Privacy Policy

1. Who we are and how to contact us

Data controller:
[Your Company Name]
[Registered Address]
Company number: [Company Registration Number]

Email: [Contact Email]

If you have any questions about this Policy or how we handle your data, please contact us using the email above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.

2. Scope of this Policy

This Policy applies to:

• Visitors to [Your Website URL]

• Users who create an account and use the Service

• Any other interactions with us (such as support enquiries)

It does not apply to third-party websites or services that you may access through our Service.

3. Personal data we collect

We may collect and process the following categories of personal data:

3.1 Data you provide directly

• Account information: name, email address, password (hashed), and any profile information you choose to provide.

• Documents and uploads: bank statements, invoices, receipts, utility bills, and other files you upload to the Service (which may contain names, addresses, transaction details, account numbers, amounts, and other personal or business information).

• Support and communication: messages you send us (for example, via email or in-app support), feedback, and survey responses.

3.2 Data collected automatically

When you use the Service, we may automatically collect:

• Usage data: pages viewed, actions performed, dates and times of access, referrer URLs.

• Device and log data: IP address, browser type and version, operating system, approximate location, error logs.

• Cookies and similar technologies: small text files stored on your device to enable core functionality, security, and (if enabled) analytics or preferences. For more details, see Section 9 (Cookies).

3.3 Special category data

We do not intentionally seek to collect special category data (such as health data, political opinions, religious beliefs) through the Service. However, your uploaded documents may incidentally contain such information.

Where this occurs, we process such data only as necessary to provide the Service you have requested and on the basis that you have chosen to upload it. Please avoid uploading any documents that contain special category data unless strictly necessary.

4. How we use your personal data and legal bases

We use your personal data for the following purposes and legal bases:

4.1 To provide and operate the Service

Legal basis: Performance of a contract; legitimate interests.

• Creating and managing your account.

• Processing and analysing documents you upload (e.g. extracting transactions, amounts, and descriptions).

• Displaying results and summaries in your dashboard.

• Providing customer support and technical assistance.

4.2 To improve and develop the Service

Legal basis: Legitimate interests.

• Monitoring usage patterns to improve functionality, performance, and user experience.

• Debugging, troubleshooting, and enhancing security.

• Developing new features and tools.

Where possible, we use aggregated or anonymised data for these purposes.

4.3 To communicate with you

Legal basis: Performance of a contract; legitimate interests; consent (for certain marketing).

• Sending service-related emails (for example, password reset, security alerts, updates to our Terms or this Policy).

• Responding to your enquiries and support requests.

• Sending optional product updates, newsletters, or offers if you have opted in. You can opt out at any time.

4.4 To comply with legal obligations

Legal basis: Legal obligation.

• Keeping appropriate records.

• Responding to lawful requests from law enforcement or regulators.

• Complying with accounting, tax, or other mandatory requirements.

4.5 For security and fraud prevention

Legal basis: Legitimate interests; legal obligation.

• Detecting and preventing abusive or unauthorised use of the Service.

• Protecting our systems, users, and business.

5. Use of AI and third-party processors

To process your documents and provide the Service, we may use third-party processors, such as:

• Cloud hosting and infrastructure providers (e.g. [Vercel] or similar)

• Database and storage providers

• AI model providers (e.g. OpenAI or similar)

• Analytics and logging services

These providers act as data processors on our behalf and may process Your Content and personal data under our instructions, subject to appropriate contracts and safeguards.

Where we use AI model providers:

• Your documents or extracted text may be sent securely to the provider to generate outputs.

• We configure such services so that your data is not used to train or improve their models for other customers, where this is technically and contractually supported.

• Further details can be provided on request.

6. International transfers

Your personal data may be transferred to and processed in countries outside the UK (for example, within the EEA or the United States) where some of our service providers are located.

When we transfer personal data outside the UK, we take steps to ensure that an adequate level of protection is in place, for example by:

• Transferring to countries that the UK government has decided provide an adequate level of data protection; or

• Using appropriate safeguards such as Standard Contractual Clauses or other approved mechanisms.

You can contact us at [Contact Email] for more information on the safeguards we use.

7. How long we keep your data

We keep personal data only for as long as necessary to fulfil the purposes described in this Policy or to comply with legal, accounting, or reporting requirements.

In general:

• Account data is kept while your account is active and for a reasonable period afterwards (for example, up to [X] years) to handle queries, disputes, or legal obligations.

• Uploaded documents and derived data may be retained while your account is active. You may be able to delete specific documents from within the Service, and we may also delete documents after a defined retention period or when you request account deletion.

• Log and security data may be retained for shorter periods (for example, [X–Y] months) unless required for investigation or legal reasons.

We may anonymise data so that it can no longer be linked to you, in which case we may use that data indefinitely without further notice.

8. How we protect your data

We take appropriate technical and organisational measures to protect personal data, including:

• Encryption in transit (e.g. HTTPS/TLS).

• Access controls and authentication.

• Regular updates and security monitoring.

• Limiting access to personal data to staff and processors who need it.

However, no system is completely secure and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

9. Cookies and similar technologies

We use cookies and similar technologies to:

• Enable essential site functionality (e.g. session management, security).

• Remember your preferences.

• (Optionally) collect analytics on how the Service is used, to help us improve it.

Where required by law, we will ask for your consent before setting non-essential cookies (such as analytics or marketing cookies). You can:

• Manage your cookie preferences via our cookie banner or settings; and

• Adjust your browser settings to block or delete cookies (although this may affect the functionality of the Service).

We may update more detailed information about the specific cookies we use from time to time.

10. Your rights under data protection law

Under UK data protection law, you have the following rights (subject to certain conditions and exemptions):

• Right of access: to obtain a copy of your personal data and information about how it is processed.

• Right to rectification: to correct inaccurate or incomplete personal data.

• Right to erasure (“right to be forgotten”): to request deletion of your personal data in certain circumstances.

• Right to restrict processing: to ask us to restrict the processing of your data in certain cases.

• Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format and to request that we transfer it to another controller where technically feasible.

• Right to object: to object to processing based on our legitimate interests or for direct marketing.

• Right to withdraw consent: where we rely on consent (for example, for marketing), you can withdraw it at any time.

To exercise these rights, please contact us at [Contact Email]. We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your personal data. The ICO’s website is available online and provides contact details.

11. Children

The Service is not intended for use by children under 18, and we do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top and, where appropriate, notify you by email or via the Service.

We encourage you to review this Policy periodically to stay informed about how we handle your data.

13. Contact

If you have any questions, concerns, or requests about this Privacy Policy or your personal data, please contact us at:

[Contact Email]
[Your Company Name]
[Registered Address]