Privacy Policy

1. Introduction

Interval Solution Pte. Ltd. (“we”, “our”, “us”) operates ValuLens, an AI-powered property valuation compliance analysis platform available at www.valulens.com.

Interval Solution Pte. Ltd. is a company registered in Singapore. This privacy policy explains how we collect, use, store, and protect your personal data when you use our service, in compliance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), and the Data Protection Act 2018.

By accessing or using ValuLens, you acknowledge that you have read and understood this privacy policy. If you do not agree with our practices, please do not use the service.

2. Data Controller

The data controller responsible for your personal data is Interval Solution Pte. Ltd. For any questions or concerns regarding this policy or our data processing practices, you may contact us at info@interval-soft.com.

3. Information We Collect

We collect and process the following categories of personal data:

• Account data. When you create an account, we collect your email address (via magic link authentication), name, job title, and organisation details. No passwords are stored.
• Uploaded documents. You may upload Terms of Engagement, valuation reports, and related professional documents for compliance analysis. These documents may contain personal data relating to you, your clients, or third parties.
• Usage data. We automatically collect information about how you interact with the service, including pages visited, features used, job history, timestamps, and device information (browser type, IP address).
• Payment data. Payment processing is handled entirely by Stripe. We do not store, process, or have access to your full credit or debit card details. We retain only a reference to your Stripe customer ID and transaction history for billing purposes.

4. How We Use Your Data

We process your personal data on the following legal bases under the UK GDPR and EU GDPR:

• Contract performance (Article 6(1)(b)). Processing is necessary to provide the compliance analysis service you have requested, including document analysis, report generation, and account management.
• Legitimate interests (Article 6(1)(f)). We process certain data for our legitimate business interests, including service improvement, security monitoring, fraud prevention, and usage analytics. We ensure these interests do not override your fundamental rights and freedoms.
• Consent (Article 6(1)(a)). Where we send marketing communications, we do so only with your explicit consent. You may withdraw consent at any time.

Specifically, we use your data to:

• Provide and operate the compliance analysis service
• Generate compliance reports, scores, and recommendations
• Send transactional emails (job completion notifications, account invitations, authentication links)
• Process payments and manage your credit balance
• Improve the accuracy and reliability of our analysis
• Maintain the security and integrity of the platform

5. AI Processing

ValuLens uses artificial intelligence to analyse your uploaded documents against professional valuation standards (including RICS Red Book, IVS, UK National Supplement, and related guidance). You should be aware of the following:

• Documents are processed by large language models (including Claude by Anthropic and DeepSeek) via the OpenRouter API. Document content is transmitted to these AI providers solely for the purpose of performing compliance analysis.
• We do not use your documents to train AI models. Your uploaded content is not used for model training, fine-tuning, or any purpose other than generating your compliance analysis.
• AI outputs consist solely of compliance scores, recommendations, and structured assessments against professional standards. The AI does not make valuation decisions or provide valuation advice.
• AI processing constitutes automated decision-making under Article 22 of the UK GDPR and EU GDPR. However, compliance scores are advisory in nature and do not produce legal effects. You retain full professional responsibility for all valuation decisions.

6. Data Sharing

We share your personal data with the following categories of third-party service providers, each of whom processes data on our behalf and subject to appropriate data processing agreements:

• Supabase — Database hosting, authentication, and file storage (EU region).
• OpenRouter, Anthropic, and DeepSeek — AI processing of uploaded documents for compliance analysis.
• Stripe — Payment processing, billing, and invoicing.
• Resend — Transactional email delivery (authentication links, job notifications, organisation invitations).
• Vercel — Application hosting and content delivery.
• Google Maps Platform — Geocoding and property location services (when Property Intelligence is enabled by the user).

We do not sell your personal data to any third party. We do not share your data with third parties for their own marketing purposes.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

• Uploaded documents and compliance reports are retained in accordance with the retention settings configured by your organisation administrator. Default retention periods are configurable, and automated cleanup processes remove data beyond the configured period.
• Account data is retained for as long as your account remains active. Upon account deletion, your personal data will be removed within 30 days, except where retention is required by law.
• Payment records are retained for a minimum of 6 years in accordance with UK financial record-keeping obligations.
• Audit logs are retained for security and compliance purposes and may include anonymised usage data.

You may request deletion of your data at any time by contacting info@interval-soft.com.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

• All data is encrypted in transit using TLS 1.2 or higher, and at rest using AES-256 encryption.
• Row-level security (RLS) is enforced on all database tables, ensuring users can only access data belonging to their organisation.
• Authentication is performed via magic link (passwordless), eliminating the risk of password-related breaches. No passwords are stored.
• Security headers (Content Security Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) are enforced on all responses.
• We conduct regular security reviews of our infrastructure, dependencies, and access controls.

9. Your Rights Under the UK & EU GDPR

Under the UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

• Right of access — You have the right to request a copy of the personal data we hold about you.
• Right to rectification — You have the right to request correction of inaccurate or incomplete personal data.
• Right to erasure (“right to be forgotten”) — You have the right to request deletion of your personal data, subject to legal retention obligations.
• Right to restriction of processing — You have the right to request that we limit our processing of your personal data in certain circumstances.
• Right to data portability — You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object — You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making — You have the right not to be subject to decisions based solely on automated processing that produce legal effects. Our AI-generated compliance scores are advisory and do not produce legal effects.

To exercise any of these rights, please contact us at info@interval-soft.com. We will respond to your request within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority:

• UK residents: Information Commissioner's Office (ICO) — ico.org.uk / 0303 123 1113
• EU residents: Your national Data Protection Authority (DPA). A full list is available at edpb.europa.eu

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area, including the United States (Vercel hosting, iad1 region) and the European Union (Supabase database hosting).

Where personal data is transferred internationally, we ensure appropriate safeguards are in place in accordance with Chapter V of the UK GDPR and Chapter V of the EU GDPR, including:

• Standard Contractual Clauses (SCCs) approved by the ICO
• UK adequacy decisions where applicable
• Data processing agreements with all sub-processors

11. Cookies

ValuLens uses a minimal number of cookies, strictly necessary for the operation of the service:

• Authentication cookies — Essential cookies used to maintain your login session and authenticate requests. These are strictly necessary and do not require consent.
• Session management cookies — Used to remember your active organisation and preferences within the application.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not participate in any advertising networks or cross-site tracking.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice on the service prior to the change becoming effective.

We encourage you to review this policy periodically. Your continued use of ValuLens after any changes constitutes acceptance of the updated policy.

13. Contact

If you have any questions, concerns, or requests regarding this privacy policy or our handling of your personal data, please contact us:

• Email: info@interval-soft.com
• Company: Interval Solution Pte. Ltd.
• 68 Circular Road, #02-01, 049422, Singapore