Legal

Privacy Policy

Last updated: 23 May 2026  ·  Investdoor Ltd, England & Wales

1. Who we are

Investdoor Ltd ("we", "us", "our") is the data controller for personal data collected through this platform. We are registered with the Information Commissioner's Office (ICO) under the UK General Data Protection Regulation (UK GDPR).

Contact: support@investdoor.co.uk

2. Data we collect

We collect the following categories of personal data:

• Account data — name, email address, phone number, and role (investor or supplier).
• Profile data — investment budget, strategies, geographic preferences, bio, and business details.
• Identity verification data — government-issued photo ID, proof of funds, and supporting compliance documents submitted during the verification process. Verification is conducted manually by our compliance team; documents are stored securely and are not used for any purpose other than identity and AML compliance.
• Transaction data — reservation details, payment amounts, and Stripe payment references.
• Communications — messages sent through the in-platform messaging system between investors and suppliers.
• Usage data — pages visited, deals viewed, and actions taken on the platform (collected via server logs and cookies).

3. How we use your data

We use your personal data to:

• provide and maintain your account and the platform service;
• verify your identity and comply with anti-money laundering (AML) obligations;
• process reservation payments via Stripe;
• facilitate introductions between investors and suppliers;
• send transactional emails (reservation confirmations, account updates);
• improve the platform through anonymised analytics; and
• comply with legal and regulatory obligations.

4. Legal basis for processing

• Contract — processing necessary to provide the service you have registered for (UK GDPR Art. 6(1)(b)).
• Legal obligation — identity verification and AML checks carried out under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (UK GDPR Art. 6(1)(c)).
• Legitimate interests — platform security, fraud prevention, and service improvement (UK GDPR Art. 6(1)(f)).
• Consent — marketing communications (where you have opted in) (UK GDPR Art. 6(1)(a)).

5. Third parties

We share your data with the following trusted third parties solely for the purposes described:

• Supabase — secure database and authentication infrastructure (EU data residency).
• Stripe — payment processing and Connect payouts. Stripe is PCI DSS Level 1 certified.
• Resend — transactional email delivery.
• Mapbox — property location mapping (anonymised coordinates only).

We do not sell your personal data to third parties.

6. Data retention

We retain personal data for the following periods:

• Account and profile data — retained while your account is active and for 7 years after closure to meet financial record-keeping obligations.
• Identity verification documents (photo ID, proof of funds) — retained for 5 years from the date of submission in compliance with the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. This obligation applies regardless of whether your account is subsequently closed or deleted.
• Transaction and payment records — retained for 7 years in line with HMRC requirements.
• In-platform communications — retained for the duration of the relevant deal relationship and for 5 years thereafter.

Verification validity is separate from document retention. Approved photo ID is valid for 12 months and approved proof of funds is valid for 3 months from the date of our approval. When either expires you will need to resubmit; the previously submitted document will continue to be held for the full 5-year retention period regardless.

You may request deletion of data that is not subject to a statutory retention obligation at any time by emailing support@investdoor.co.uk.

7. Your rights

Under UK GDPR you have the right to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request erasure of your data (subject to legal retention requirements);
• object to or restrict certain processing;
• data portability; and
• withdraw consent where processing is based on consent.

To exercise any of these rights, email support@investdoor.co.uk. We will respond within 30 days.

8. Cookies

We use cookies for authentication and platform functionality. See our Cookie Policy for full details.

9. Security

We use industry-standard measures including encryption in transit (TLS) and at rest, row-level security on our database, and access controls to protect your data. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Changes to this policy

We may update this policy periodically. Material changes will be communicated by email to registered users. Continued use of the platform after changes take effect constitutes acceptance.

11. Complaints

If you have a concern about how we handle your data, you may lodge a complaint with the ICO at ico.org.uk.