Party Wall Portal

Privacy Policy

Last updated: 14 May 2026

1. Who we are

Party Wall Portal (“we”, “us”, “our”) is a trading name operated in the United Kingdom. Our platform is available at www.partywallportal.co.uk. For any privacy-related enquiries you can reach us at hello@partywallportal.co.uk.

2. What data we collect

Account information

  • Name, email address, phone number and job title
  • Company name, address, logo and contact details
  • Login credentials (password stored as a secure hash by our authentication provider)

Business data you create

  • Jobs, matters, contacts and addresses
  • Documents you upload or generate (notices, awards, letters, schedules of condition)
  • Calendar events, tasks and time entries
  • Email correspondence sent or received through the platform
  • Notes, activity logs and audit trails

Technical & usage data

  • IP address, browser type and device information
  • Pages visited and features used within the application
  • Cookies necessary for authentication and session management
  • Where you consent, analytics, diagnostics, and session replay data collected through PostHog and Sentry

Payment data

We do not store credit card numbers. Payment processing is handled entirely by Stripe. We retain your Stripe customer ID, subscription status and transaction history for billing purposes.

3. How we use your data

We process your data to:

  • Provide, maintain and improve the Party Wall Portal service
  • Generate documents, manage jobs and track matters on your behalf
  • Process payments and manage your subscription
  • Send transactional emails (account verification, password resets, billing receipts, data export notifications)
  • Sync your email and calendar when you connect a Google or Microsoft account
  • Sync documents to cloud storage when you connect Google Drive, OneDrive or Dropbox
  • Where you consent, analyse product usage and diagnose client-side issues using PostHog and Sentry
  • Generate AI-powered summaries of job and matter activity
  • Enforce rate limits, prevent abuse and maintain platform security

4. Legal basis for processing

Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases:

  • Contract – processing necessary to deliver the service you signed up for
  • Legitimate interests – improving our platform, preventing fraud and ensuring security
  • Consent – where you choose to connect third-party accounts (Google, Microsoft, Dropbox)
  • Legal obligation – where we are required to retain certain records

5. Third-party services

We share data with the following processors only to the extent necessary to provide the service:

  • Supabase – database hosting, authentication and file storage (EU/UK infrastructure)
  • Vercel – application hosting and content delivery
  • Stripe – payment processing and subscription management
  • Resend – transactional email delivery
  • PostHog – product analytics and session replay when you enable analytics cookies
  • Sentry – browser and server error monitoring, performance diagnostics, and session replay when you enable diagnostics cookies
  • Better Stack – server-side logging, uptime monitoring, and operational alerting
  • OpenAI – AI-powered summaries (only activity log data is sent; no personal contact details)
  • Google – Gmail and Calendar sync, Google Drive storage (only when you connect your account)
  • Microsoft – Outlook and Calendar sync, OneDrive storage (only when you connect your account)
  • Dropbox – cloud document storage (only when you connect your account)

We do not sell, rent or trade your personal data to any third party.

6. Data retention

We retain your data for as long as your account is active. After you cancel your subscription or delete your account, data is retained for a limited period before being permanently deleted. Full details are available in our Data Retention Policy.

  • Active accounts – data retained for the duration of the subscription
  • Cancelled accounts – workspace data and uploaded files retained for 60 days
  • Deleted accounts – 30-day grace period, then permanent deletion
  • Inactive free accounts – warning after 6 months, deletion after 12 months of inactivity

7. Your rights

Under the UK GDPR you have the right to:

  • Access – request a copy of the personal data we hold about you
  • Rectification – correct inaccurate or incomplete data via your account settings
  • Erasure – request deletion of your account and associated data
  • Data portability – export your data at any time from the Settings page (JSON-based structured data package, with uploaded files provided separately when present)
  • Restrict processing – ask us to limit how we use your data
  • Object – object to processing based on legitimate interests
  • Withdraw consent – change optional cookie settings at any time and disconnect third-party integrations from Settings

To exercise any of these rights, email hello@partywallportal.co.uk or use the relevant options in your account settings.

8. Cookies

Cookies are small text files stored on your device when you visit our platform. We use them to keep you signed in, secure your account, complete login and integration flows, remember your cookie preferences, and, if you consent, run analytics and diagnostics tools including session replay.

Essential cookies

These cookies are strictly necessary for the platform to function. They handle authentication, security, and temporary integration flows. They cannot be disabled from our cookie settings because the service would not work correctly without them.

  • sb-*-auth-token – Supabase session token
  • pw-trusted-device – remembers a device after successful two-factor authentication
  • pw-2fa-verified – confirms a successful two-factor authentication check for the current session
  • google_oauth_state and google_oauth_capabilities – protects the Google integration sign-in flow and remembers the requested scopes during that flow
  • ms_oauth_state and ms_oauth_capabilities – protects the Microsoft integration sign-in flow and remembers the requested scopes during that flow
  • dropbox_oauth_state – protects the Dropbox integration sign-in flow

Third-party media

With your consent, we may load embedded third-party media such as YouTube, Vimeo, and Google Maps inside the application. These providers may place cookies or use similar technologies when their content is loaded.

If you do not enable third-party media, we show a placeholder and, where possible, a direct external link instead.

Analytics

With your consent, we use PostHog to understand feature usage, product journeys, and conversion activity within the application. PostHog may use cookies or similar technologies to recognise your browser and associate events with a session.

We also use PostHog session replay when analytics is enabled so we can review how users interact with pages and flows while improving the product. We do not enable this analytics tooling until you opt in.

Diagnostics and session replay

With your consent, we use Sentry for browser-side error monitoring, performance diagnostics, and session replay when investigating faults. Sentry may use cookies or similar technologies to associate technical events with a browsing session.

This diagnostics category is separate from essential security and server-side monitoring. We do not enable browser-side Sentry monitoring or replay until you opt in.

Marketing

We do not currently run third-party advertising or remarketing tags on the application experience covered by this policy. If that changes, we will update this policy and request fresh consent before enabling any new non-essential marketing technologies.

Managing your preferences

When you first visit Party Wall Portal, a cookie banner will ask for your consent. You can change your preferences at any time by clicking “Manage Cookies” in the website footer or from the Settings page within your account. You can also delete cookies through your browser settings.

We store your cookie consent choice locally on your device so that we can remember your preference. No consent record is sent to our servers unless you separately choose to contact us about it.

9. Security

We take appropriate technical and organisational measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Encrypted storage for third-party access tokens
  • Role-based access controls within your organisation
  • Comprehensive audit logging of all data changes
  • Regular security reviews of our infrastructure and dependencies

10. International data transfers

Some of our third-party processors (Vercel, Stripe, Resend, OpenAI) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs), as required by UK data protection law.

11. Children's privacy

Party Wall Portal is a professional business tool and is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. The “last updated” date at the top of this page indicates when the policy was most recently revised.

13. Contact us

If you have questions about this privacy policy or wish to make a complaint, please contact us at hello@partywallportal.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.