GDPR & Data Protection Compliance

As a platform serving the UK and EU, we are committed to the highest standards of data privacy.

1. Data Roles

• Data Controller: We are the controller for your account information (email, name, billing address).
• Data Processor: We act as the processor for the client data and invoice details you upload to our platform.

2. Your Rights (The 2026 Standard)

Under the GDPR and the UK Data Protection Act, you have the following rights:

• Right to Access: Request a copy of all data we hold about you in a machine-readable format (.JSON or .CSV).
• Right to Rectification: Update your business details at any time.
• Right to Erasure ("Right to be Forgotten"): When you delete your account, we purge your data from our active databases within 30 days.
• Right to Restrict Processing: You can opt-out of non-essential data processing (like marketing analytics).

3. Data Sub-Processors

To provide our service, we use a limited number of trusted partners. All are vetted for GDPR compliance:

• Cloud Hosting: Google Cloud Platform (Dublin, Ireland)
• Payment Processing: Stripe / PayPal
• Email Delivery: SendGrid

4. Data Breaches

In the unlikely event of a data breach, we will notify the relevant supervisory authority (such as the ICO in the UK or the DPC in Ireland) and affected users within 72 hours.