Privacy Policy

Last updated: 16 April 2026

This Privacy Policy explains how Rent Report (“we”, “us”, “our”) collects, uses, stores, and shares your personal data when you use our website and services (the Service).

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Rent Report is a rental market intelligence service operating in the United Kingdom. We provide data-driven rental estimates, market intelligence reports, and Surveyor’s Reports for landlords, tenants, property professionals, and advisers.

If you have any questions about how we handle your data, please contact us using the details provided on our website.

2. What Data We Collect

Depending on how you use the Service, we may collect the following categories of personal data.

Information you provide directly
  • Your name and email address, when you place an order or register an account
  • Property address and postcode, to generate your report
  • Payment information, although full card details are processed directly by our payment provider and are not stored by us
  • Additional property information you submit, such as number of bedrooms, condition, tenure, and related details
Information collected automatically
  • Technical information such as your IP address, browser type, operating system, and pages visited
  • Cookies and similar tracking technologies, as described in Section 8
Information generated through the Service
  • Your report history
  • Outputs associated with your orders and account activity

3. How We Use Your Data

We use your personal data for the following purposes and rely on the following legal bases under UK GDPR.

Purpose Legal basis
To generate and deliver your report Performance of a contract
To process payment for paid reports Performance of a contract
To send your report and order confirmation Performance of a contract
To store your report history in “My Reports” Performance of a contract and/or legitimate interests
To improve the accuracy of our valuation models Legitimate interests
To comply with legal and regulatory obligations Legal obligation
To contact you about service updates or changes Legitimate interests
To detect and prevent fraud or misuse Legitimate interests

We do not use your personal data for solely automated decision-making that produces significant legal effects.

4. AI Processing

Our Market Intelligence Reports and Surveyor’s Reports are generated with the assistance of OpenAI’s API.

When you submit a property for a report, property-related information such as postcode, property type, bedroom count, and condition rating may be sent to OpenAI’s API in order to generate market commentary and analysis.

We do not send your name, email address, or payment information to OpenAI.

We use OpenAI’s API under terms intended to restrict submitted data from being used to train their models.

5. Who We Share Your Data With

We do not sell your personal data.

We may share your data with the following third parties where necessary to provide the Service:

Payment processors

To securely process payments. Full payment card details are handled directly by our payment provider and are not stored on our systems.

OpenAI

For AI-assisted report generation, using property-related information only, as described in Section 4.

Hosting and infrastructure providers

These providers store and process data on our behalf under appropriate contractual arrangements.

Expert reviewers

Where you order a Surveyor’s Report, we may share relevant property details with the independent reviewer so they can complete the desktop review.

Legal or regulatory authorities

Where we are required to do so by law, regulation, court order, or legal process.

Any third party processing personal data on our behalf is required to do so only on our instructions and in compliance with applicable data protection law.

6. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy.

Retention periods
  • Account and report data: retained while your account is active, and for up to 3 years after your last use of the Service
  • Order and payment records: retained for up to 7 years for accounting, tax, and legal compliance purposes
  • Technical logs: retained for up to 12 months

When data is no longer needed, it is securely deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to ask us to correct inaccurate or incomplete data
  • Right to erasure — to ask us to delete your data in certain circumstances
  • Right to restriction — to ask us to restrict how we process your data in certain circumstances
  • Right to data portability — to request your data in a structured, commonly used, machine-readable format
  • Right to object — to object to processing based on legitimate interests
  • Rights relating to automated decision-making — to object to being subject to solely automated decisions that significantly affect you

To exercise any of these rights, please contact us using the contact details on our website. We will normally respond within one calendar month.

We may ask you to verify your identity before fulfilling your request.

If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

8. Cookies

We use cookies and similar technologies to operate and improve the Service.

Cookies are small text files stored on your device. We use:

Strictly necessary cookies

These are required for the Service to function properly, for example to maintain your login session. These cookies cannot be disabled.

Analytics cookies

These help us understand how visitors use the Service so we can improve it. We use anonymised analytics only.

You can control non-essential cookies through your browser settings. Please note that disabling cookies may affect how the Service functions.

9. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or destruction.

These measures include:

  • encrypted data transmission (HTTPS)
  • access controls
  • regular security reviews

No method of transmission over the internet is completely secure. While we work to protect your data, we cannot guarantee absolute security.

10. International Transfers

Our primary infrastructure is based in the United Kingdom.

Where personal data is transferred outside the UK, for example to OpenAI’s servers in the United States, we ensure that appropriate safeguards are in place. These may include standard contractual clauses or other recognised safeguards under UK GDPR.

11. Children

The Service is not directed at children under the age of 16, and we do not knowingly collect personal data from children.

If you believe we have inadvertently collected personal data from a child, please contact us and we will delete it as soon as reasonably practicable.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Service.

When we do, we will update the Last updated date at the top of this page. We encourage you to review this page periodically.

13. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your data, please contact us using the contact details provided on our website.