Privacy Policy

1. Introduction

StrideBooks ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our bookkeeping software service and visit our website.

As a UK-based company, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioner's Office (ICO) under registration number [Your ICO Registration Number].

2. Data Controller Information

Data Controller: StrideBooks
Contact Email:privacy@stridebooks.com]

3. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: To provide our bookkeeping services and fulfil our contractual obligations
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with financial regulations, tax requirements, and legal obligations
• Consent: For marketing communications and non-essential cookies (where required)

4. Information We Collect

4.1 Personal Information You Provide

• Account Information: Name, email address, phone number, business address
• Business Details: Company name, business type, VAT number, UTR number
• Payment Information: Billing address (card details are processed securely by our payment provider)
• Communications: Support enquiries, feedback, survey responses

4.2 Financial Data

As a bookkeeping service provider, we process:

• Bank account details and transaction history
• Credit card and payment processing data
• Income and expense records
• Invoices, receipts, and financial documents
• VAT and tax-related information
• Financial reports and business metrics

4.3 Technical Information

• IP address and location data
• Browser type and device information
• Usage data and analytics
• Cookies and tracking technologies

5. How We Use Your Information

5.1 Service Provision

• Providing and maintaining our bookkeeping software
• Processing transactions and generating financial reports
• Connecting to your bank accounts and financial institutions
• Providing customer support and technical assistance

5.2 Legal and Regulatory Compliance

• Complying with HMRC requirements and tax obligations
• Meeting Financial Conduct Authority (FCA) regulations
• Anti-money laundering (AML) compliance
• Maintaining audit trails and financial records

5.3 Business Operations

• Improving and developing our services
• Fraud prevention and security monitoring
• Analytics and performance optimisation
• Marketing communications (with your consent)

6. Data Sharing and Disclosure

6.1 Service Providers

We share data with trusted service providers who help us operate our service:

• Cloud Hosting: AWS (Ireland), Microsoft Azure (UK)
• Payment Processing: Stripe, GoCardless (UK-based)
• Bank Connectivity: TrueLayer, Yapily (UK open banking providers)
• Customer Support: Zendesk, Freshdesk
• Email Services: SendGrid, Mailchimp

6.2 Financial Institutions

To provide core bookkeeping services, we connect with:

• UK banks and building societies via Open Banking
• Payment processors and financial service providers
• HMRC systems for VAT and tax submissions

6.3 Legal Requirements

We may disclose your information when legally required:

• To comply with court orders or legal processes
• To respond to HMRC or other regulatory enquiries
• To prevent fraud or protect public safety
• To enforce our terms of service

7. Data Security

7.1 Technical Measures

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Multi-factor authentication and role-based permissions
• Infrastructure: UK and EU-based secure data centres
• Monitoring: 24/7 security monitoring and incident response

7.2 Compliance Standards

• ISO 27001 information security management
• SOC 2 Type II compliance audits
• Open Banking security standards
• PCI DSS for payment processing

8. Data Retention

We retain your data in accordance with UK legal requirements:

• Financial Records: 6 years after the end of the relevant accounting period (HMRC requirement)
• VAT Records: 6 years from the end of the VAT period
• Account Data: While your account is active and for 7 years after closure
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Technical Logs: 12 months for security and troubleshooting

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

9.1 Right of Access

Request a copy of the personal data we hold about you.

9.2 Right to Rectification

Correct any inaccurate or incomplete personal data.

9.3 Right to Erasure

Request deletion of your personal data (subject to legal retention requirements).

9.4 Right to Restrict Processing

Limit how we process your personal data in certain circumstances.

9.5 Right to Data Portability

Receive your personal data in a structured, machine-readable format.

9.6 Right to Object

Object to processing based on legitimate interests or for direct marketing.

9.7 Rights Related to Automated Decision Making

Not to be subject to decisions based solely on automated processing.

10. Cookies and Tracking

We use cookies to enhance your experience:

10.1 Essential Cookies

Necessary for the service to function properly (no consent required).

10.2 Analytics Cookies

Help us understand how you use our service (consent required).

10.3 Marketing Cookies

Used to deliver relevant advertisements (consent required).

You can manage cookie preferences through your browser settings or our cookie consent tool.

11. International Transfers

Your data is primarily processed within the UK and EEA. When we transfer data outside these areas:

• We ensure adequate protection through appropriate safeguards
• We use Standard Contractual Clauses approved by the ICO
• We conduct transfer impact assessments where required

12. Data Protection Officer

For data protection enquiries, contact our Data Protection Officer:

Email: [privacy@stridebooks.com]

13. Complaints

If you're not satisfied with how we handle your personal data, you can:

1. Contact us directly at [privacy@stridebooks.com]

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we do:

• We'll post the updated policy on our website
• We'll update the "Last Updated" date
• For significant changes, we'll notify you by email
• Your continued use constitutes acceptance of the updated policy

15. Contact Information