Privacy Policy

Data controller: [Insert legal entity name]

Registered address: [Insert registered office address]

Contact: [Insert privacy contact email]

• Account data (name, email, login metadata, role assignments).
• Business profile and settings (identity, sender details, branding).
• Operational receivables data (clients, invoices, payments, collection notes, reminders).
• Team and invitation data (members, invitation state, acceptance events).
• Support communications and platform-admin support notes where applicable.
• Technical logs and security events (IP/device metadata, authentication and activity logs).

Where enabled, AI and OCR generate draft suggestions and extracted candidates for user review. Automated outputs are not treated as final financial truth without explicit confirmation.

OCR source documents use private storage controls where applicable.

• Service delivery and security (contract / legitimate interests).
• Core receivables workflows and support (contract / legitimate interests).
• Transactional and service notices (contract / legitimate interests).
• Reliability, abuse prevention, and improvement (legitimate interests).
• Legal obligations where required.

We aim to minimise non-essential tracking on the public website. Essential technical storage may apply for security. If optional analytics cookies are introduced later, this policy will be updated and consent controls applied where required.

We share data with providers needed to run the service (for example hosting, email delivery, queue workers, logging, and AI/OCR vendors when you enable them). We use contractual safeguards with processors.

Some providers may process data outside the UK. Where that happens, we use appropriate safeguards such as standard contractual clauses and vendor due diligence.

We retain data for as long as needed for service delivery, legal obligations, security, and dispute resolution. Your organisation should align internal retention schedules with this policy once finalised.

We apply technical and organisational measures intended to protect confidentiality, integrity, and availability. No online service is risk-free; customers remain responsible for credentials and access hygiene.

Subject to applicable law, you may request access, rectification, erasure, restriction, objection, and portability. Contact [Insert privacy contact email].

You may complain to the UK ICO if you believe processing infringes data protection law.

We may update this policy as the product evolves. Material changes will be reflected on this page with an updated date.