AccountScope

Privacy Policy

Last Updated: 10 April 2026
Effective Date: 10 April 2026
Data Controller: AccountScope (UK)

🇬🇧 UK GDPR Compliance

  • ✅ We comply with UK GDPR and Data Protection Act 2018
  • ✅ Your financial data is encrypted and stored in UK data centres
  • ✅ We never sell your data to third parties
  • ✅ You have full control over your data (access, rectify, erase)
  • ✅ Right to data portability and objection
  • ✅ ICO registered data controller

1. Data Controller Information

AccountScope is the data controller responsible for your personal data.

Contact Details:
Email: privacy@accountscope.app
Address: [UK Address - TBC]
ICO Registration: Pending

2. What Information We Collect

Account Information (Lawful Basis: Contract)

  • Name and email address
  • Password (encrypted using industry-standard encryption)
  • Company name and professional details (optional)
  • Billing information (processed via Stripe - see third parties)

Financial Documents (Lawful Basis: Contract)

  • PDF bank statements (temporarily processed, then deleted or stored encrypted)
  • Transaction data (dates, amounts, merchant names, references)
  • Sensitive data (account numbers, sort codes) are automatically redacted or encrypted
  • We process only what's necessary to provide the service

Usage Information (Lawful Basis: Legitimate Interest)

  • IP address (for security and fraud prevention)
  • Browser and device information
  • Page views and feature usage
  • Error logs and diagnostic data

3. How We Use Your Information

To provide the Service (Contract)

Process PDFs, generate reports, store your case data, provide support

To improve the Service (Legitimate Interest)

Fix bugs, enhance features, monitor performance, analyse usage patterns

To communicate (Legitimate Interest / Consent)

Account updates (contract), support (contract), product news (consent - opt-out anytime)

For security (Legitimate Interest)

Prevent fraud, detect unauthorised access, comply with legal obligations

4. Data Storage & Security

  • UK Data Centres: All data stored in Supabase (AWS London region)
  • Encryption: AES-256 at rest, TLS 1.3 in transit
  • Access Controls: Role-based access, MFA required for team members
  • Backups: Daily encrypted backups, 30-day retention
  • PDF Retention: Original PDFs deleted after processing (unless you choose to keep)
  • ISO 27001: Infrastructure meets information security standards

5. Third-Party Services

We use the following trusted third parties:

Stripe (Payment Processing)

Location: EU/UK • Purpose: Billing • Privacy Policy

Supabase (Database & Auth)

Location: UK (AWS London) • Purpose: Data storage • Privacy Policy

OpenAI (AI Processing)

Location: USA (with data processing agreement) • Purpose: Transaction categorisation • Privacy Policy

Vercel (Hosting)

Location: Global CDN • Purpose: Application hosting • Privacy Policy

All third parties are GDPR-compliant and have data processing agreements in place.

6. Your Rights Under UK GDPR

✅ Right to Access

Request a copy of all personal data we hold about you

✅ Right to Rectification

Correct inaccurate or incomplete data

✅ Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal obligations)

✅ Right to Data Portability

Receive your data in machine-readable format (CSV/JSON)

✅ Right to Object

Object to processing based on legitimate interests

✅ Right to Restrict Processing

Request we limit how we use your data

✅ Right to Withdraw Consent

Withdraw consent at any time (e.g., marketing emails)

To exercise your rights: Email privacy@accountscope.app
We will respond within 30 days (as required by UK GDPR)

7. Data Retention

  • Account Data: Retained while account is active + 7 years after deletion (HMRC requirement for financial records)
  • Transaction Data: 7 years (accounting compliance)
  • Original PDFs: Deleted immediately after processing (unless stored by user choice)
  • Logs: 90 days for security, 30 days for analytics
  • Backups: 30 days rolling retention

8. Cookies

We use essential cookies only:

  • Authentication: Keep you logged in (session cookie)
  • Preferences: Remember your settings (e.g., dark mode)
  • Security: CSRF protection

We do NOT use tracking or advertising cookies. See our Cookie Policy for details.

9. International Transfers

Your data is primarily stored in the UK. Where we use US-based services (e.g., OpenAI), we ensure:

  • Standard Contractual Clauses (SCCs) are in place
  • Data Processing Agreements signed
  • Adequate safeguards under UK GDPR Article 46
  • Minimal data transfer (only transaction descriptions for categorisation)

10. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy. Changes will be posted here with an updated "Last Updated" date. Material changes will be notified via email. Continued use constitutes acceptance.

12. Complaints

If you're not satisfied with how we handle your data, you have the right to complain to:

Information Commissioner's Office (ICO)
Website: ico.org.uk/make-a-complaint
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Contact Us

Questions about this Privacy Policy? Contact us:

Email: privacy@accountscope.app
General: hello@accountscope.app
Support: support@accountscope.app

Last updated: 10 April 2026 • Terms of Service • Cookie Policy