Privacy Policy

Your privacy matters. This policy explains, in plain English, what we do with personal data.

Last updated: 16 June 2026

This Privacy Policy explains how Fyrd Technology Ltd (trading as Relevant Labs, “Vantage”, “we”, “us”) handles personal data when you use the Vantage website and lettings-compliance platform (the “Service”). We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Vantage is operated by Fyrd Technology Ltd, a company registered in England & Wales (company number [Company number — 15977073]), registered office [Registered office address — Fyrd Technology Ltd 167 - 169 Great Portland Street, London, W1W 5PF]. We are registered with the Information Commissioner’s Office (ICO) under reference [ICO registration reference — ZB920218].

For any privacy question or to exercise your rights, contact us at [email protected].

2. Our role: controller and processor

Vantage plays two different data-protection roles depending on the data:

  • We are the controller for the data we decide how to use — your account details, the organisation you set up, billing data, support correspondence, and website/usage analytics.
  • We are a processor for the property and people data you (our customer) upload to run your compliance workflows — for example tenant, guarantor and occupier records. You are the controller of that data and remain responsible for having a lawful basis to provide it to us and for informing those individuals. We process it only on your documented instructions, as set out in section 11.

3. What personal data we collect

Account & organisation data

  • Your name, email address and password (stored only as a hash).
  • Organisation name, type (landlord, letting agent, property manager) and, for agencies, your business website and verification details.
  • Your role and team membership within an organisation.
  • Preferences such as reminder settings and product-update opt-ins.

Billing data

  • Subscription status, plan, property counts used for metered billing, and a customer identifier from our payment processor. Card details are entered directly with our payment processor (Polar) — we never see or store full card numbers.

Compliance data you upload (we act as processor)

  • Property addresses and characteristics, tenancy details, and rent information.
  • Details of people connected to a property — tenants, guarantors, occupiers, landlords and beneficial owners — which may include names, dates of birth and email addresses.
  • Sanctions / AML screening records (the name and date of birth screened, the outcome, and a timestamped audit trail), generated when you screen against the UK Sanctions List.
  • Compliance documents and certificates you upload (e.g. Gas Safety, EICR, EPC), and proof-of-service records when documents are emailed to tenants.

Technical & usage data

  • IP address, device and browser information, and pages or features used. We collect product analytics only after you accept analytics cookies (see section 6).

4. How we use personal data and our lawful bases

PurposeLawful basis (UK GDPR Art. 6)
Provide and operate the Service, manage your accountPerformance of a contract
Process subscription payments and prevent billing fraudContract; legal obligation
Send service and compliance-reminder emails about your accountContract; legitimate interests
Secure the Service, debug, and prevent abuseLegitimate interests
Product analytics to improve the ServiceConsent (cookie banner)
Measure and improve our advertising campaigns (Google Ads conversion tracking)Consent (cookie banner)
Optional product-update marketing emailsConsent (you can opt out at any time)
Comply with legal and accounting obligationsLegal obligation

Where we rely on legitimate interests, we have balanced those interests against your rights. You can ask us about this balancing test at any time.

5. Cookies and analytics

We use a small number of strictly necessary cookies to keep you signed in and keep the Service secure — these don’t require consent.

We also use two categories of non-essential cookies, each with its own toggle in our cookie banner:

  • Analytics (PostHog) — to understand how the Service is used so we can improve it. The analytics script is only loaded after you turn this on; if you leave it off, nothing is loaded.
  • Advertising (Google Ads) — to measure the performance of our advertising campaigns and conversions, provided by Google. We use Google Consent Mode: the Google tag is present on every page but runs in a consent-“denied”, cookieless state by default, so it does not store advertising cookies on, or read them from, your device. Only when you turn this on does it store advertising cookies and use your data for conversion measurement (for example, recording when you create an account so we can gauge which campaigns work) and ad personalisation, which involves sharing data with Google.

You can change your preferences at any time using the “Cookie Settings” link in the site footer.

6. Who we share data with

We do not sell personal data. We share it only with service providers (sub-processors) who help us run the Service, all under contracts that require them to protect it and use it only on our instructions:

ProviderPurposeLocation
NeonManaged PostgreSQL database hosting (application data)European Union
Amazon Web Services (AWS)Encrypted object storage for uploaded compliance documentsUnited Kingdom (London, eu-west-2)
RailwayApplication hosting and computeEuropean Union
PolarSubscription billing and payment processingUnited States (transfers under UK IDTA / SCCs)
ResendTransactional and reminder email deliveryUnited States (transfers under UK IDTA / SCCs)
UpstashRedis caching and rate limiting (no document content)European Union
PostHogProduct analytics (only with cookie consent)United States (transfers under UK IDTA / SCCs)
Google (Google Ads)Advertising-campaign measurement and conversion tracking (only with cookie consent)United States (transfers under UK IDTA / SCCs)

We may also disclose data where required by law, to enforce our Terms of Service, or in connection with a merger or acquisition (in which case we will notify you).

7. International transfers

Your application data and uploaded documents are hosted in the UK and European Union. Some providers listed above are based in the United States. Where personal data is transferred outside the UK, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with appropriate additional safeguards.

8. How long we keep data

  • Account & organisation data: for as long as your account is active, then deleted within 90 days of account closure (unless we must keep it for legal reasons).
  • Billing records: retained for up to 7 years to meet UK tax and accounting obligations.
  • Compliance data and documents: kept for as long as you keep them in your account. When you delete a property, organisation, or your account, the associated data is deleted. Sanctions-screening audit records may be retained for the period you are legally required to keep AML records (typically 5 years).
  • Analytics data: retained in aggregated or pseudonymised form in line with our analytics provider’s defaults.

9. How we protect data

We apply industry-standard technical and organisational measures, including encryption in transit and at rest, strict access controls, tenant data isolation, and rate limiting. Read more on our Security page. No system is perfectly secure, but we work hard to protect your data and will notify you and the ICO of any qualifying personal-data breach as required by law.

10. Your rights

Under the UK GDPR you have the right to:

  • access a copy of your personal data;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict or object to certain processing;
  • data portability;
  • withdraw consent at any time (e.g. analytics or marketing); and
  • not be subject to solely automated decisions with legal or similarly significant effects — we do not carry out such decision-making.

To exercise any of these, email [email protected]. We will respond within one month. If the data you’re asking about was uploaded by one of our customers (where we act as processor), we’ll direct your request to that customer.

You also have the right to complain to the ICO at ico.org.uk, though we’d appreciate the chance to address your concerns first.

11. Children

The Service is intended for business users and is not directed at children. We do not knowingly collect data about anyone under 18 except where a customer records an occupier as part of a tenancy.

12. Data-processing terms for customers

When we act as a processor for compliance data you upload, we: (a) process it only on your documented instructions; (b) ensure staff are bound by confidentiality; (c) apply the security measures described on our Security page; (d) use only the sub-processors listed above and notify you of intended changes; (e) assist you with data-subject requests and breach notifications; and (f) delete or return the data on termination. If you require a signed Data Processing Agreement, contact [email protected].

13. Changes to this policy

We may update this policy from time to time. When we make material changes we’ll update the “last updated” date and, where appropriate, notify you in the app or by email.

14. Contact us

Questions about privacy? Email [email protected].