Back to home
Legal

Privacy policy

Last updated: 11 May 2026

Working draft. This is a first-pass policy written for a UK-based business serving UK-to-UAE relocators. It reflects the data we actually collect today and has been written with GDPR in mind, but it has not yet been reviewed by a solicitor. Please treat it as a starting point and have it reviewed before relying on it for compliance.

This policy explains how Landed(“we”, “us”, “our”) collects, uses, stores, and protects your personal information when you visit landed.guide, use our AI tools, sign up for the waitlist, download a guide PDF, or book a strategy session.

We are committed to handling personal data lawfully under the UK GDPR, the Data Protection Act 2018, and (where applicable) the EU GDPR. If your data is also subject to UAE federal privacy law (Federal Decree-Law No. 45 of 2021), the relevant UAE provisions apply alongside the UK rules.

Who is the data controller?

Landed is the data controller for personal information collected through this website. For privacy questions or to exercise any of the rights below, contact us at support@landed.guide.

What information we collect

We collect the following categories of personal data:

  • Account data. Your email address (used for sign-in via magic-link) and any name or profile details you choose to add to your account.
  • Tool inputs and outputs. Information you type or upload into the AI tools (e.g. CV text, target roles, salary figures, contact lists, planner inputs) and the AI-generated outputs we return to you. If you click Save to dashboard, we retain those inputs and outputs in our database; otherwise they live for the duration of the request only.
  • Waitlist and lead-magnet signups. When you join the waitlist, request a guide PDF, or submit the corridor form, we record your email and (where you provide it) your country of origin and stated interests.
  • Booking data. If you book a strategy session we collect your name, email, the session you booked, and any context you share in the booking form.
  • Payment data. If you pay for a membership or one-off pack, our payment processor (Stripe) handles your card details directly. Stripe shares a customer identifier and limited payment metadata back to us. We never see or store your card number.
  • Technical data. Standard request logs (IP address, user agent, referrer, requested URL) for security and reliability. We use Vercel for hosting and may use Sentry for error reporting once configured.
  • Cookies. We use a small set of strictly necessary cookies for authentication and security. We do not use advertising cookies.

We do not collect special category data (e.g. health, religion, biometric data) deliberately. If you choose to share such information in a free-text field (e.g. medical history in a planner question), we will only use it to fulfil the request and delete it on request.

How we use your information

We use the data above for the following purposes, on the following lawful bases:

  • To provide the service (contract): run the AI tools, deliver guides, host your account, complete bookings.
  • To improve the service (legitimate interests): aggregate usage analytics, debug errors, refine prompts. We never sell your data.
  • To send service emails (contract): booking confirmations, password-less sign-in links, membership receipts.
  • To send updates about new guides(consent, opt-in only): you can unsubscribe at any time from any update email.
  • To meet legal obligations (legal obligation): tax records, fraud prevention, lawful requests.

Who we share data with

We share personal data only with the following processors:

  • Vercel (US / EU): hosting and request processing.
  • Supabase (EU): database, authentication, file storage.
  • Anthropic (US): the AI model (Claude) that generates tool outputs. Tool inputs are sent to Anthropic for the duration of the request and are governed by their privacy and zero-retention commitments.
  • Stripe (US / EU): payment processing.
  • Resend (US): transactional email.
  • Sentry (US, when enabled): error monitoring.

Each processor handles data under a contractual agreement including UK GDPR-compliant data processing terms. Where data is transferred outside the UK / EEA, we rely on the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or an adequacy decision.

We do not sell personal data, and we do not share it with advertisers or data brokers.

How long we keep data

  • Account data: for as long as you maintain an account, plus up to 90 days after deletion to handle any disputes.
  • Saved tool runs: until you delete them, or until you delete your account.
  • Waitlist and lead-magnet signups: until you ask to be removed.
  • Booking and payment records: 7 years (UK financial record retention).
  • Technical request logs: typically 30 days.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data, or have it completed
  • Erase your data (the “right to be forgotten”)
  • Restrict or object to processing in certain situations
  • Data portability (receive your data in a machine-readable format)
  • Withdraw consent at any time, where consent is the lawful basis

To exercise any of these rights, email support@landed.guide. We will respond within one calendar month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

Security

We follow industry-standard practices: encrypted data in transit (TLS), encrypted database storage at rest, role-based access controls on production systems, secrets kept out of source control, and webhook signature verification on inbound integrations. No system is perfectly secure, but we work to make ours genuinely resistant to common threats.

Cookies

We use cookies in two narrow ways:

  • Authentication cookies from Supabase for session management. Strictly necessary; you cannot sign in without them.
  • Security cookies for CSRF protection and rate limiting.

We do not use advertising or tracking cookies. We may add privacy-respecting analytics (e.g. Plausible) in the future; if we do, we will update this policy and clearly disclose it.

Children

Landed is for adults relocating from the UK to the UAE for work, family, or business reasons. Our services are not targeted at children, and we do not knowingly collect data from anyone under 16. If you believe we have inadvertently collected data about a child, contact us and we will delete it.

Changes to this policy

We will update this page when our practices change. The “Last updated” date at the top reflects the most recent change. Material changes that affect your rights will be communicated by email where reasonably possible.

Contact us

For privacy questions, data subject requests, or any other concern about how we handle your information, email support@landed.guide.