Privacy Policy

Download PDF (Requires composer install on the server if the download does not start.)

1. Introduction

bizsuite.management ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect information when you use our website and services.

For a shorter overview of security, open banking, and third parties, see our Trust & data security page. Organisational security measures are set out in our Information Security Policy. Retention and erasure themes are summarised in Data retention & deletion.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Information you provide directly:

• Account information: Name, email address, password, business name and contact details when you register.
• Business data: Invoices, quotes, customer records, supplier details, products, receipts and other business information you enter into the platform.
• Payment information: Processed securely through Stripe (and other payment providers you or we configure). We do not store your full card details on our servers.
• Bank feed data (optional): If you connect accounts via our Bank Feed feature, we receive account and transaction data that you authorise through our Open Banking provider (Plaid). We do not receive your bank login credentials.
• Communications: Messages sent through our contact form, support system or in-app messaging.

Information collected automatically:

• Usage data: Pages visited, features used, time spent, actions taken within the platform.
• Device information: Browser type, operating system, screen resolution, IP address.
• Cookies: Session cookies for login, preference cookies for settings. See our cookie policy below.

3. How We Use Your Information

We use your information to:

• Provide and maintain our services
• Process your transactions and subscriptions
• Send important service notifications (e.g. password resets, subscription renewals)
• Improve our platform based on usage patterns
• Respond to your enquiries and provide customer support
• Prevent fraud and ensure security
• Comply with legal obligations

We will never sell your personal data to third parties.

4. Legal Basis for Processing

Under GDPR, we process your data based on:

• Contract: Processing necessary to provide the services you signed up for.
• Legitimate interest: Improving our services, preventing fraud, ensuring security.
• Consent: Where you opt in to marketing communications, optional features, or explicitly agree before connecting a bank account via our Bank Feed (Plaid).
• Legal obligation: Where we are required by law to retain or share data.

5. Data Sharing

We may share your data with:

• Payment processors: Stripe processes payments on our behalf under their own privacy policy.
• Open banking (Bank Feed): If you choose to use our optional bank connection feature, we use Plaid (Plaid Financial Ltd. in the UK / Plaid Inc. in other regions) as a technical service provider. Plaid helps you securely connect your bank and retrieve account and transaction information you authorise. When you use Plaid Link, Plaid’s processing is also described in their End User Privacy Policy. We receive only the data you authorise through that connection (for example account identifiers, balances, and transaction details) to provide bookkeeping and reconciliation features. We do not receive or store your bank login credentials.
• Hosting providers: Our servers are hosted securely with industry-standard data centres.
• Legal authorities: If required by law, court order, or to protect our legal rights.

We do not sell your business data (invoices, customers, etc.) to third parties. Your business data is yours.

6. Data Retention

We retain your data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are legally required to retain it (e.g. financial records for HMRC compliance, typically 6 years).

Bank feeds: When you disconnect a bank in the Bank Feed area, we stop new imports and revoke Plaid access where their API allows. Historical transaction copies we already stored may be retained for the same statutory and accounting periods as other business records unless you ask us to delete them sooner and we have no overriding legal obligation to keep them.

7. Your Rights

Under GDPR, you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Ask us to correct inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Portability: Receive your data in a machine-readable format.
• Object: Object to processing based on legitimate interest.
• Restrict: Request we limit how we use your data.
• Withdraw consent: Where processing is based on consent, withdraw at any time.

To exercise any of these rights, contact us at . We will respond within 30 days.

8. Data Security

We protect your data with:

• TLS encryption between your browser and our services when you use HTTPS
• Encrypted password storage using industry-standard hashing (bcrypt)
• Application updates that include security fixes as part of our release process
• Access controls within the platform so users and staff only see data appropriate to their role
• Backups to reduce the risk of data loss; underlying server and infrastructure patching is managed with our hosting provider according to their service terms

9. Cookies

We use the following types of cookies:

• Essential cookies: Required for login and core functionality. Cannot be disabled.
• Preference cookies: Remember your settings (e.g. currency, timezone).
• Analytics cookies: Help us understand how you use the platform so we can improve it.
• Advertising cookies: On public pages where we display ads or monetised affiliate content, advertising partners may use cookies or similar technologies to measure performance, control frequency, and where permitted personalise advertising.

You can manage cookies through your browser settings. Disabling essential cookies may prevent you from using the platform.

Google AdSense and third-party advertising

Where we use Google AdSense or other third-party advertising providers, third-party vendors, including Google, may use cookies to serve ads based on a user’s prior visits to this website or other websites.

Google’s use of advertising cookies enables Google and its partners to serve ads to users based on visits to this site and/or other sites on the internet. Users may opt out of personalised advertising by visiting Google Ads Settings. Users can also visit aboutads.info to opt out of some third-party vendors’ use of cookies for personalised advertising.

If we use other third-party ad networks or affiliate/partner placements, we identify those providers where required in the relevant page disclosures or admin-controlled notices. Those vendors may also use cookies or similar technologies, which should be understood alongside this policy and the vendor policies they link to.

If you are in the EEA, UK, or Switzerland, we may use additional consent prompts or consent-management tooling before loading certain advertising technologies where required by law or platform policy.

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. The "Last updated" date at the top of this page indicates when it was last revised. We review this policy periodically (at least annually) and when we materially change how we process personal data.

12. Contact Us

For privacy-related enquiries or to exercise your data rights, contact us at:

Email:
Or use our contact form.

General security and privacy enquiries may be sent to the same address unless we publish a dedicated security inbox in Data Security above.