Privacy Policy

Last updated: April 2026

1. Introduction

AccountsOS ("we", "our", or "us") is operated by Thrive Venture Labs Limited (Company No. 14835837). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our accounting software service.

2. Information We Collect

Personal Information

  • Name and email address
  • Company name and registration number
  • Contact information
  • Payment information (processed securely by Stripe)

Financial Data

  • Bank transaction data (from uploaded statements or directly connected bank accounts)
  • Receipts and expense documentation
  • Invoice and payment records
  • Tax filing information

Technical Data

  • IP address and browser type
  • Device information
  • Usage patterns and preferences

3. How We Use Your Information

  • Provide and maintain our accounting services
  • Process your transactions and tax calculations
  • Categorize expenses and generate financial reports
  • Send deadline reminders and important notifications
  • Improve our AI-powered features
  • Comply with legal and regulatory requirements
  • Respond to your support requests

4. Data Security

We implement industry-standard security measures to protect your data:

  • 256-bit SSL/TLS encryption for all data transmission
  • Encrypted data storage using AES-256
  • Continuous security monitoring via Sentry
  • Strict access controls and authentication
  • EU-based data centers (Supabase infrastructure)

5. Data Breach Notification

In the event of a data breach involving your personal or financial data, we follow strict notification procedures in compliance with UK GDPR and HMRC requirements:

  • HMRC notification: We will notify HMRC within 72 hours of becoming aware of any breach involving customer data, by contacting SDSTeam@hmrc.gov.uk with a breach contact name and telephone number.
  • ICO notification: We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of any personal data breach, as required by UK GDPR.
  • User notification: We will notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Incident response: Our incident response team can be reached at finn@accounts-os.com for any security concerns.

6. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases to process your personal data:

  • Contract performance: Processing necessary to provide our accounting services to you, including transaction management, financial reporting, and deadline tracking.
  • Legal obligation: Processing required for UK tax compliance, including HMRC requirements, Companies House filings, and record-keeping obligations.
  • Legitimate interest: Service improvement, fraud prevention, and security monitoring, where these interests are not overridden by your data protection rights.
  • Consent: Marketing communications, which you can withdraw at any time by contacting us or using the unsubscribe link in any marketing email.

7. Third-Party Integrations and Bank Data

Direct Bank Connections (Revolut Business, Starling)

AccountsOS connects directly to your bank's own API for automatic transaction import β€” no data aggregator sits in between. When you connect a bank account:

  • The connection uses read-only permissions β€” AccountsOS can never move your money
  • We receive your account balances, transaction history, and account details directly from your bank
  • Your bank login credentials are never seen or stored by AccountsOS β€” you authorise the connection inside your own bank's app or website
  • Connection credentials (certificates and access tokens) are stored encrypted (AES-256-GCM), and transaction data sits under the same security controls as all other financial data (encryption at rest, row-level security)
  • You can disconnect at any time from Settings or from your bank's own settings, which revokes our access

Stripe (Payment Processing)

If you connect your Stripe account, we sync your charges, fees, and refunds for bookkeeping purposes using a read-only API key that you provide. We do not process payments on your behalf through Stripe.

Uploaded Documents

When you upload bank statements, receipts, or invoices to AccountsOS:

  • Files are encrypted during upload and at rest
  • AI extracts transaction data in isolated, secure environments
  • Your data is never used to train AI models
  • You can delete uploaded documents at any time

AI Services

AccountsOS uses AI services (Anthropic Claude, Google Gemini) to power chat, document extraction, and transaction categorisation. Your financial data is sent to these services only as needed to provide the feature you are using. None of these providers use your data to train their models.

Email Open Tracking

Emails you choose to send from the sales pipeline include a first-party tracking image that tells you when the recipient opens the message. This is served from our own domain, no third-party tracker is involved, and the open data (timestamp and count) is visible only to your company.

8. Your Rights (GDPR)

As a UK/EU resident, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Export your data in a standard format
  • Objection: Object to certain processing
  • Restriction: Limit how we use your data

To exercise these rights, contact us at finn@accounts-os.com

9. Data Retention

We retain your data for as long as your account is active. For financial records, we retain data for 7 years to comply with UK tax regulations (as required by HMRC). After account deletion, we anonymize or delete your personal data within 30 days, except where legal retention is required.

10. Cookies

We use essential cookies for authentication and security. We use analytics cookies (with your consent) to improve our service. You can manage cookie preferences in your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of our service after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or concerns:

  • Email: finn@accounts-os.com