Privacy Policy

Last Updated: May 2026

At Agentor, we believe in radical transparency. This policy outlines exactly what data we collect, why we need it, and how we keep it safe under UK law.

Data Controller

Agentor is the Data Controller for all personal data processed through this platform. For all data-related enquiries or to exercise your rights, please contact us via our Support page.

1. Data We Collect & Legal Basis

We only collect the essential data required to provide our personalised matching service. The legal basis for each category is noted below:

  • Account Data — Your email address and secure password hashes (managed via Supabase). Legal basis: performance of a contract (your account agreement with us).
  • Usage & Input Data — Your lifestyle preferences, saved properties, the postcodes you search, and any property listing descriptions or chat queries you submit to our AI Property Check feature. Legal basis: performance of a contract and our legitimate interest in improving service quality.
  • Analytics — Anonymous, aggregated website performance data. Legal basis: your consent (provided via our cookie banner) and our legitimate interest in understanding platform usage.

2. Third-Party Processors

To provide our AI capabilities, maps, and secure hosting, we share strictly limited data with trusted partners acting as Data Processors under binding data processing agreements:

  • Supabase: Database and authentication hosting (data hosted securely in the EU/UK).
  • OpenAI: Processes your property checks (postcodes, listing text, chat queries) to generate insights. Your queries are strictly excluded from being used to train their public AI models.
  • Stripe: Processes secure payments. We do not store or see your full credit card details.
  • Map Providers (OpenStreetMap, CARTO): May process your IP address temporarily to serve map tiles to your browser.

3. Data Retention & Security

We retain your profile and saved area data only for as long as your account is active. If you choose to delete your account, your personal data is permanently scrubbed from our active databases within 30 days. We use industry-standard encryption (TLS/SSL) for data in transit and AES-256 for data at rest.

4. Your Rights (UK GDPR & DUAA 2025)

Under the UK General Data Protection Regulation and the Data (Use and Access) Act 2025, you have absolute control over your data. You have the right to:

  • Access (Art. 15): Request a copy of the data we hold on you.
  • Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Erasure / Right to be Forgotten (Art. 17): Request that we delete all your personal data.
  • Restriction of Processing (Art. 18): Request that we limit how we use your data while a dispute is resolved.
  • Data Portability (Art. 20): Request a copy of your data in a structured, machine-readable format.
  • Object to Processing (Art. 21): Object to processing based on legitimate interest, including profiling.
  • Lodge a Complaint: Formally complain about our data handling via the Information Commissioner’s Office (ICO).

We do not use your data for solely automated decision-making that produces legal or similarly significant effects about you.

5. International Data Transfers

When you use the AI Property Check feature, your query data is processed by OpenAI, whose servers may be located outside the UK and EEA (primarily the United States). This transfer is carried out under Standard Contractual Clauses (SCCs) approved by the UK ICO, providing equivalent data protection safeguards.

Contact Our Privacy Team

To exercise any of your rights or ask questions about this policy, please reach out via our Support page. We commit to acknowledging all DUAA 2025 and UK GDPR requests within 30 days.