Factorlyfactorly.

Legal

Privacy Policy

Last updated: 15 April 2026

Factorly Ltd (“Factorly”, “we”, “us”, “our”) operates the Factorly property management platform. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our services, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data controller

Factorly Ltd is the data controller for personal data processed through the Factorly platform. If you have questions about this policy or your data rights, contact us at privacy@factorly.co.uk.

2. Data we collect

Account data

When you register, we collect your name, email address, and (if applicable) a hashed password. We never store plain-text passwords.

Property and tenancy data

Property factors may enter data about properties, units, and residents as part of their normal factoring operations. This may include names, contact details, ownership records, and payment history of third parties (property owners and tenants).

Payment data

We process payments via Stripe. We do not store card numbers or payment credentials — these are handled entirely by Stripe in accordance with PCI DSS standards.

Usage data

We collect usage data (page views, feature interactions, browser type, IP address) for security, performance monitoring, and product improvement.

Communications

Messages sent through the platform (direct messages, announcements) are stored to provide the service. We do not read message content unless required for a support request or legal obligation.

3. How we use your data

  • To provide and maintain the Factorly platform
  • To process and record payments on your behalf
  • To send service notifications (charges raised, meeting invites, poll deadlines)
  • To fulfil our legal and regulatory obligations
  • To detect and prevent fraud and abuse
  • To improve the platform through aggregated, anonymised analytics

4. Legal basis for processing

We process personal data under the following legal bases:

  • Contract performance — to provide the service you or your employer has contracted for
  • Legitimate interests — for security monitoring, fraud prevention, and product improvement
  • Legal obligation — to comply with applicable law, including HMRC requirements and the Property Factors (Scotland) Act 2011
  • Consent — for marketing communications (you can withdraw consent at any time)

5. Data sharing

We share personal data only with:

  • Stripe — payment processing
  • Amazon Web Services — cloud hosting and file storage (UK region)
  • Resend — transactional email delivery
  • Sentry — error monitoring (anonymised where possible)

We do not sell personal data to third parties. We do not use personal data for advertising purposes.

6. Data retention

We retain account and property data for the duration of your subscription plus 7 years, to meet legal and accounting obligations. You may request deletion of your account at any time — we will delete personal data within 30 days, subject to legal retention requirements.

7. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (right to erasure)
  • Restrict or object to processing
  • Receive a copy of your data in a portable format
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email privacy@factorly.co.uk. We will respond within 30 days.

8. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorised personnel. We conduct regular security reviews. If you believe you've found a security vulnerability, please email security@factorly.co.uk.

9. Cookies

We use a single authentication cookie (authjs.session-token) that is strictly necessary for login. We do not use tracking or advertising cookies. You cannot opt out of the session cookie as it is required for the application to function.

10. Changes to this policy

We may update this policy periodically. Material changes will be notified via email or in-app notice. The date at the top of this page reflects the most recent revision.

11. Complaints

If you are unhappy with how we handle your data, you may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Privacy Policy — Factorly