Privacy Policy

Last updated: February 2026

1. Introduction

AccountsOS ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our accounting software service designed for UK limited company directors.

2. Information We Collect

Personal Information

  • Name and email address
  • Company name and registration number
  • Contact information
  • Payment information (processed securely by Stripe)

Financial Data

  • Bank transaction data (from uploaded statements)
  • Receipts and expense documentation
  • Invoice and payment records
  • Tax filing information

Technical Data

  • IP address and browser type
  • Device information
  • Usage patterns and preferences

3. How We Use Your Information

  • Provide and maintain our accounting services
  • Process your transactions and tax calculations
  • Categorize expenses and generate financial reports
  • Send deadline reminders and important notifications
  • Improve our AI-powered features
  • Comply with legal and regulatory requirements
  • Respond to your support requests

4. Data Security

We implement industry-standard security measures to protect your data:

  • 256-bit SSL/TLS encryption for all data transmission
  • Encrypted data storage using AES-256
  • Regular security audits and penetration testing
  • Strict access controls and authentication
  • EU-based data centers (Supabase infrastructure)

5. Data Breach Notification

In the event of a data breach involving your personal or financial data, we follow strict notification procedures in compliance with UK GDPR and HMRC requirements:

  • HMRC notification: We will notify HMRC within 72 hours of becoming aware of any breach involving customer data, by contacting SDSTeam@hmrc.gov.uk with a breach contact name and telephone number.
  • ICO notification: We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of any personal data breach, as required by UK GDPR.
  • User notification: We will notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Incident response: Our incident response team can be reached at hello@accounts-os.com for any security concerns.

6. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases to process your personal data:

  • Contract performance: Processing necessary to provide our accounting services to you, including transaction management, financial reporting, and deadline tracking.
  • Legal obligation: Processing required for UK tax compliance, including HMRC requirements, Companies House filings, and record-keeping obligations.
  • Legitimate interest: Service improvement, fraud prevention, and security monitoring, where these interests are not overridden by your data protection rights.
  • Consent: Marketing communications, which you can withdraw at any time by contacting us or using the unsubscribe link in any marketing email.

7. Bank Statements & Third-Party Services

When you upload bank statements to AccountsOS:

  • Files are encrypted during upload and storage
  • AI extracts transaction data in isolated, secure environments
  • Your data is never used to train AI models
  • You can delete uploaded documents at any time

8. Your Rights (GDPR)

As a UK/EU resident, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Export your data in a standard format
  • Objection: Object to certain processing
  • Restriction: Limit how we use your data

To exercise these rights, contact us at hello@accounts-os.com

9. Data Retention

We retain your data for as long as your account is active. For financial records, we retain data for 7 years to comply with UK tax regulations (as required by HMRC). After account deletion, we anonymize or delete your personal data within 30 days, except where legal retention is required.

10. Cookies

We use essential cookies for authentication and security. We use analytics cookies (with your consent) to improve our service. You can manage cookie preferences in your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of our service after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or concerns:

  • Email: hello@accounts-os.com