FlatChatter

Privacy Policy

Last updated: March 2026

FlatChatter is operated by FlatChatter Ltd ("we", "us", "our"). We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what data we collect, why we collect it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller for FlatChatter is:

FlatChatter
London, United Kingdom
Email: contact@flatchatter.com

2. What Data We Collect

2.1 Account data

When you create an account, we collect:

  • Email address
  • Display name (optional)
  • Password (stored in encrypted form by our authentication provider; we never see or store your password in plain text)

2.2 Address history

When you add a property to your profile for review purposes, we collect:

  • The property address (canonicalised via Google Places API)
  • The dates you lived there (self-declared)
  • Your verification method (currently self-declaration; we may introduce document-based verification in future)

2.3 Review content

When you submit a review, we collect:

  • Your ratings across each review category
  • Your written review text, including any pros and cons
  • Your tenancy type and date range
  • Whether you chose to post anonymously

2.4 Technical data

When you use the platform, we automatically collect:

  • IP address
  • Browser type and version
  • Device type
  • Pages visited and timestamps
  • Referral source

We do not use cookies for advertising or tracking. We use only essential cookies required for the platform to function (such as authentication session cookies).

3. Why We Collect Your Data and Our Legal Basis

DataPurposeLegal basis
Email addressAccount creation, login, email verification, communication about your accountConsent (you create the account voluntarily)
Address historyVerifying that reviewers have lived at the property they reviewLegitimate interest (maintaining platform integrity)
Review contentDisplaying reviews on property pagesConsent (you submit reviews voluntarily)
Technical dataPlatform security, abuse prevention, analyticsLegitimate interest (platform operation and security)

4. What Is Public and What Is Private

Public (visible to anyone who visits the platform):

  • Your review text, ratings, pros, and cons
  • Your display name (only if you choose to post non-anonymously)
  • Approximate tenancy dates (year only for anonymous reviews)
  • Tenancy type

Private (never disclosed publicly):

  • Your email address
  • Your full address history
  • Your IP address
  • Which reviews belong to your account (when you post anonymously)
  • Your account activity and login history

Anonymous reviews

When you post a review anonymously (the default), your identity is not disclosed to any other user, including landlords, letting agents, or other tenants. We retain an internal record of the connection between your account and your reviews for moderation, legal compliance, and abuse prevention purposes only.

We will only disclose reviewer identity if required to do so by a court order or other binding legal process.

5. Who We Share Your Data With

We share data with the following third-party service providers, all of which process data in accordance with their own privacy policies:

ProviderPurposeData sharedLocation
SupabaseDatabase hosting and authenticationAccount data, address history, review contentEU (Frankfurt)
Google (Places API)Address search and canonicalisationSearch queries (addresses typed by users)Global
VercelWebsite hosting and deliveryTechnical data (IP address, request logs)Global

We do not sell your personal data to any third party. We do not share your personal data with advertisers. We do not use your data for profiling or automated decision-making.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your profile and address history are deleted immediately
  • Your reviews may be retained in a fully anonymised form (with no link to your account) unless you specifically request their deletion
  • Technical logs containing your IP address are automatically purged after 90 days

If you request full data deletion, we will delete all your personal data within 30 days, except where we are legally required to retain it.

7. Your Rights

Under the UK GDPR, you have the following rights:

  • Right of access — You can request a copy of all personal data we hold about you.
  • Right to rectification — You can request correction of any inaccurate personal data.
  • Right to erasure — You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
  • Right to restrict processing — You can request that we limit how we use your data in certain circumstances.
  • Right to data portability — You can request a copy of your data in a structured, machine-readable format.
  • Right to object — You can object to our processing of your data where we rely on legitimate interest as our legal basis.
  • Right to withdraw consent — Where we process data based on your consent, you can withdraw that consent at any time by deleting your account or contacting us.

To exercise any of these rights, email us at contact@flatchatter.com. We will respond within 30 days.

8. Data Security

We take reasonable measures to protect your personal data, including:

  • All data is transmitted over HTTPS (encrypted in transit)
  • Passwords are hashed and salted by our authentication provider
  • Database access is restricted by row-level security policies
  • We do not store payment or financial information

No system is completely secure. If we become aware of a data breach that affects your personal data, we will notify you and the Information Commissioner's Office (ICO) in accordance with our legal obligations.

9. Children

FlatChatter is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. If we become aware that a user is under 18, we will delete their account and associated data.

10. International Transfers

Some of our service providers process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the ICO, or the service provider operating in a jurisdiction that the UK has deemed to provide adequate data protection.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the platform. The "Last updated" date at the top of this page reflects the most recent revision.

12. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: https://ico.org.uk
Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO. Please email us at contact@flatchatter.com in the first instance.

13. Contact

For any questions about this Privacy Policy or your personal data, contact us at contact@flatchatter.com.