HouseFile
Home

Privacy Policy

Last updated: February 2025

1. Introduction

HouseFile ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our property management platform.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email address, password)
  • Property details and addresses
  • Documents you upload (EPCs, gas safety certificates, etc.)
  • Payment information (processed securely via Stripe)
  • Communications you send to us

We automatically collect certain information when you use our service:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage data and analytics

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send you technical notices and support messages
  • Respond to your comments and questions
  • Track document access for compliance purposes
  • Detect and prevent fraud or abuse

4. Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

  • With tenants you choose to share property information with via tenant links
  • With service providers who assist in our operations (e.g., hosting, payment processing)
  • If required by law or to protect our rights
  • In connection with a merger, acquisition, or sale of assets

5. Data Security & Document Storage

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

All documents uploaded to HouseFile are stored on enterprise-grade cloud infrastructure (AWS via Supabase) with the following protections:

  • Encryption at rest – all stored files and data are encrypted using AES-256 encryption
  • Encryption in transit – all data transferred between your device and our servers is protected via TLS/HTTPS
  • Access controls – documents are only accessible to the property owner and tenants who have been given a valid sharing link
  • Infrastructure compliance – our hosting provider (Supabase) is SOC 2 Type II certified and GDPR compliant
  • Isolation – each user's data is logically separated using row-level security policies, ensuring no cross-account access
  • No third-party access – uploaded documents are never shared with, sold to, or accessed by third parties
  • Staff cannot view your content – HouseFile employees do not have access to view the documents you upload or the information you enter into the platform

Payment information is handled exclusively by Stripe and is never stored on our servers. Stripe is PCI DSS Level 1 certified, the highest level of certification in the payments industry.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You can request deletion of your account and associated data at any time by contacting us.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, please contact us using the details below.

8. Cookies

We use essential cookies to enable core functionality of our service. These cookies are necessary for the website to function and cannot be switched off. We do not use cookies for advertising purposes.

9. Third-Party Services

Our service integrates with the following third-party services:

  • Stripe – payment processing (PCI DSS Level 1 certified)
  • Supabase – data storage, authentication, and file hosting (SOC 2 Type II certified, GDPR compliant, built on AWS infrastructure)
  • Resend – transactional email delivery (e.g., password resets, notifications)

Each of these services has their own privacy policy governing their use of your data. We only share the minimum information necessary for each service to function.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Contact Form