Privacy Policy
Last updated: 29 March 2026
1. Who we are
Wayline is a trading name of Isomer Holdings Limited (company number 16358058), registered at 20 Wenlock Road, London, N1 7GU ("Wayline", "we", "us", or "our").
Wayline operates a software-as-a-service platform that digitises the telecoms wayleave (building access agreement) process for UK commercial and residential multi-tenanted buildings, acting as the interface between building landlords/managing agents and telecommunications operators.
We are the data controller for personal data processed through the Wayline platform. For privacy enquiries, please contact us at privacy@wayline.uk.
2. Data we collect and why
We collect and process the following categories of personal data:
Account and identity data
When you register, we collect your name, email address, phone number, and job title. For organisations, we collect the company name and type (freeholder, managing agent, or telecoms operator). This data is necessary to create and manage your account.
Building information
Landlords and managing agents provide building addresses, Land Registry title numbers, UPRN (Unique Property Reference Numbers), and details about building ownership. This information is necessary to process wayleave requests.
Wayleave request data
When a telecoms operator submits a wayleave request, we process details of the proposed installation (type of equipment, areas required, technical description), any accompanying Risk Assessment and Method Statement (RAMS) documents, and the negotiated terms of the resulting agreement. This includes messages exchanged between the parties on our platform.
Electronic signatures
When agreements are executed, we process the names and email addresses of the signatories, along with the date, time, and IP address of signing. Executed agreement PDFs are stored on our platform.
Payment information
Payment processing is handled by Stripe. We do not store card numbers or full payment details. We store transaction references, amounts, and payment status in our own database to track subscription and processing fee payments. For landlords receiving wayleave processing fees, we collect information necessary to set up a Stripe Connect account, which may include business registration details.
Insurance documents
Telecoms operators are required to provide evidence of public liability and employer's liability insurance. We store the insurer name, policy number, coverage amount, policy dates, and a copy of each insurance certificate PDF.
Usage and technical data
We maintain an audit log of actions taken within the platform (for example, when a request is submitted, reviewed, or signed) for security, compliance, and dispute resolution purposes. This log records the user ID, action type, and timestamp.
3. Third-party processors
We use the following sub-processors to deliver the Wayline service. Each processor has been selected for their data protection standards and, where applicable, operates under data processing agreements with us.
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database hosting, user authentication, and file storage | EU (AWS Frankfurt) |
| Stripe | Payment processing and Stripe Connect accounts for fee disbursement | EU / USA |
| DocuSeal | Electronic signature collection for wayleave agreements | EU |
| Resend | Transactional email delivery (notifications, invitations) | EU / USA |
| Anthropic | AI review of RAMS documents (text extracted from PDFs is sent to the API) | USA |
| Ideal Postcodes | UK address lookup and postcode validation | UK |
| Vercel | Application hosting and serverless function execution | EU / USA |
Where processors are based outside the UK or EEA (Anthropic, Resend, Vercel, Stripe), we rely on Standard Contractual Clauses or equivalent transfer mechanisms to ensure adequate protection.
Personal data shared with Anthropic for RAMS review is limited to the extracted text content of uploaded documents and is not used to train Anthropic's models under our commercial agreement.
4. Lawful basis for processing
We rely on the following lawful bases under UK GDPR:
- Performance of a contract — processing necessary to provide the Wayline platform service, including account management, wayleave request processing, agreement generation, and payment handling.
- Legitimate interests — platform security and fraud prevention, audit logging, system performance monitoring, and notifying users of relevant activity on the platform. We have balanced these interests against your rights and do not consider them to override your interests or fundamental rights.
- Legal obligation — retaining financial records as required by applicable law.
- Consent — where you have opted in to marketing communications (we do not currently send marketing emails). You may withdraw consent at any time.
5. Data retention
We retain personal data for the following periods:
- Executed wayleave agreements — for the duration of the agreement plus 6 years, to comply with limitation periods for contractual claims.
- Declined or withdrawn requests — 2 years from the date of decline/withdrawal.
- Account data — for as long as your account remains active, plus 2 years after account closure, unless a longer period is required for legal compliance.
- Payment records — 7 years, as required by HMRC record-keeping obligations.
- Insurance documents — for the life of any active agreement to which the policy relates, plus 2 years.
- Audit logs — 3 years from the date of the recorded action.
Where data is no longer required, it is deleted or anonymised. We apply soft deletes for operational records and hard delete personal data upon expiry of the applicable retention period.
6. Your rights
Under UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at privacy@wayline.uk.
- Right of access — you may request a copy of the personal data we hold about you.
- Right to rectification — you may ask us to correct inaccurate personal data.
- Right to erasure — you may ask us to delete your personal data where there is no compelling reason for its continued processing. This right is subject to legal retention obligations (for example, executed agreements and financial records).
- Right to data portability — you may request a machine-readable export of personal data you have provided to us.
- Right to restriction — you may ask us to restrict processing of your data in certain circumstances.
- Right to object — you may object to processing based on legitimate interests. We will comply unless we can demonstrate compelling legitimate grounds.
We will respond to rights requests within one calendar month. If you are unhappy with how we handle your data or a rights request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
7. Cookies
Wayline uses functional cookies only. We do not use tracking, analytics, or advertising cookies.
The only cookie we set is the Supabase authentication session cookie, which is strictly necessary to keep you logged in while you use the platform. This cookie is set when you sign in and expires when your session ends or you sign out.
Because we only use strictly necessary cookies, we are not required to obtain your consent under the UK PECR regulations. However, we display an informational notice explaining this.
8. Contact and complaints
For any questions about this privacy policy or how we handle your personal data, please contact our data protection contact:
Isomer Holdings Limited (trading as Wayline)20 Wenlock Road
London, N1 7GU
Email: privacy@wayline.uk
If you are not satisfied with our response, you may complain to the Information Commissioner's Office (ICO) at ico.org.uk.