Privacy Policy

1. Who we are

Greybook is operated by HomeHive Club Ltd, a company registered in England and Wales (company number pending). Our registered office is at 86-90 Paul Street, London EC2A 4NE. In this policy, “we”, “us”, and “Greybook” refer to HomeHive Club Ltd.

For data protection purposes, HomeHive Club Ltd is the data controller. You can contact us about data protection matters at privacy@greybook.co.uk.

2. What data we collect

We collect the following categories of personal data:

Account information

When you register, we collect your name, email address, phone number (optional), and whether you are an investor or estate agent. This is necessary to create and manage your account.

Verification documents

Investors: We collect proof of funds documentation, which may include bank statements, broker letters, or agreements in principle. These documents are reviewed to verify your available capital and are stored securely.

Agents: We collect your Companies House registration number and professional indemnity insurance certificate. We verify these against public records.

Profile and listing data

Agents provide property listing information including property type, location, pricing, images, and descriptions. Investors provide mandate information including property preferences, target locations, budget ranges, and yield requirements.

Transaction data

When you purchase credit packs or subscriptions, payment processing is handled by Stripe. We store transaction records (amounts, dates, credit balances) but do not store your payment card details.

Usage data

We collect data about how you use the platform, including pages visited, features used, matches viewed, and credits spent. This is collected via PostHog analytics.

3. How we use your data

We use your personal data for the following purposes:

Platform operation: To create and manage your account, process verification, display listings, match mandates to agents, process payments, and facilitate introductions between investors and agents.

Communication: To send you match notifications, verification status updates, introduction confirmations, and important platform updates via email.

Quality and safety: To review listings for quality standards, enforce off-market exclusivity rules, and prevent misuse of the platform.

Improvement: To analyse usage patterns and improve the platform experience, including the matching algorithm.

Our legal basis for processing is: performance of a contract (account management, platform features), legitimate interests (analytics, quality enforcement, fraud prevention), and consent (marketing communications, where applicable).

4. Who we share data with

We share personal data with the following categories of recipients:

Other Greybook members: Your profile information (name, company, coverage areas for agents, mandate criteria for investors) is visible to verified members when they unlock your details using credits. Verification documents are never shared with other members.

Service providers: We use third-party services to operate the platform, including Clerk (authentication), Stripe (payments), Resend (email), Supabase (database and file storage), Vercel (hosting), and PostHog (analytics). These providers process data on our behalf under appropriate data processing agreements.

We do not sell personal data to third parties. We do not share data with advertisers.

5. Data retention

We retain your account data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g., financial transaction records, which we retain for 6 years).

Verification documents are retained for the duration of your membership plus 12 months. Listing data for properties that have been sold or withdrawn is retained in anonymised form for market analysis.

6. Data security

We take appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, regular security reviews, and secure cloud infrastructure. Verification documents are stored in encrypted storage with restricted access.

7. Your rights

Under UK data protection law (UK GDPR), you have the right to:

Access the personal data we hold about you. Rectify inaccurate personal data. Erase your personal data (subject to legal retention requirements). Restrict processing in certain circumstances. Object to processing based on legitimate interests. Port your data to another service. Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@greybook.co.uk. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (PostHog) to understand how the platform is used. You can disable analytics cookies in your browser settings without affecting platform functionality.

9. Changes to this policy

We may update this privacy policy from time to time. We will notify you of significant changes by email. The latest version will always be available on this page.

10. Contact and complaints

If you have questions about this policy or wish to make a complaint, contact us at privacy@greybook.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.