Privacy Policy

FuturePlai Ltd (company no. 15037059) trading as “Lessr”, of 86–90 Paul Street, London EC2A 4NE, United Kingdom, is committed to protecting your privacy. This notice explains how we collect, use, share and look after your personal data when you use our mobile application, web application, APIs, firmware‑enabled sensors (together the “Services”) or otherwise interact with us.

​​

​

1. Who is responsible for your data?

​

1.1 Controller. Lessr is the “controller” of the personal data described in this notice under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”).

​

1.2 EU Representative (if applicable). Where we offer Services to individuals in the European Economic Area we have appointed a representative under Art 27 EU GDPR. Contact details are available on request.

​

1.3 Data Protection Officer. Email privacy@lessr.app or write to the address above.

​​

​

2. Who does this notice cover?

​

It applies to:

• users who register an account on the Lessr mobile or web application;

• visitors to our website (https://lessr.app);

• business contacts at customer, supplier or partner organisations; and

• anyone who communicates with us by email, phone or social media.

​​

​

3. The data we collect

​​​​

• Account data: 

  • Examples: name, business email, password, organisation, role​

  • Source: You /  employer

• Device data:​

  • Examples: OS version, browser type, time-zone​

  • Source: Your device

• Telemetry:​

  • Examples: sensor serial number, energy‑consumption readings, timestamp, location label​

  • Source: Lessr sensors

• Usage logs:​

  • Examples: login time, feature clicks, support tickets, crash reports, IP address​

  • Source: Automatic - your interaction with Lessr products and services

• Marketing preferences:​

  • Examples: newsletter opt‑in/out, event registration​

  • Source: You

• Payment references:​

  • Examples: subscription id, amount paid, last four digits of card​

  • Source: Payment provider

​

We do not intentionally collect special‑category data (Article 9 UK GDPR) or children’s data (<16 years). Please avoid entering such data in free‑text fields.

​

​

4. Why we use your data

​​

• Create and administer your account; provide the Services

• Monitor uptime, debug issues, improve features

• Send service notifications (e.g. maintenance, security alerts)

• Process payments and renewals

• Direct marketing of similar Lessr products to existing business users

• Other electronic marketing where you have opted in

• Comply with legal duties (tax, fraud prevention, regulatory requests)

​

Where we rely on legitimate interests we have performed a balancing test to ensure your interests and fundamental rights are not overridden.

​

​

5. Cookies & similar technologies

​

We use:

• Essential cookies – required for secure log‑in and fraud prevention;

• Analytics cookies – help us understand usage patterns; and

• Functional cookies – remember your preferences.

​

We seek consent for non‑essential cookies via our banner. You can change settings at any time in the cookie‑preference centre. For more detailed information on cookies please view our Cookie Policy here.

​

​

6. Sharing your data

​

We only share personal data as necessary:

• Service providers – secure cloud hosting, email deliverability, customer‑support software, payment processors;

• Professional advisers – lawyers, auditors and insurers under confidentiality duties;

• Regulators, courts and law‑enforcement – where we are legally required to do so;

• Business transfers – if we merge, acquire or sell assets (in which case the successor must honour this notice).

​

All providers are subject to data‑processing agreements that meet Art 28 UK GDPR requirements.

​

​

7. International transfers

​

Your data is stored on servers located in the United Kingdom or European Economic Area. Where we (or our processors) need to transfer data outside the UK/EEA we will ensure an adequacy decision applies or we use the International Data Transfer Addendum (IDTA) or Standard Contractual Clauses (SCCs) with supplementary safeguards.

​

​

8. How long we keep your data

​

We retain personal data for as long as it is necessary to fulfil the purposes described in this notice. Unless the law requires deletion or you successfully exercise your rights (see Clause 9), we will normally:

• store operational and telemetry data in an obfuscated or pseudonymised form indefinitely for analytics, benchmarking and service‑improvement; and

• keep identifiable data only for so long as it is needed for active accounts, statutory record‑keeping or legitimate business purposes.

​

If deletion is required by law or specifically requested we will, where feasible, irreversibly obfuscate (e.g. hash or aggregate) the data so it is no longer attributable to you, rather than permanently erase system records, except where true deletion is mandated.

​

The only exception to the above is telemetry debug logs, these may contain IP addresses and MAC addresses. These logs are erased after 30 days.

​

​

9. Your rights

​

You have rights under UK GDPR, including:

1. Access – obtain a copy of your data;

2. Rectification – correct inaccuracies;

3. Erasure / Obfuscation – request deletion or de‑identification in certain circumstances;

4. Restriction – suspend processing;

5. Portability – machine‑readable copy to another provider;

6. Objection – to processing based on legitimate interests or direct marketing;

7. Withdraw consent – at any time where processing relies on consent; and

8. Human review – of significant automated decisions.

​

To exercise any right, email privacy@lessr.app. We will respond within one month (extendable by two months for complex requests).

​

You may complain to the Information Commissioner’s Office (ICO) at https://ico.org.uk or, if you are in the EEA, your local supervisory authority.

​

​

10. Security measures

​

We apply technical and organisational measures such as encryption in transit and at rest, role‑based access controls, multi‑factor authentication, continuous vulnerability scanning and documented incident‑response procedures. Despite these controls, no Internet transmission is completely secure; please protect your credentials and notify us of any suspected misuse.

​

​

11. Children

​

The Services are directed at business users. We do not knowingly collect personal data from anyone under 16 years. If you believe we have data about a child, contact privacy@lessr.app and we will delete or obfuscate it.

​

​

12. Changes to this notice

​

We may update this notice to reflect changes in law or our practices. We will post the revised version here with a new “Last updated” date and notify users of material changes in‑app or by email. 

​

​

13. Contact & complaints

​

Questions, requests or complaints?

• Email: privacy@lessr.app

• Post: Data Protection Officer, FuturePlai Ltd, 86–90 Paul Street, London EC2A 4NE, United Kingdom.

​

If you are unhappy with our response you have the right to lodge a complaint with the ICO or another supervisory authority as set out above.