Web Scraping & Data Collection Policy

1. Public-register ingestion

What we use

We mirror the following public UK registers:

• HMRC Anti-Money Laundering Supervised Business Register — the primary registration list HMRC publishes by name and town
• The Property Ombudsman (TPO) — published member directory
• Property Redress Scheme (PRS) — published member directory
• Propertymark (NAEA / ARLA / NAVA / ICBA) — published member directory
• Safeagent — published member directory
• Guild of Property Professionals — published member directory
• Information Commissioner’s Office (ICO) — published register of data controllers
• Companies House — published company information and director records
• Scottish Letting Register — published register of registered letting agents in Scotland
• UKALA — published member directory
• Rent Smart Wales — published register of licensed agents and landlords in Wales (holder name only)
• HMRC defaulters / penalty pages — the published list of AML enforcement penalties

These registers exist precisely so that the public can verify a firm’s regulatory standing. We mirror what they publish and we keep our copy in sync as they update.

Company-director and enrichment data

For incorporated firms we also hold the director information that Companies House publishes — names, roles, appointment and resignation dates, nationality, and stated occupation. Where a firm’s record is sparse we enrich it from Google Places (public business-listing details such as phone number and location) and from the firm’s own public website. We may use a director’s or principal’s name to address our outreach to the firm. We treat this as the personal data it is, and the opt-out and removal rights in sections 3 and 5 apply.

What we do not collect

• Anything behind a login or paywall on any of these registers
• Personal data about individuals beyond what these public sources already publish
• Internal regulatory correspondence or non-public regulator data

2. Agent website scanning

What we scan

We scan the public-facing pages of agent websites — typically the homepage, fees page, complaints page, terms / privacy pages, and any landing or property pages we find linked — to assess whether certain regulated disclosures are present. This includes:

• Tariff of charges (Tenant Fees Act 2019 schedule)
• Redress scheme membership (TPO or PRS, with member ID)
• Client money protection (CMP) scheme name and membership number
• Complaints procedure (with TPO/PRS escalation route)
• Material information on property listings (Digital Markets, Competition & Consumers Act 2024 — the earlier NTSELAT guidance was withdrawn in May 2025)
• Privacy notice and cookie banner
• Terms of business

What we do not scan

We do not access password-protected areas, staff portals, booking systems, CRM data, lettings dashboards, or any part of an agent website that is not freely accessible to any member of the public visiting the site. We do not attempt to log in to any system, and we do not collect data about the agency’s own customers, tenants, landlords, or properties.

We do store the public text and HTML of the pages we scan, so the agent can verify exactly what we relied on; and where a firm publishes staff or general contact email addresses on its public site, we may record those business addresses to contact the firm. If a public page happens to contain a staff name or bio, it is captured as part of that stored page content. We treat any such personal data under this policy, and the removal rights in section 5 apply to it.

How it works

Our scanner visits the publicly accessible pages of an agent website in the same way a search engine, a Trading Standards inspector, or a prospective customer would. We read the text content of each page, store the exact text we relied on (so the agent can verify what we quoted), and use AI to classify whether each disclosure appears to be present, with a confidence level.

How we behave

• We respect robots.txt directives
• We use reasonable request rates and do not overload agent servers
• Our scanner identifies itself via its user-agent string
• We do not store any login or session cookies

Legal basis

The information we assess is publicly published on the open internet. There is no expectation of privacy for content a firm has chosen to make available to any visitor. Our scanning activity is functionally identical to what a search engine crawler, an HMRC compliance inspector, or a prospective customer does when visiting an agent website.

3. Cold outreach to public-register entries

Why and how

We email firms whose contact details are public on HMRC’s AML supervised business register, the redress schemes, or the firm’s own website footer, to introduce AgentGuard and offer a free scan. Outreach is sent to the firm’s general business email address — taken from the public registers or the firm’s own website footer — not to private personal inboxes.

The legal basis is legitimate interests — introducing a relevant compliance product to a firm whose regulatory obligations are a matter of public record. The interest is balanced against the firm’s right to opt out, which we make easy:

• One-click unsubscribe link in every outreach email
• Email legal@everyguard.uk with the subject “Remove” for permanent suppression

Once a firm opts out we suppress them at the address level and do not re-contact them.

4. Free public scan

Anyone can run a free scan on any UK agent website. The scan output is held in a short-lived preview record. The agent firm can claim the scan via a magic-link email; if no claim is made within 30 days, the preview expires and the data is deleted. Free-scan data is not used for outreach beyond the initial delivery email.

5. How agents can opt out or correct data

Any agent firm can request that we:

• Stop scanning their website
• Remove their entry from our prospect database
• Correct any specific data we hold about them
• Suppress their address from all outreach

Email legal@everyguard.uk with the subject “Data removal request” and we will action within 5 working days. We do not retain data about firms that have opted out beyond the suppression record itself.

6. Our commitments

Transparency. We are open about what data we collect, how we collect it, and what we use it for. This page exists because we believe the firms we engage with deserve to understand our methods.

Proportionality. We collect only what is necessary for the services we provide. We do not harvest data speculatively or collect information beyond the scope of compliance assessment and prospect outreach.

Accuracy. We use AI to assess website disclosures, and AI can make mistakes. Every scan finding includes a confidence level and a quote of the text we relied on. We encourage agents to review their reports and contact us if they believe any finding is incorrect. We will re-check and correct any errors promptly.

Respect. If a firm asks us to stop scanning their website or remove their data, we do so without question.

Security. Prospect and scan data is stored in an encrypted database hosted on AWS infrastructure in the UK (London region, eu-west-2). Access is restricted to authorised personnel. We do not sell individual firm data, and we never share it with advertisers or for cross-site tracking. We do use a small number of sub-processors to operate the service (for example cloud hosting and AI classification of the pages we scan) — these are listed in our Privacy Policy. Aggregate, anonymised statistics may be used in published research, but no individual firm is identifiable without their consent.

7. Contact

If you have questions about our data-collection practices, or if you would like to request removal of your firm’s data, contact us at legal@everyguard.uk.