1. Who we are
The Sales Progressor (“Sales Progressor”, “we”, “us”, “our”) is a property transaction management platform operated by The Sales Progressor Ltd, a company registered in England and Wales, company number [Company number], registered office [Registered office address].
This policy explains how we collect, use, and protect personal data in connection with the platform, and the rights you have over your data.
Two different relationships — please read this part
How we handle data depends on whose data it is:
- For our own platform data — the accounts of estate agency staff who use the platform, and our billing records — we are the data controller. This policy governs that data, and we decide how and why it is processed.
- For the data an agency enters about its own clients — the buyers, sellers, and solicitors involved in a property transaction — the agency is the data controller and we are the data processoracting on the agency’s instructions. We process that data to provide the platform to the agency; we do not decide how it is used. Buyers and sellers with questions about their data should contact the estate agency handling their transaction in the first instance (see section 6).
If you are unsure which applies to you: if you work for an estate agency and log in to the platform, the first relationship applies. If you are a buyer or seller who received a portal link from your agency, the second applies.
2. The data we collect
Agency staff (account holders)
Name, email address, hashed password, role within the agency, and — for the account that manages payment — billing contact details.
Transaction contacts (buyers, sellers, solicitors)
Name, email address, phone number, and their role in the transaction. This data is entered by the agency, not collected directly from the individual.
Transaction data
Property addresses, sale details, milestone progress, notes, and logs of communications sent through the platform.
Portal usage (buyers and sellers)
Access timestamps, milestone confirmations, and pages viewed within the transaction portal.
Communications
Copies of emails and messages sent through the platform are logged for record-keeping.
Technical and usage data
When you use the platform, our infrastructure and monitoring providers automatically receive limited technical data — including IP address and browser/device information — for security, error monitoring, and (only with your consent) analytics. See section 4 and our Cookie Policy.
3. How we use your data, and our lawful basis
Under UK GDPR we must have a lawful basis for each way we use personal data. Ours are:
| What we do | Whose data | Lawful basis |
|---|---|---|
| Provide platform accounts and let agency staff log in and work | Agency staff | Contract — necessary to provide the service you signed up for |
| Bill agencies for completed sales and keep billing records | Agency staff (billing contact) | Contract, and legal obligation for tax/accounting records |
| Process transaction data entered by the agency (tracking sales, sending updates, generating chase messages, providing portal access) | Buyers, sellers, solicitors | Processed on the agency’s instructions as their processor; the agency’s own lawful basis applies to this data |
| Send essential service and security communications | Agency staff | Legitimate interests — operating the platform securely |
| Monitor errors and protect the platform from abuse | All users | Legitimate interests — keeping the service secure and reliable |
| Optional product analytics | All users | Consent — only if you accept analytics cookies; you can decline or withdraw at any time |
We do not use personal data for marketing, profiling, automated decision-making with legal effects, or selling to third parties.
4. Third-party services we use (sub-processors)
We use a small number of trusted service providers to run the platform. Each processes personal data only on our instructions and under a data processing agreement. Where a provider is outside the UK, transfers are made under the appropriate safeguard — the International Data Transfer Agreement (IDTA) or addendum to the EU Standard Contractual Clauses (SCCs), as applicable.
| Provider | What it does | Data location |
|---|---|---|
| Supabase | Database hosting and file storage | EU |
| Vercel | Application hosting and delivery | US (SCCs + UK IDTA) |
| SendGrid (Twilio) | Sending transactional and notification email | US (SCCs + UK IDTA) |
| Anthropic | AI-assisted message drafting. Receives the recipient’s first name and role, the role labels (but not the names) of other transaction parties, the property’s street line (without postcode), milestone status, and the timing of previous contact. Does notreceive the full names of other parties, postcodes, sale prices, email addresses, phone numbers, internal notes, or previous message content. Inputs are not used to train Anthropic’s models under their commercial API terms. | US (SCCs + UK IDTA) |
| Stripe | Payment processing for billing. Card details are handled and stored by Stripe — we never see or store full card numbers. | US (SCCs + UK IDTA) |
| Upstash | Rate limiting and background-task infrastructure | EU |
| PostHog | Product analytics — only when you have consented to analytics cookies. Text is masked and session recording is disabled. | EU |
| Sentry | Error monitoring. Receives technical error data which may include IP address, browser information, and the URL where an error occurred. | EU |
We keep this list current as our providers change, and keep our Cookie Policy in step with it.
5. How long we keep data
| Data | Retention |
|---|---|
| Transaction data | Retained for 7 years after the transaction completes or is cancelled, to meet estate agency record-keeping obligations under anti-money-laundering regulations and HMRC tax-record requirements. |
| Agency staff account data | Retained while the account is active. Accounts inactive for 3 or more years with no open transactions are automatically anonymised — name, email, and phone number are replaced with placeholder values. |
| Portal access | Portal links expire after the transaction is marked complete. |
| Billing records | Retained as required by tax and accounting law. |
Erasure requests during the retention period. Where the law requires us to retain transaction records (for example, under anti-money-laundering or tax rules), we cannot fully delete them on request. In those cases we anonymise the records instead — names, email addresses, and phone numbers are replaced with placeholder values so that no personal identifiers remain. The underlying transaction record stays, in anonymised form, for the rest of the legal retention period.
To request deletion or anonymisation of your data, email support@thesalesprogressor.co.uk (see section 6).
6. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Rectification — correct data that is inaccurate or incomplete
- Erasure — ask us to delete your data (“right to be forgotten”), subject to retention obligations described in section 5
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a portable format
- Object — object to processing based on legitimate interests
- Rights regarding automated decision-making — we do not carry out automated decision-making with legal or similarly significant effects
To exercise any of these, email support@thesalesprogressor.co.uk. We will respond within one month.
If you are a buyer or seller whose data was entered by an estate agency: that agency is the data controller for your data, so please contact them in the first instance. We will support them in responding to your request.
You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk— though we’d appreciate the chance to resolve any concern first.
8. Security and data breaches
We protect your data with encryption in transit and at rest, role-based access controls, and audit logging. If a personal data breach occurs that is likely to result in a risk to people’s rights, we will notify the ICO within 72 hours as required by UK GDPR, and affected individuals where required.
9. Children
The platform is a professional tool for estate agencies and is not intended for use by anyone under 18. We do not knowingly collect data about children.
10. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the version and date above and, where appropriate, notify account holders. Continued use of the platform after an update means you accept the revised policy.
11. Contact
Questions about this policy or your data: support@thesalesprogressor.co.uk
Data controller: The Sales Progressor Ltd, company number [Company number], registered office [Registered office address].