personal data for:

Purpose Lawful basis
Providing and maintaining your account Performance of contract
Processing subscription payments Performance of contract
Sending transactional emails (password resets, billing receipts, service updates) Performance of contract
Responding to support requests Performance of contract
Improving the Platform based on usage patterns Legitimate interest
Sending product updates and feature announcements Legitimate interest (with opt-out)
Detecting and preventing fraud or abuse Legitimate interest
Complying with legal obligations (tax records, regulatory requests) Legal obligation

We do not sell your personal data. We do not use your data for profiling or automated decision-making that produces legal or similarly significant effects.

4. Who We Share Data With

We share personal data only with service providers who need it to deliver our services:

  • Stripe and GoCardless — payment processing
  • Resend and Postmark — transactional email delivery
  • Hetzner and Amazon Web Services — infrastructure hosting (EU)

All service providers are bound by data processing agreements. A full list is available on our Sub-Processor List.

We may also disclose data if required by law, regulation, or court order.

5. International Transfers

Our primary hosting is in the EU. Some service providers (Stripe, Resend, Postmark) process data in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office.

6. Data Retention

Data type Retention period
Account and profile data Duration of subscription + 30 days
Usage and analytics data 24 months
Billing and payment records 6 years (UK tax requirements)
Support correspondence 24 months after resolution
Website cookies See Section 8

After the retention period, data is permanently deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data (subject to legal retention requirements)
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Cookies

We use cookies to:

  • Keep you logged in during your session (essential)
  • Remember your preferences such as dark mode and sidebar state (functional)
  • Understand how the Platform is used so we can improve it (analytics)

You can manage cookie preferences in your browser settings. Essential cookies cannot be disabled as the Platform requires them to function.

We do not use third-party advertising cookies or tracking pixels.

9. Security

We protect your data using:

  • Encryption in transit (TLS 1.2+) and at rest
  • Tenant database isolation — each organisation's data is stored separately
  • Role-based access controls
  • Regular security reviews and penetration testing
  • Audit logging of administrative actions

No system is completely secure. If you believe your account has been compromised, contact us immediately at [email protected].

10. Children

Lettivo is a business-to-business service. We do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify account holders of material changes by email. The current version is always available at lettivo.co.uk/legal/privacy.

12. Contact and Complaints

For privacy-related questions or to exercise your rights:

  • Email: [email protected]
  • Post: D4N LTD (trading as Lettivo), 3rd Floor, 86-90 Paul Street, London, EC2A 4NE

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.