capora← Home

Legal

Privacy Policy

Last updated · 8 May 2026

Draft. This document is a working draft and not legal advice. It will be reviewed by a UK solicitor before launch — terms may change.

This policy explains what personal data we collect when you use Capora, how we use it, and the rights you have under UK GDPR. Daramola Consulting Ltd is the data controller.

1. Data we collect

We collect the following categories of personal data:

  • Account data: email address, password (hashed by Supabase Auth), full name if provided, the version of the disclaimer you accepted and when.
  • Deal data: the property details you enter or paste (address, postcode, price, rent, mortgage assumptions), and the scores and figures we compute from them.
  • Usage data: a log of events on your account — sign-up, disclaimer acceptance, deals created, referrals applied, waitlist joins. Used to count quota, prevent abuse, and to give an admin view of activity.
  • Technical data: IP address, user-agent, and cookies necessary for login and rate-limiting.

2. How we use your data

We use the data above to:

  • Operate the Service and provide the features you ask for.
  • Enforce the monthly report quota and detect abusive usage (legitimate interest).
  • Send transactional emails (sign-up confirmation, password reset). We won't send marketing emails without your consent.
  • Improve the Service — for example, analysing anonymised usage patterns to fix bugs.
  • Comply with our legal obligations (tax, anti-fraud).

3. Who processes your data on our behalf

We use the following sub-processors. Each is a reputable provider with appropriate data-protection terms in place.

  • Supabase — database hosting (EU-West-2, London) and authentication.
  • Vercel — application hosting and edge functions.
  • Anthropic — AI deal report generation. We send the property fields and scores but not your email or account identifiers.
  • OpenAI — extracting property details from a URL you paste. Only the URL is sent.

We don't sell your data, and we don't share it with advertisers.

4. How long we keep your data

We keep account and deal data for as long as your account is open. When you close your account, we delete your deals within 30 days and your account record within 90 days, except where we need to retain limited records to meet legal obligations (e.g. accounting records) or to defend legal claims.

5. Your rights

Under UK GDPR you have the right to:

  • Access a copy of the data we hold about you.
  • Correct data that's inaccurate or incomplete.
  • Have your data deleted (the "right to be forgotten").
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Complain to the UK Information Commissioner's Office (ICO) if you think we're not handling your data properly.

To exercise any of these rights, email privacy@capora.co.uk.

6. Cookies

Capora uses only strictly-necessary cookies, set by Supabase Auth, to keep you signed in. We don't use third-party advertising or tracking cookies. If we add product analytics in the future we'll update this policy and ask for consent where required.

7. Security

Data is encrypted in transit (HTTPS) and at rest (Supabase Postgres with AES-256). Access to the database is limited to named team members with audit logging. We don't store payment-card details — when paid plans launch, those will be handled by a PCI DSS Level 1 payment provider.

8. Children

Capora is not intended for users under 18. We don't knowingly collect personal data from children. If you believe a child has signed up, please contact us and we'll delete the account.

9. Changes to this policy

We may update this policy from time to time. We'll show the updated date at the top, and for material changes we'll notify you by email or in-app banner.

10. Contact

Daramola Consulting Ltd, registered in England and Wales.
Data Protection contact: privacy@capora.co.uk.

Questions? Email hello@capora.co.uk.