Privacy Policy

1. Introduction

BusinessPro UK ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the data controller for the personal data we process, unless otherwise stated. Our registered office is in the United Kingdom.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, job title, and company details
• Business Data: Financial records, invoices, expenses, customer data, and business operations information
• Payment Information: Payment card details (processed securely through our payment provider Stripe)
• Communications: Messages, support tickets, and feedback you provide

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Cookies and Similar Technologies: See our Cookie Policy below

2.3 Information from Third Parties

• HMRC Integration: Tax information and VAT returns (with your explicit consent)
• Companies House: Publicly available company information
• Open Banking: Transaction data from your bank (with your explicit consent)
• Payment Processors: Payment and transaction information from Stripe

3. How We Use Your Information

We process your personal data for the following purposes:

• Service Provision: To provide and maintain our business management platform
• Account Management: To create and manage your account
• Business Operations: To process invoices, track expenses, manage compliance, and perform financial operations
• Communication: To send service updates, security alerts, and support messages
• Improvement: To analyze usage patterns and improve our services
• Legal Compliance: To comply with legal obligations including tax, accounting, and regulatory requirements
• Security: To detect, prevent, and address fraud, security issues, and technical problems

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on:

• Contractual Necessity: To fulfill our contract with you and provide our services
• Consent: Where you have given explicit consent for specific processing activities
• Legal Obligation: To comply with UK laws and regulations
• Legitimate Interests: For our legitimate business interests, provided they don't override your rights

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Cloud hosting (Vercel, Supabase), payment processing (Stripe), email services (Resend)
• Government Authorities: HMRC and Companies House for compliance purposes
• Professional Advisors: Legal, accounting, and professional service providers as necessary
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law, court order, or government authority

We do not sell your personal data to third parties.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Employee training on data protection
• Incident response and breach notification procedures

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Financial records are retained for at least 6 years in accordance with UK tax law requirements. When data is no longer needed, we securely delete or anonymise it.

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at privacy@businesspro.uk

9. Cookies and Tracking

We use cookies and similar technologies to improve your experience, analyze usage, and provide personalized content. You can control cookies through your browser settings. Essential cookies are necessary for the platform to function and cannot be disabled.

10. International Transfers

Your data is primarily stored in the UK and EU. If we transfer data outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or wish to exercise your data protection rights, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: