Live: 27 references completed on WhatsApp today · Average turnaround 6h 12m

Privacy Policy

We value your privacy! This policy explains what data we collect, how we use it, and how we keep it safe.

Updated 11th April, 2026

Who we are

RED ALGORITHMS LTD
Company number: 17152098 · Registered in England & Wales
Registered Address: 82 A James Carter Road, Mildenhall, Suffolk, England, IP28 7DE
Email: privacy@mychecksai.com

Under UK GDPR, we may act as a data processor when landlords, letting agents, or other customers use our platform to request referencing, identity, compliance, or contact workflows. We may act as a data controller where you deal with us directly, for example when you contact us through our website, sign up for an account, pay for a public order, or interact with our service updates and support channels.

What information we collect

Depending on the check type, we may collect:

  • Applicants (tenants/guarantors): name, date of birth, email, phone number, WhatsApp identifier, address history, income and employment information, referee details, identity and right to rent information, responses submitted through our web forms, WhatsApp flows, or verification journeys, and — where an optional income verification is requested — bank transaction data retrieved via open banking.
  • Referees (employers/landlords/personal contacts): name, email address, phone number, relationship to the applicant, contact permission status, and reference responses.
  • Landlords, agents, and account users: name, business name, email address, phone number, WhatsApp number, branch or organisation details, payment and billing events, support requests, and product usage or audit logs.
  • Technical and service data: device and browser information, IP address, message delivery events, webhook event logs, call metadata, and error monitoring data needed to secure and operate the service.

Where we get personal data from

We may collect personal data directly from you or receive it from other people involved in a tenancy check.

  • Directly from applicants, referees, landlords, agents, and website visitors
  • From landlords or agents who enter applicant and referee details into our platform
  • From identity verification providers where you complete an ID or liveness check
  • From open banking providers where you consent to a bank data connection as part of an income verification step
  • From communications providers that return delivery, verification, or message-status events
  • From payment providers when a purchase, refund, or billing event occurs

How we use your information

We use personal data to:

  • Run tenant referencing, identity, and compliance checks requested by landlords/agents
  • Contact referees only where the applicant has permission
  • Send email, SMS, WhatsApp, and verification updates relating to a check, support issue, or payment
  • Provide results to the requesting landlord/agent
  • Take payment, issue receipts, and manage public or account-based orders
  • Operate support, recovery, and troubleshooting workflows where a message, payment, or verification step fails
  • Maintain audit logs and prevent fraud/misuse
  • Use workflow automation tools to route enquiries and operational events
  • Comply with applicable legal and regulatory obligations

When an applicant provides referee details, the applicant confirms they have informed their referees and have explicit permission for us to contact them as part of the check.

Referee reminder tip: We may show a reminder such as:

“Tip: Please let your referee know we’ll be contacting them shortly — it helps speed things up.”

Lawful basis (UK GDPR)

We process personal data using one or more of the following lawful bases:

  • Consent where required, for example where you provide biometric or identity-related inputs through a verification provider, opt in to marketing, or choose to submit information directly to us in a way that relies on consent.
  • Contract where we need to provide the service requested, including account access, paid checks, support, billing, and communication workflows.
  • Legitimate interests where we need to secure the platform, prevent misuse, troubleshoot failed communications, maintain operational records, improve workflows, and support customers.
  • Legal obligation where we need to support compliance checks, record keeping, fraud prevention, or lawful requests from regulators or authorities.

Data Retention

We keep data only for as long as we reasonably need it for the service, dispute handling, support, and legal or regulatory compliance. Typical retention periods include:

  • Referencing, compliance, and submission records: up to 6 years
  • Payment and billing records: up to 6 years
  • Email, SMS, WhatsApp, and delivery-status logs: typically up to 12 months, or longer where needed for support or disputes
  • Contact enquiries submitted through our website: typically up to 24 months unless a longer business relationship follows
  • AI call summaries, transcripts, and operational metadata: kept only as long as needed for the verification workflow, support, and audit trail
  • Error monitoring and security logs: kept for a limited operational period in line with our providers and internal retention settings
  • Marketing consent records: until consent is withdrawn or the record is no longer needed to demonstrate compliance

Marketing vs transactional messages (and STOP)

Transactional messages are messages required to run a check (e.g. invites, reminders, status updates). Marketing messages are optional and only sent if you opt in.

You can opt out of marketing at any time. For SMS or WhatsApp campaigns, that may include replying STOP where that option is supported. Opting out of marketing does not stop essential transactional messages relating to active checks, payments, support, or verification steps.

AI tools, call handling, and automation

We use automation and AI-assisted tools to support some parts of the service, such as support workflows, operational routing, landlord outreach, message handling, and internal productivity features.

  • OpenAI may process prompts, message content, and structured data used in internal assistant or workflow features.
  • ElevenLabs may process phone numbers, call metadata, and call content where we initiate AI-assisted landlord verification calls.
  • n8n may receive website enquiry data and operational webhook payloads so we can automate support and business workflows.

These tools support our service operations, but they do not make the final tenancy decision. Final letting or screening decisions remain with the landlord, letting agent, or customer using our service.

Third-party processors

We use third-party processors and infrastructure providers to deliver the service. Depending on the feature used, personal data may be processed in the UK, EEA, United States, or other countries where our providers operate. Our main processors and service providers include:

  • Meta (Facebook/WhatsApp): WhatsApp messaging and flows
  • Twilio: SMS, WhatsApp delivery, mobile verification, and message status callbacks
  • Brevo: transactional email delivery and email event webhooks
  • Stripe: payments and billing
  • Yoti: identity verification
  • GoCardless (Nordigen): open banking bank account data — read-only transaction retrieval for income verification (optional add-on)
  • OpenAI: AI-assisted internal workflow and support features
  • ElevenLabs: AI-powered outbound calling and related call events
  • Sentry: application error monitoring and diagnostics
  • n8n: workflow automation for website enquiries and operational events
  • Hetzner: application hosting (EU)
  • Amazon S3: file storage (EU region)
  • Redis and Celery infrastructure: background task processing and queueing used to operate the service

We take steps to use providers with appropriate security and data protection commitments and, where required, we rely on contractual safeguards for international transfers.

International transfers

Some of our providers process data outside the UK. Where that happens, we rely on appropriate safeguards such as contractual transfer mechanisms, provider commitments, and security controls designed to protect personal data.

If you would like more information about the safeguards relevant to a particular transfer, contact us at privacy@mychecksai.com.

Yoti identity checks (disclosure)

To help establish identity, we use Yoti to perform identity verification. When you submit an ID document, Yoti extracts data such as name and date of birth. If you are asked to submit a selfie, Yoti uses technology to check the selfie is of a real person and matches the photo on the ID document. Yoti sends us the results of the checks.

Yoti retains data for their operational period and deletes it in line with their retention practices. We retain identity check results in accordance with the retention section above.

Open Banking income verification (disclosure)

As an optional add-on to a tenancy reference, we offer income verification using Open Banking. This is a secure, FCA-regulated mechanism that lets you share a read-only view of your bank transaction history with authorised services — without sharing your login credentials or giving anyone the ability to move money.

We use GoCardless Bank Account Data (formerly Nordigen), an authorised payment institution regulated by the FCA, to facilitate this connection. When you consent to an income verification:

  • You are redirected to GoCardless to select your bank and authorise a read-only connection
  • GoCardless retrieves your recent transaction history and provides it to us
  • We analyse the transactions to confirm regular income patterns (salary, pension, or other regular income)
  • The result is shared with the requesting landlord or letting agent as part of the reference report

What we cannot do via this connection: we cannot make payments, transfer funds, change account details, or access your credentials. The connection is strictly read-only.

The lawful basis for processing open banking data is consent — you must actively authorise the connection. You may withdraw consent before completing the connection at any time. Once a session expires or the check is complete, the connection is closed. Raw transaction data is retained only as long as needed to produce the income report and is deleted thereafter.

For more information about Open Banking and your rights, visit openbanking.org.uk or the FCA Register.

Your rights

Depending on the circumstances, you may have the right to ask for access to your personal data, correction of inaccurate data, deletion, restriction of processing, portability, objection to processing, and withdrawal of consent where consent is relied on.

If we are acting as a processor for a landlord or agent, you may also need to contact that landlord or agent directly, as they may be the primary controller for the tenancy check.

To exercise your rights, contact privacy@mychecksai.com. You also have the right to complain to the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

Security

We use technical and organisational measures designed to protect personal data, including access controls, audit logging, background-task controls, provider authentication, and error monitoring. No system can be guaranteed to be completely secure, but we take reasonable steps to reduce risk and respond to incidents.

Start free