Privacy Policy

This Privacy Policy explains how The Private Market Club ("the Club", "we", "us") collects, uses, stores, and protects your personal data when you visit our website, apply for membership, or become a member. We take your privacy seriously — discretion is fundamental to how the Club operates.

This policy is written in plain English. If anything is unclear, please contact us directly.

1. What data we collect

We collect personal data in the following ways:

When you apply for membership:

• Name, email address, phone number, and location
• Financial position, funding source, and property search brief
• How you heard about the Club (optional)
• IP address and browser information (automatically collected)

When you become a member:

• Login credentials (email and encrypted password)
• Documents uploaded to your vault (proof of funds, AIP, etc.)
• Properties you have registered interest in
• Communications between you and the Club
• Payment information (processed by Stripe — we do not store card details)

When you visit our website:

• Page views and session data via Plausible Analytics (privacy-friendly, no personal identifiers stored)

2. How we use your data

We use your personal data to:

• Assess and process your membership application
• Manage your membership account and access to the members' area
• Match your property brief with relevant instructions and make introductions
• Send you weekly property drops and host communications
• Process membership payments and renewals
• Comply with legal obligations
• Improve the Club's service and website

We do not use your data for marketing to third parties. We do not sell your data. We do not share your identity with agents or vendors without your explicit consent in the context of a specific property introduction.

3. Legal basis for processing

We process your personal data on the following legal bases under UK GDPR:

• Contract performance — to manage your membership and deliver the Club's services
• Legitimate interests — to operate and improve the Club, prevent fraud, and maintain security
• Legal obligation — to comply with applicable laws
• Consent — where you have explicitly agreed, such as optional communications

4. How we store your data

Your data is stored securely using Supabase, a cloud database provider. Data is held on servers within the European Economic Area. Supabase applies industry-standard encryption at rest and in transit.

Documents uploaded to your vault are stored in Supabase's encrypted object storage. Only you and the Club host can access your uploaded documents.

Membership passwords are hashed using bcrypt and are never stored or visible in plain text.

5. Who we share your data with

We share your personal data only with the following third-party services, and only to the extent necessary:

• Stripe — payment processing. Stripe is PCI-DSS compliant. We do not receive or store your card details.
• Resend — transactional email delivery (membership communications, welcome emails, drops)
• Supabase — secure database and file storage
• Plausible Analytics — anonymous website analytics. No personal data is collected or stored by Plausible.

We do not share your identity, contact details, or financial information with any agent or vendor without your prior knowledge and consent in the context of a specific, agreed introduction.

6. How long we retain your data

• Application data — retained for 2 years from the date of application
• Membership data — retained for the duration of membership plus 5 years following termination
• Transaction records — retained for 7 years to comply with financial record-keeping obligations
• Uploaded documents — retained for the duration of membership and deleted within 90 days of termination on request

7. Your rights

Under UK GDPR, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — request deletion of your data, subject to legal obligations
• Restriction — ask us to limit how we process your data in certain circumstances
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please write to enquiries@privatemarketclub.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We take the security of your personal data seriously. We use HTTPS encryption on all pages, encrypted database storage, hashed passwords, and access controls to protect your information. Only the Club host has administrative access to member data.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by law.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify members of material changes by email. The current version will always be available at privatemarketclub.com/privacy.html.

10. Contact

For any privacy-related queries, to exercise your rights, or to make a complaint, please contact: enquiries@privatemarketclub.com