Last updated: 11 March 2026
This privacy notice explains how Level2 Software Ltd collects, uses, stores, and shares personal information when you use the Level² website, web application, mobile application, and related services.
Level2 Software Ltd
71-75 Shelton Street
Covent Garden, London
WC2H 9JQ
United Kingdom
We collect and use certain personal information to provide the Level² service, manage customer accounts, process payments, keep the platform secure, comply with legal obligations, and respond to support requests.
Depending on how you use the Services, this may include names, contact details, addresses, account information, purchase or subscription history, payment-related information, photographs or video recordings, correspondence, IP addresses, security logs, and financial transaction information.
We also process property survey data entered into the platform, including notes, report content, images, and property information uploaded by users. Where Level² stores information contained within survey reports on behalf of a user, the surveyor or customer using the platform is generally the data controller for that information and Level² acts as a data processor on their behalf.
We collect or use the following information to provide services and goods, including delivery:
Names and contact details, addresses, purchase or account history, payment details including card or bank information for transfers and direct debits, account information, photographs or video recordings, and property survey data including notes, report content, and property information entered by users.
We collect or use the following information for the operation of customer accounts and guarantees:
Names and contact details, payment details, purchase history, account information including registration details, and information used for security purposes.
Payment card information is processed by our payment provider Stripe. Level² does not store full card details.
We may collect or use names and contact information, customer or client account records, financial transaction information, security logs, and IP addresses to prevent, detect, investigate, or prosecute crime, to protect our platform from misuse, and to comply with legal requirements.
We may also collect or use names, contact information, financial transaction information, and any other personal information required to comply with legal obligations that apply to us.
When dealing with queries, complaints, or claims, we may collect or use names and contact details, account information, purchase or service history, customer or client records, financial transaction information, and correspondence.
Under UK data protection law, we must have a lawful basis for collecting and using personal information. Depending on the context, we rely on one or more of the following lawful bases:
Contract, where we need to process your information to provide the Services, manage your account, or carry out our agreement with you.
Legal obligation, where we need to process your information to comply with legal or regulatory duties.
Legitimate interests, where processing is necessary for our legitimate interests or those of a third party and those interests are not overridden by your rights and freedoms.
In particular, we rely on legitimate interests to operate, maintain, monitor, support, and improve the Level² platform, to keep accounts and data secure, to prevent fraud and unauthorised access, to investigate misuse, to maintain service reliability, and to respond to support requests, complaints, and disputes. In each case, we aim to process only the minimum personal information necessary and apply appropriate technical and organisational safeguards.
Depending on the circumstances, you may have the right to ask for access to your personal information, request correction of inaccurate information, request deletion, ask us to restrict processing, object to processing, request data portability, and withdraw consent where consent is the lawful basis relied on.
If you make a data protection request, we must respond without undue delay and in any event within one month, subject to any lawful extension or exemption.
To make a request, please contact us using the contact details set out above.
We get personal information directly from you and, where relevant, from suppliers and service providers that help us operate the Level² platform.
We retain personal information only for as long as necessary to provide the Level² service and fulfil the purposes described in this privacy notice.
Account information is retained while your account remains active. If an account is closed, we may retain the associated data for up to 30 days to allow account recovery or reactivation.
After that period, account data and associated survey information may be deleted or anonymised from our live systems, typically within 90 days of account closure, unless we need to retain limited information for legal, accounting, fraud prevention, dispute resolution, or security purposes.
Survey reports and related files are stored until they are deleted by the user or the account is closed, subject to the retention periods described above.
Technical logs and security records may be retained for a limited period to maintain system security, investigate potential misuse, and protect the integrity of the platform.
Financial and billing records may be retained for up to 6 years to comply with UK tax and accounting requirements.
Copies of information stored in system backups may remain for a limited additional period until those backups are automatically overwritten in the normal course of business.
We share personal information with trusted third-party service providers where necessary to operate and support the Level² platform. These organisations act as our data processors and process personal data on our behalf under contractual safeguards.
These providers may include cloud hosting and infrastructure services used to run the application, cloud storage providers used to store files uploaded by users such as photographs or voice notes associated with survey reports, payment processing services used to handle subscription billing, and email delivery providers used to send account-related communications.
We may also share personal information with regulatory authorities, law enforcement, or other organisations where we are legally required to do so.
Some of the service providers we use may process personal information outside the United Kingdom. When this happens, we ensure that appropriate safeguards are in place in accordance with UK data protection law.
These safeguards may include the UK Addendum to the EU Standard Contractual Clauses or other approved international data transfer mechanisms.
At the time of writing, relevant providers that may process personal information outside the UK include:
Stripe, Inc. – payment processing provider (United States)
Amazon Web Services (AWS) – cloud hosting and storage provider (United States and other regions depending on infrastructure configuration)
Resend, Inc. – email delivery provider (United States)
If you would like more information about international transfers or the safeguards used, please contact us using the contact details above.
If you have any concerns about how we use your personal data, please contact us first using the details at the top of this notice.
If you remain unhappy after contacting us, you can also complain to the Information Commissioner’s Office.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
