LeaseLensLeasehold review workflow
Start review

Privacy

LeaseLens processes uploaded files and related intake details to generate leasehold pack review outputs. This notice explains what data may be collected, why it is used, how long it is kept, and how to contact the operator responsible for the service.

The data controller is the LeaseLens operator shown below. The fields are public env-driven values so an unconfigured deployment does not invent a legal name or service address.

Controller and contact

Who is responsible for this processing

  • Trading name: LeaseLens.
  • Legal controller/operator: Not configured (set LEASELENS_OPERATOR_LEGAL_NAME).
  • Service address for privacy notices: Not configured (set LEASELENS_OPERATOR_SERVICE_ADDRESS).
  • Privacy contact: info@dataprime.dev.
  • Support contact: info@dataprime.dev.
  • Controller placeholders are configured through LEASELENS_OPERATOR_LEGAL_NAME and LEASELENS_OPERATOR_SERVICE_ADDRESS.

What may be stored

  • Uploaded pack files and metadata
  • Intake details such as contact email, address, stage, and main concern
  • OCR text, extracted text, classifications, structured fields, confidence signals, and verification references
  • Generated reports, questions drafts, and export files
  • Operational audit logs and processing events
  • Payment status, receipt references, and product unlock records
  • Contact-form messages, support messages, and privacy-rights correspondence

Why it is used

  • To provide Quick Findings, Full Reports, downloads, and related support
  • To take payment, issue receipts, and manage refunds or cancellation requests
  • To protect the service from abuse, security incidents, and unlawful uploads
  • To debug and improve extraction, classification, report formatting, and verification quality using operational records

Lawful basis

  • Contract: to provide the review workflow, paid outputs, and support you request.
  • Legitimate interests: to secure, operate, debug, and improve the service.
  • Legal obligation: to keep required transaction, tax, accounting, and compliance records.
  • Consent: where optional cookies, marketing, or similar choices require consent.

AI/OCR processing

  • LeaseLens uses OCR to read scans, images, and PDFs when embedded text is unavailable or incomplete.
  • LeaseLens may use AI model providers to classify documents, extract fields, draft risk signals, and generate report text from uploaded content.
  • Configured AI/OCR providers may include OpenAI, Anthropic, local OCR libraries such as Tesseract, or replacement providers selected by the Operator.
  • Current model training stance: LeaseLens does not use uploaded customer documents, extracted text, or reports to train public or general-purpose AI models.
  • Automated decision-making: LeaseLens may generate risk scores, issue categories, confidence signals, and draft report wording, but these outputs are informational only and are not used to make a solely automated legal, lending, valuation, or transaction decision about you.
  • Where third-party AI providers process content, they are used as processors or service providers for the requested workflow, subject to provider terms and data-processing controls.

Sharing and processors

  • Processor categories include hosting, database, file storage, email, contact-form relay, analytics/error monitoring, payments, OCR, AI, security, and support tooling.
  • Payment card details are handled by the payment provider, such as Stripe where configured, and are not intended to be stored by LeaseLens.
  • Documents are not sold, and uploaded files are not shared with estate agents, lenders, or advisers unless you choose to do so.
  • Data may be disclosed where required by law, court order, regulator request, payment dispute, tax/accounting duty, or to protect rights and security.

Retention and deletion

  • Uploaded documents, OCR text, extracted text, generated reports, and export files are retained for the configured file-retention period, currently 90 days, unless deleted earlier or held longer for a stated reason.
  • Contact and support correspondence is normally retained for up to 24 months after the last interaction.
  • Operational audit logs and security logs are normally retained for up to 12 months, or longer for security investigations.
  • Payment, invoice, refund, tax, and accounting records may be retained for up to 6 years after the relevant tax year or longer where required by law or dispute handling.
  • Deletion may not remove records that must be retained for legal, accounting, fraud-prevention, payment-dispute, or security reasons.

International transfers

  • Some processors may process or access data outside the UK or EEA.
  • Where international transfer safeguards are needed, LeaseLens relies on applicable adequacy regulations, UK International Data Transfer Agreements, UK Addenda to EU Standard Contractual Clauses, Standard Contractual Clauses, or equivalent processor commitments.
  • Access is limited to what is needed to operate, secure, support, and audit the service.

Your choices and rights

  • You can request access, correction, deletion, restriction, portability, or objection where UK data protection law applies.
  • Right to object: you can object to processing based on legitimate interests, including operational improvement or service-security processing, and LeaseLens will assess the request under applicable data protection law.
  • You can withdraw consent where processing relies on consent, without affecting earlier lawful processing.
  • You can complain to the UK Information Commissioner's Office if you are not satisfied with the response.
  • Rights requests should be sent to info@dataprime.dev and include the email address used for the review plus enough detail to identify the relevant order or upload.

Security and user responsibility

LeaseLens uses technical and organisational controls intended to protect uploaded documents and reports, but no online service can guarantee absolute security. Ensure you have a lawful basis to upload each document, remove unrelated sensitive material where possible, and use info@dataprime.dev for privacy requests.