Privacy Policy
Last updated: 23 February 2025
Liivable (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Liivable is a data service providing neighbourhood liveability reports for English postcodes. If you have any questions about this policy, contact us at support@liivable.com.
2. Data We Collect
We collect the following categories of personal data:
- Account information: email address and password hash when you create an account.
- Postcode searches: postcodes you search for, used to generate your report and improve the service.
- Payment information: payment method details processed securely by Stripe. We do not store full card numbers.
- Usage data: pages visited, search queries, and timestamps, collected via server logs and analytics.
- Communications: any messages you send us via email or support channels.
3. Legal Basis for Processing
- Contract performance: to provide the reports and services you purchase.
- Legitimate interests: to improve the service, prevent fraud, and maintain security.
- Legal obligation: to comply with financial record-keeping requirements.
- Consent: for any optional marketing communications.
4. Third Parties
We share data with the following trusted third parties only where necessary:
- Stripe — payment processing. Stripe processes payment information under their own privacy policy. See stripe.com/gb/privacy.
- Supabase — database and authentication hosting. Data is stored on EU/UK servers. See supabase.com/privacy.
- Vercel — application hosting and edge delivery. See vercel.com/legal/privacy-policy.
Government APIs: when generating reports, we query official UK government data APIs on your behalf. No personal data (such as your email or name) is sent to these APIs — only the postcode you have searched for.
5. Cookies
We use essential cookies only. These are required for the service to function correctly, including your authentication session. We do not use tracking, advertising, or analytics cookies. See our Cookie Policy for full details.
6. Data Retention
- Account data: retained until you delete your account or request erasure.
- Report cache: generated report data is cached for 30 days to improve performance, then automatically deleted.
- Payment records: retained for 7 years to comply with HMRC requirements.
- Server logs: retained for 90 days for security and debugging purposes.
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate data.
- Right to erasure: request deletion of your personal data where there is no legal obligation to retain it.
- Right to restrict processing: request that we limit how we use your data.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interests.
To exercise any of these rights, email us at support@liivable.com. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
8. International Data Transfers
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including UK adequacy decisions or Standard Contractual Clauses, in accordance with UK GDPR Chapter V.
9. Changes to This Policy
We may update this policy from time to time. We will notify registered users of material changes by email. The date at the top of this page indicates when it was last revised.
10. Contact Us
For any privacy-related questions or to exercise your rights, contact us at support@liivable.com.