Privacy Policy

1. Who We Are

DepositShield is operated by Avantware, a company registered in the United Kingdom. Our website is depositshield.co.uk and you can contact us at support@avantware.uk.

For the purposes of UK GDPR and the Data Protection Act 2018, Avantware is the data controller responsible for your personal data.

2. What Data We Collect

We collect and process the following categories of personal data:

Account Information

• Email address — collected when you sign up via email/password or Google OAuth.
• Name — if provided through your Google account or entered manually.
• Authentication data — managed securely by Supabase, our authentication provider.

Dispute Details

• Information you provide about your tenancy, landlord, deposit amount, and the nature of the dispute.
• Details about deductions, property condition, and any evidence you describe.
• Generated dispute letters and documents stored in your account.

Payment Information

• We do not store your credit or debit card details. All payment processing is handled by Stripe, a PCI-DSS compliant payment processor.
• We receive confirmation of successful payments, transaction IDs, and the product purchased from Stripe.

Technical Data

• Browser type, device information, and IP address (collected automatically for security and analytics purposes).

3. How We Use Your Data

We use your personal data for the following purposes:

• To provide our service — your dispute details are used to generate personalised dispute letters using AI. This is the core function of DepositShield.
• To process payments — we use Stripe to handle one-time payments for our products (single letter at £4.99 or full dispute pack at £9.99).
• To manage your account — so you can log in, view your generated letters, and manage your dispute history.
• To improve our service — we may use aggregated, anonymised data to understand usage patterns and improve DepositShield.
• To communicate with you — to respond to support requests or send essential service notifications.

Our legal basis for processing your data is contractual necessity (to provide the service you have paid for) and legitimate interest (to improve and secure our service).

4. Third-Party Services

We use the following third-party services to operate DepositShield. Each has its own privacy policy governing how they handle data:

• Supabase — provides authentication (Google OAuth and email/password login) and database storage (PostgreSQL). Your account data, dispute details, and generated letters are stored in Supabase.
• Stripe — processes all payments. Stripe handles your card details directly; we never see or store your full card number.
• Anthropic — provides the AI (Claude) that generates your dispute letters. Your dispute details are sent to Anthropic's API to generate the letter content. Anthropic does not use API inputs to train their models.

We do not sell your personal data to any third party. We only share data with the services listed above, and only to the extent necessary to provide DepositShield.

5. Data Retention

We retain your personal data for as long as your account is active. Your dispute details and generated letters are kept so you can access them whenever you need.

If you wish to delete your account and all associated data, you can request this by emailing support@avantware.uk. We will delete your data within 30 days of receiving your request, unless we are legally required to retain it.

Payment records may be retained for up to 7 years to comply with UK tax and accounting obligations.

6. Cookies

DepositShield uses only essential cookies required for the service to function. These are authentication cookies managed by Supabase that keep you logged in to your account.

We do not use advertising cookies, tracking cookies, or any third-party cookies for marketing purposes.

7. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

• Right of access — you can request a copy of all personal data we hold about you.
• Right to rectification — you can ask us to correct any inaccurate or incomplete data.
• Right to erasure — you can ask us to delete your personal data (the "right to be forgotten").
• Right to data portability — you can request your data in a structured, commonly used, machine-readable format.
• Right to object — you can object to the processing of your data where we rely on legitimate interest as our legal basis.
• Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.

To exercise any of these rights, please email support@avantware.uk. We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

8. Data Security

We take the security of your data seriously. All data is encrypted in transit using TLS/SSL and encrypted at rest in our database. Access to production systems is restricted and protected by strong authentication.

Our authentication system supports secure password hashing and OAuth 2.0 flows. Payment data is handled entirely by Stripe and never touches our servers.

While no system is 100% secure, we implement industry-standard security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

9. Children

DepositShield is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child under 18 has provided us with personal data, please contact us at support@avantware.uk and we will promptly delete that data.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of DepositShield after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this privacy policy, your personal data, or wish to exercise your rights, please contact us:

• Email: support@avantware.uk
• Company: Avantware
• Location: United Kingdom