Heart of London Homes
Heart of
London Homes

Privacy Notice

Last updated: 12 February 2026

1. Who we are

Heart of London Homes is a trading name of ManagedByApp Ltd (company number 16714489), also trading as managedby.app. We are a letting and property management agent operating across Greater London.

We are the data controller for the personal data described in this notice. That means we decide how and why your data is processed, and we are responsible for looking after it properly.

We are registered with the Information Commissioner's Office (ICO).

  • Email: privacy@heartoflondon.homes
  • Post: Flat 23A Wetherby Mansions, Earls Court Square, London, SW5 9BH

2. What personal data we collect

We collect different data depending on who you are and how you interact with us.

Landlords

  • Full name, email address, and phone number
  • Whether you own property personally or through a company (and the company name, if applicable)
  • Property addresses, including postcode and Unique Property Reference Number (UPRN)
  • Compliance documents you upload (gas safety certificates, EICRs, EPCs, deposit protection certificates, and similar)
  • Bank account details for rent payments

Tenants and prospective tenants

  • Full name, email address, phone number, and date of birth
  • Identification documents (passport, driving licence) for Right to Rent checks
  • Employment and income details for referencing
  • Previous addresses and landlord references
  • Bank account details for rent payments
  • Emergency contact details

Guarantors

  • Full name, address, email, and phone number
  • Employment and income details for referencing

Contractors and tradespeople

  • Full name, business name, email, and phone number
  • Trade qualifications and insurance details
  • Bank account details for payments

3. Why we collect your data and our lawful basis

Under UK GDPR, we need a lawful basis every time we process your personal data. Here is what we use your data for and the legal ground we rely on.

Processing purposes and their lawful bases
Purpose Lawful basis
Managing tenancies, collecting rent, and coordinating maintenance Contract performance
Tenant referencing and onboarding Contract performance
Right to Rent checks Legal obligation (Immigration Act 2014)
Protecting tenancy deposits with a government-approved scheme Legal obligation (Housing Act 2004)
Gas safety, electrical safety, and EPC compliance Legal obligation
Client money handling and AML verification Legal obligation (Money Laundering Regulations)
Landlord reporting and property performance updates Legitimate interest
Improving our platform and services Legitimate interest
Marketing communications Consent (explicit opt-in only)

Where we rely on legitimate interest, we have carried out a balancing test to make sure our interests do not override your rights. You can ask us for details of this assessment at any time.

4. Who we share your data with

We only share your data when we need to in order to provide our services or meet a legal obligation. We never sell your data.

  • Tenant referencing providers — to carry out credit, employment, and identity checks on prospective tenants and guarantors
  • Tenancy Deposit Scheme (TDS) — to protect tenant deposits as required by law
  • Calmony (Open Banking / client money) — to hold and manage client money, process rent payments, and carry out AML/payee verification
  • Payment processors — to collect rent and make payments to landlords and contractors
  • Contractors and tradespeople — property addresses and relevant access details to carry out repairs and maintenance
  • Cloud hosting providers — our platform runs on Google Cloud Platform, with data stored in the UK/EEA
  • Email service providers — to send transactional emails (e.g. sign-in links, notifications)
  • HMRC and local authorities — where required by law

All third-party processors are bound by data processing agreements and are required to handle your data in accordance with UK GDPR.

5. How long we keep your data

We keep your data only as long as we need it. Here are our general retention periods:

Data retention periods by type
Data type Retention period
Tenancy records and contracts 6 years after the tenancy ends
Landlord management agreements 6 years after the agreement ends
Right to Rent check records At least 1 year after the tenancy ends (as required by law)
Financial and payment records 6 years (for tax and accounting purposes)
Compliance certificates (gas, electrical, EPC) Duration of the certificate plus 6 years
Unsuccessful tenant applications 6 months after the application
Marketing consent records Until you withdraw consent
AML verification records 5 years after the business relationship ends

When data is no longer needed, we securely delete or anonymise it.

6. How we protect your data

We take the security of your data seriously. Our measures include:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Encrypted storage for data at rest
  • Passwordless authentication via secure magic links — we never store passwords
  • Role-based access controls so staff only see the data they need
  • Infrastructure hosted on Google Cloud Platform with UK/EEA data residency
  • Regular security reviews and updates

7. International data transfers

We store your data within the UK and the European Economic Area (EEA). Some of our service providers (e.g. email delivery, analytics) may process data in the United States. Where this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or UK International Data Transfer Agreements, to protect your data to the same standard as UK GDPR requires.

8. Cookies and analytics

Our website uses a small number of cookies:

  • Essential cookies — required for the site to function (e.g. session cookies for signed-in users, CSRF protection). These do not require consent.
  • Analytics cookies (Google Analytics) — help us understand how visitors use our site so we can improve it. These are only set after you give consent via the cookie banner.

You can change your cookie preferences at any time through your browser settings. Blocking essential cookies may prevent parts of the site from working properly.

9. Your rights

Under UK GDPR, you have the following rights over your personal data:

  • Access — you can ask for a copy of the personal data we hold about you
  • Rectification — you can ask us to correct any data that is inaccurate or incomplete
  • Erasure — you can ask us to delete your data, where there is no legal reason for us to keep it
  • Restriction — you can ask us to limit how we use your data while a concern is being resolved
  • Portability — you can ask for your data in a structured, machine-readable format so you can transfer it to another provider
  • Objection — you can object to processing based on legitimate interest, and we will stop unless we have a compelling reason to continue
  • Withdraw consent — where we process your data based on consent (e.g. marketing), you can withdraw it at any time

To exercise any of these rights, email us at privacy@heartoflondon.homes. We will respond within one month.

These rights are not absolute — in some cases we may need to keep data to comply with a legal obligation (for example, financial records or Right to Rent checks). We will always explain our reasoning if we cannot fully meet a request.

10. How to complain

If you are unhappy with how we have handled your data, please contact us first at privacy@heartoflondon.homes so we can try to resolve the issue.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):

11. Changes to this notice

We may update this privacy notice from time to time. When we make significant changes, we will let you know by email or by placing a notice on our website. The "last updated" date at the top of this page shows when it was most recently revised.