GDPR & Compliance
Status: Draft Owner: @bilal @deen Last Updated: 2026-02-24
GDPR Requirements
Personal Data Held
| Table | Fields | Lawful Basis |
|---|---|---|
users | email, full_name, phone | Contract (user signed up) |
tenants | name, phone, email | Legitimate interest (landlord’s tenant) |
vendors | name, phone, email | Contract (vendor relationship) |
conversations | message content, phone | Legitimate interest + consent |
messages | content, media_url | Legitimate interest + consent |
Data Subject Rights
| Right | Implementation | Status |
|---|---|---|
| Right to access | Export tenant data on request | Not implemented |
| Right to erasure | Delete/anonymise tenant data | Soft delete exists, full erasure TBD |
| Right to rectification | Update personal data | Via dashboard |
| Right to portability | Export in machine-readable format | Not implemented |
Deletion Flow
Contact: gdpr@ehq.tech (not yet set up — see Domain & Email Setup)
Process (to be implemented):
- Receive deletion request
- Verify identity
- Anonymise tenant record (replace PII with
[REDACTED]) - Retain anonymised conversation data for regulatory compliance
- Confirm deletion to requester within 30 days
Data Retention
| Data | Full | Summary | Metadata |
|---|---|---|---|
| Conversations | 1 year | 3 years | 7 years |
| Audio recordings | 1 year | N/A | 7 years |
| Media attachments | 1 year | N/A | 7 years |
Consent
| Channel | Method |
|---|---|
| Voice | ”This call may be recorded…” at start |
| First message includes consent notice | |
| Chat | Consent in onboarding / first interaction |
UK Housing Regulations
Compliance documents tracked per property:
- Gas Safety Certificate (annual)
- EPC (10 years)
- EICR (5 years)
- HMO License (5 years)
- Fire Risk Assessment
- Legionella Assessment
Envo tracks expiry dates and alerts landlords before documents expire (30-day default).
Marketing Site Legal Pages
- Privacy policy — Live at ehq.tech/privacy. Covers waitlist data (consent), PostHog cookieless analytics (legitimate interest), sub-processors, UK GDPR rights, PECR compliance.
- Terms of service — Live at ehq.tech/terms. Covers waitlist, acceptable use, IP, disclaimers, liability, governing law (England & Wales).
Analytics (PostHog)
PostHog Cloud EU (Frankfurt) runs in cookieless mode (cookieless_mode: "always"). No cookies or device storage are set. A server-side privacy-preserving hash (IP + user agent + daily salt) provides anonymous visitor counts. The salt is deleted daily. Because nothing is stored on or read from the user’s device, PECR cookie consent is not required. Lawful basis: legitimate interest (UK GDPR Article 6(1)(f)).
Security Compliance (Future)
- SOC2 readiness (Drata/Immuta)
- OWASP scanning
- Penetration testing
See also: Security, Data Model