Back to Bakuhub
BakuHub logo
Last updated: 9 January 2026

Privacy Policy

We believe you should handle your data with the same care you handle your taxes. Here is a clear breakdown of what we collect, why we need it, and your powerful rights under GDPR.

1. Who we are

Data Controller:
Bakuhub Ltd
[Registered Address]
Company number: [Company Registration Number]

Contact: David.Tse@bakuhub.com

We are registered with the Information Commissioner’s Office (ICO).

2. Data we collect

2.1 Data you provide directly
  • Account information: Name, email, hashed password.
  • Financial Documents: Bank statements, invoices, receipts (which may contain personal transaction details).
  • Support: Messages you send to our help desk.
2.2 Automated Collection
  • Usage Data: Pages visited, features used.
  • Device Data: IP address, browser type (for security).
  • Cookies: Essential login cookies and optional analytics.

3. How we use your data

  • To provide the Service: Processing documents, extracting data, and generating reports (Performance of Contract).
  • To improve the Service: Debugging errors and optimizing performance (Legitimate Interest).
  • Communication: Sending password resets and critical updates (Performance of Contract).
  • Legal Compliance: Keeping records for tax authorities where required (Legal Obligation).

4. AI & Third-Party Processors

We use third-party processors to run our infrastructure. We have Data Processing Agreements (DPAs) with all vendors to ensure GDPR compliance.

Key Processors:
  • Infrastructure: Vercel (Hosting), Supabase/PostgreSQL (Database).
  • AI Analysis: OpenAI (or similar) – configured with Zero Data Retention policies where available, meaning they do not use your data for model training.

5. Data Retention

Account Data: Kept while active. Deleted 30 days after account closure.

Documents: Retained while your account is active to provide historical tax reports. You can manually delete any document instantly.

Backups: Encrypted backups may retain data for up to 30 days for disaster recovery before being overwritten.

6. Your Rights

You are in control. Under UK GDPR, you have specific rights over your data.

Right to Access

Ask us what data we have about you and get a copy.

Right to Delete

Request that we permanently delete your data.

Right to Rectify

Update incorrect or incomplete information.

Right to Portability

Download your data in a readable format.

To exercise any of these rights, simply email us at [Contact Email]. We respond to all requests within 30 days.

7. Contact Us

If you have questions about this policy or want to exercise your rights, please contact our Data Protection Officer:

[Your Company Name]

Email: [Contact Email]

Address: [Registered Address]

You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have mishandled your data.

Have a privacy concern?

Our Data Protection Officer is ready to help with any requests.

Contact DPO