Veasy is operated by Veasy Ltd (company registration number to be confirmed), registered in England and Wales.
Veasy is the data controller for the personal data processed through this platform. This means we decide the purposes and means of processing your personal data.
We are in the process of registering with the Information Commissioner's Office (ICO) as required under UK GDPR. Our registration number will be published here once confirmed.
For any data protection queries, contact our Data Protection contact at: privacy@veasy.io
| Purpose | Data used | Lawful basis |
|---|---|---|
| Creating and managing your account | Name, email, hashed password | Contract (Art. 6(1)(b) UK GDPR) |
| Facilitating property viewings between sellers and buyers | Name, email, phone, booking details | Contract (Art. 6(1)(b)) |
| Managing offer negotiations | Buyer/seller identity, offer amounts, messages | Contract (Art. 6(1)(b)) |
| Sending transaction emails (booking confirmations, offer updates) | Name, email address | Contract (Art. 6(1)(b)) |
| Sending SMS notifications | Mobile phone number | Consent (Art. 6(1)(a)) — sellers opt in via dashboard settings |
| Verifying buyer identity before booking | Email, mobile phone | Legitimate interests (Art. 6(1)(f)) — preventing fake bookings |
| Account security (2FA, lockout, rate limiting) | Email, hashed OTP codes, login attempt count | Legitimate interests (Art. 6(1)(f)) — preventing unauthorised access |
| Fraud and abuse prevention | IP address, no-show count, booking history | Legitimate interests (Art. 6(1)(f)) |
| Generating a Memorandum of Sale | Both parties' names, emails, phones; agreed price | Contract (Art. 6(1)(b)) — required to record the agreed sale |
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
We share personal data with the following sub-processors to deliver the service. All are bound by data processing agreements and appropriate safeguards for international transfers.
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Resend | Transactional email delivery | United States | UK Standard Contractual Clauses (SCCs) |
| Twilio | SMS notification delivery | United States | UK Standard Contractual Clauses (SCCs) |
We do not sell your personal data to any third party. We do not share your data with advertisers or analytics platforms.
Buyer and seller contact details (name, email, phone) are shared with the other party only at the point at which it is necessary to facilitate the transaction — for example, a seller's phone number is shared with a confirmed buyer so they can contact each other for the viewing.
| Data type | Retention period | Reason |
|---|---|---|
| Verification OTP sessions | 1 hour from creation (auto-purged) | No purpose after expiry |
| Password reset tokens | 48 hours, or immediately on use | No purpose after expiry |
| Active seller accounts | While the account remains active | Required to provide the service |
| Seller account (after deletion request) | Anonymised within 30 days | Referential integrity of transaction records |
| Booking and offer records | 7 years from completion | Potential legal disputes; property transaction records |
| Property listings | 7 years from sale or withdrawal | Potential legal disputes |
| Server access logs | 30 days (infrastructure level) | Security and abuse prevention |
Veasy does not use tracking or advertising cookies.
We use browser local storage to keep you signed in between sessions. This stores a short-lived authentication token on your device. It is not a cookie and is not transmitted to third parties. You can clear it at any time by signing out or clearing your browser data.
Some browsers may also store cached responses for performance. No personal data is included in those caches.
You have the following rights regarding your personal data. To exercise any of them, email privacy@veasy.io. We will respond within 30 days.
You can request a copy of all personal data we hold about you. Sellers can also download their data directly from their dashboard (Account settings → Export my data).
You can request deletion of your account and personal data. Sellers can do this directly from their dashboard (Account settings → Delete my account). We will anonymise your data within 30 days. Note: we may retain transaction records in anonymised form for 7 years as described above.
You can request your data in a structured, machine-readable format (JSON). Sellers can download this directly from their dashboard.
If any of your data is inaccurate, you can update it in your account settings or contact us to correct it.
You can ask us to restrict processing of your data in certain circumstances — for example, while a dispute about accuracy is resolved.
You can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds that override your interests.
Where processing is based on consent (SMS notifications), you can withdraw consent at any time in your dashboard settings. Withdrawal does not affect the lawfulness of prior processing.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
We take the security of your personal data seriously. Our measures include:
No system is completely immune to security incidents. In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR.
We may update this policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of Veasy after notice of changes constitutes acceptance of the updated policy.
For any data protection queries, requests, or complaints:
We aim to respond to all requests within 30 days. For complex requests, we may extend this by a further two months — we will notify you if this is the case.