Privacy Policy

Last updated: 11 June 2026

Applies to: tenancy-vault.co.uk, app.tenancy-vault.co.uk, and related TenancyVault service domains — including the Making Tax Digital and HMRC-connected features of the TenancyVault app

1. Who we are

TenancyVault is a product owned and operated by Pixel Funnel Ltd ("we", "us", "our"). This Privacy Policy explains how we collect, use, and share personal data when you use our website and app.

Data controller: Pixel Funnel Ltd
Contact: [email protected]

2. What this policy covers

This policy covers:

• visitors to our marketing website (tenancy-vault.co.uk)
• users of our landlord / agent app and tenant portal
• people who contact us, request support, or submit data protection requests

It does not cover third-party websites or services we link to.

3. Personal data we collect

3.1 Marketing website visitors and enquiries

When you visit our website or send us a message, we may collect:

• device and usage data, such as pages viewed, browser type, referrer, and approximate location
• cookie preferences (see Cookie Policy)
• contact details and message content you submit through our contact form or data request form

Marketing site enquiries and data request forms are submitted using Web3Forms and then delivered to us. We also use PostHog for product analytics. On the marketing site this loads only with your analytics consent; within the signed-in app and tenant portal it runs as part of operating the service. This includes page and event analytics, session replay and heatmaps, used to improve usability and support. Session replay is configured to mask form inputs and sensitive content — including documents, tenant details, financial, tax and HMRC information, and signatures — so that content is redacted in recordings. We do not capture raw names, email addresses, property addresses, document contents or financial values in analytics events.

3.2 Account, authentication, and subscription data

When you create or use a TenancyVault account, we may collect:

• name (if provided)
• email address
• password (stored as a secure hash)
• account settings and plan information
• a record of your acceptance of our Terms of Service and Privacy Policy at registration, including the date and time of acceptance
• authentication and security records, such as sign-in attempts, password reset tokens, email verification tokens, refresh tokens, and trusted-device tokens
• browser-stored app data used to keep you signed in and complete billing flows, such as short-lived access tokens in local storage

3.3 Payments

If you pay for TenancyVault, payments are processed by Stripe. We do not store full card details on our servers. Stripe may process your payment and maintain its own records under its own privacy policy.

We may store limited payment-related data such as:

• Stripe customer ID
• subscription status
• invoices/receipts references
• payment method summary data, such as card brand, last four digits, and expiry date

3.4 Property, compliance, and document data (app content)

Depending on features you use, you may input or upload:

• property details (e.g., address, notes)
• compliance deadlines and records
• documents (PDFs, photos, certificates) you upload
• audit trail events you create (e.g., "served to tenant", "completed", "exported pack")

3.5 Making Tax Digital (MTD) and HMRC connection data

TenancyVault includes features for landlords using Making Tax Digital (MTD) for Income Tax. If you use these features, we may collect and process:

• your National Insurance number (NINO) — saved so you can connect to HMRC's MTD systems
• your HMRC Government Gateway authorisation tokens — used to maintain your HMRC connection; these are handled securely and not shared with third parties outside of the HMRC API integration
• your MTD status and property income business source identifiers — retrieved from HMRC on your behalf and stored to support the quarterly and year-end filing workflow
• rental income and expense records you create or import — including amounts, dates, categories, and property assignments
• bank statement files (CSV or PDF) you upload — processed to extract transaction rows for your review; we use document processing infrastructure to extract transaction data from PDF statements
• quarterly update data you review and submit to HMRC — including income totals, expense totals by category, and quarterly period identifiers
• year-end submission data you review and submit to HMRC — including accounting method choices, annual property adjustments, final declaration statuses, and related tax-year identifiers
• HMRC submission responses and calculation feedback — retrieved from HMRC and stored so you can review them in the app

We process HMRC-related data only to provide the MTD features you have activated. We do not use it for advertising or share it with parties other than HMRC (for the purpose of submitting your MTD updates and year-end filings) and the infrastructure providers needed to operate the service.

Your HMRC authorisation is customer-direct — you authorise TenancyVault through HMRC's standard OAuth authorisation flow. You can revoke TenancyVault's access to your HMRC account at any time through your HMRC online account.

3.5a HMRC fraud prevention data

HMRC requires all software that connects to their Making Tax Digital API to submit fraud prevention data with every API call. This is a mandatory HMRC requirement, not optional. When TenancyVault makes API calls to HMRC on your behalf, it automatically collects and transmits the following device and connection data to HMRC:

• your IP address at the time of the API call
• browser and operating system information (user-agent string)
• screen dimensions and colour depth
• browser timezone and language settings
• a hashed device identifier derived from browser characteristics
• a unique identifier for the user and the software product, as required by HMRC

This data is transmitted directly to HMRC as part of their fraud prevention framework. TenancyVault does not use it for any other purpose. You can read more about HMRC's fraud prevention requirements at developer.service.hmrc.gov.uk/guides/fraud-prevention.

3.6 Tenant and tenant portal data (minimised)

TenancyVault is designed to store minimal tenant information. Depending on your use, you may store:

• tenant name(s)
• tenant email address (if you choose to send reminders/links)
• tenancy dates and notes
• tenant portal login records, magic-link tokens, and related audit events

Please avoid uploading special category data (e.g., health information) unless strictly necessary.

3.6a Electronic signature data

If you or your tenants use TenancyVault's e-signing feature, we collect and process for each signer:

• the drawn signature image
• name and email address of the signer
• date and time of viewing and signing
• IP address and browser/device information (user-agent) at the time of signing
• the consent statement agreed at the moment of signing
• a cryptographic hash (fingerprint) of the document signed

This data forms the evidence record for the signature and is included in the signature certificate appended to the completed document. It is processed to provide the e-signing feature and to preserve the integrity and enforceability of signed documents. Landlord users can also choose to save their signature image for reuse; saved signatures can be deleted at any time from the signing dialog or by contacting us.

3.7 Support, feedback, and diagnostics

If you contact us, use support features, or an error occurs, we may collect:

• your contact details
• message content
• attachments you provide
• support and feedback submissions you send through our app or website
• technical diagnostic data about errors and performance, such as device/browser data, page URLs, timestamps, and masked session replay on app errors

We use Sentry for error monitoring and diagnostic replay. Our current app configuration masks text by default and strips Cookie and Authorization headers before sending error events.

4. How we use your data

We use personal data to:

• provide and secure the service (authentication, account management)
• store documents and compliance records, and show reminders
• operate key features (vault, audit trail, compliance pack export, notifications, Making Tax Digital record keeping, bank statement import, HMRC connection, and quarterly and year-end filing)
• process payments and manage subscriptions
• communicate with you about service updates, security, and support
• respond to contact enquiries and data protection requests
• monitor reliability and fix errors (e.g., via Sentry)
• understand and improve the marketing website and product experience
• prevent fraud, abuse, and security incidents
• comply with legal obligations (e.g., accounting and tax)

5. Lawful bases (UK GDPR)

We rely on:

• Contract: to provide TenancyVault and its features to you
• Legitimate interests: to secure and improve the service, prevent abuse, and understand usage (balanced against your rights)
• Legal obligation: where required for tax/accounting or lawful requests
• Consent: where required (e.g., non-essential cookies; optional marketing emails)

6. Marketing emails

We may send product updates/newsletters if you opt in (or where otherwise permitted by law). You can unsubscribe at any time using the link in the email or by contacting [email protected].

We do not sell your personal data.

7. Who we share data with (service providers)

We use trusted vendors to run TenancyVault. Depending on your usage, we may share personal data with:

• Hosting / infrastructure / database: DigitalOcean, including managed database and object storage services
• Error monitoring: Sentry.io
• Analytics: PostHog (marketing site and app, with consent) — including product analytics, session replay and heatmaps, with input and sensitive-content masking
• Payments: Stripe
• Email delivery: Resend
• Form handling: Web3Forms for website contact and data request submissions
• HMRC (Making Tax Digital API): if you use the MTD features, TenancyVault submits your quarterly and supported year-end property-income data to HMRC's MTD API on your behalf, and retrieves the calculation and status data needed to operate that workflow. This is not a third-party processor in the usual sense — HMRC is the tax authority receiving your filing data under your own authorisation. You control this connection and can revoke it at any time from your HMRC online account

We share only what is necessary and use contractual protections with processors.

8. Where your data is processed (UK + international transfers)

TenancyVault is intended for UK customers, but our infrastructure and subprocessors may operate in the UK, EEA, United States, or other countries depending on deployment configuration and provider location.

Some third-party providers, including Stripe, Sentry, Resend, Web3Forms, and PostHog, may process data outside the UK (PostHog is configured to use its EU Cloud where available). Where international transfers occur, we rely on appropriate safeguards required by UK GDPR, such as adequacy regulations or contractual safeguards.

9. Data retention

We keep personal data only as long as necessary for the purposes described:

• Account data: while your account is active, plus a reasonable period after deletion for security/audit and dispute handling.
• Terms acceptance records: retained for as long as we may need to evidence the agreement, including after account deletion where necessary for legal claims.
• E-signature records: signature images, signing evidence (timestamps, IP addresses, document hashes, consent statements), and signed documents are retained while the account is active, as they form part of the legal record of the signed agreement. Saved reusable signatures are deleted on request or on account deletion.
• Documents and records: until you delete them, or until account deletion (subject to retention settings and legal requirements).
• Audit logs: retained to provide service integrity and evidence trails, and for security and dispute handling.
• Authentication and trusted-device tokens: until they expire, are rotated, or are revoked.
• Data export files: typically available for up to 14 days after generation.
• Billing and invoice records: retained for as long as required for tax, accounting, and fraud-prevention purposes.
• Support communications and data requests: retained as long as needed to resolve the matter, maintain records of the request, and improve support.
• Analytics: retained according to our PostHog project configuration and retention settings (including session replay retention).
• MTD income and expense records: retained until you delete them or your account is deleted. These records may form part of your statutory tax records and you should retain copies independently in line with HMRC's record-keeping requirements (generally at least 5 years from the 31 January after the end of the relevant tax year).
• HMRC authorisation tokens: retained while your HMRC connection is active. Revoked when you disconnect the integration or delete your account.
• NINO: retained while your account is active and the MTD connection is in use. Deleted on account deletion.
• HMRC submission data and HMRC calculation responses: retained while your account is active so you can review past submissions. Deleted on account deletion.
• HMRC fraud prevention data: transmitted to HMRC at the time of each API call. We do not retain a separate copy beyond standard server access logs, which are retained for a limited period for security purposes.

You can request account deletion by contacting [email protected] (see "Your rights").

10. Security

We implement appropriate technical and organisational measures, including:

• encrypted transport (HTTPS / TLS)
• access controls
• secure password hashing
• httpOnly refresh cookies for long-lived authenticated sessions
• private document storage and controlled access links (where applicable)
• backups and monitoring

No system is 100% secure, but we work to protect your data and respond to incidents.

11. Your rights (UK GDPR)

You have the following rights under UK GDPR:

• Access (Article 15): receive a copy of the personal data we hold about you
• Correction (Article 16): have inaccurate or incomplete data corrected
• Erasure (Article 17): have your data deleted where there is no lawful basis for continued processing
• Restriction (Article 18): limit how we process your data in certain circumstances
• Objection (Article 21): object to processing based on legitimate interests
• Portability (Article 20): receive your data in a structured, machine-readable format
• Consent withdrawal: withdraw consent at any time where processing is consent-based

If you have a TenancyVault account, you can export or delete your data directly from the app. To submit a formal request, or if you do not have an account, use our Data Request form. We normally respond within one month. For complex requests, we may take up to an additional two months where the law allows and will let you know. We may request identity verification before acting on a request.

12. Complaints

If you are unhappy with how we handle your data, please contact us first at [email protected]. You also have the right to complain to the UK Information Commissioner's Office (ICO).

13. Children

TenancyVault is not intended for children and we do not knowingly collect data about children.

14. Changes to this policy

We may update this policy from time to time. We will post updates on this page and update the effective date.

See also: Cookie Policy