Bank Assistant – Beta Test - Privacy Policy

Last Updated: 1st October 2025

Our Commitment to Your Privacy. Welcome to Bank Assistant. Our service is built on a foundation of trust and privacy. Our goal is to provide you with simple, powerful bookkeeping tools while collecting the minimum amount of personal data necessary to deliver our service. This policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over your data. We have a simple rule: we will never share or sell your personal data to anyone, ever.

A Note on Our Beta Phase: You are participating in an early-stage beta test of the Bank Assistant service. We are incredibly grateful for your help in testing and shaping our product. Our commitment to your privacy is a core principle from day one. As we develop our service towards a full public launch, we are continuously improving our security and data protection measures. This policy reflects the measures in place during this beta period. Our roadmap includes implementing comprehensive server-side encryption for all data at rest before we launch to the public.

Section 1: Who We Are

• Bank Assistant ("we", "us", "our") provides a bookkeeping assistance service for sole traders and small businesses. We are the 'data controller' for the information described in this policy.
• If you have any questions about this policy or your data, please contact us at TermsAndPrivacy@BankAssistant.co.uk.

Section 2: The Personal Data We Collect

• To provide our service, we need to collect the following information:
  • Contact Data: Your email address, which we use to set up your account and communicate with you.
  • Communications & Document Data: Your Telegram User ID and the content of your messages with our service.

Section 3: How and Why We Use Your Personal Data

• We only use your personal data when we have a legal reason to do so. This is known as our 'lawful basis'. Here’s how we use your data and why:
  
  
  • To set up Your Account and Deliver our Core Service (processing ‘demo’ transactions, generating ‘Draft Accounts’)
    Data Used:Contact Data.
    Lawful Basis: To fulfil the contract we have with you.
  • To Communicate with You (responding to queries, providing support, sending service updates).
    Data Used: Contact Data, Communications Data.
    Lawful Basis: To fulfil our contract and for our legitimate interests (providing good customer service).
  • To Improve our AI and Service Performance.
    Data Used: Your feedback.
    Lawful Basis: Our legitimate interests (to develop and improve our service).
  
  
• Our Anonymisation Process:
  
  We are committed to data minimisation. When our AI processes your information, it uses anonymised data. Your personal identifiers are stripped out, and the process operates only on the transactional data and message content required for the task. No data, including ‘demo data’, from other customers, anonymised or otherwise, is used when processing your data. This is a core part of our 'privacy by design' approach.

Section 4: Who We Share Your Data With

• We do not sell your data. However, to provide our service, we rely on a few trusted third-party partners ('data processors'). We only share the minimum data necessary.
• Cloud & Document Provider: We use Google (Google Sheets and Google Drive) to store your draft accounts and supporting documents. We are responsible for securing this data within their platform.
• Communication Platform: We use Telegram to communicate with you. Your interactions are subject to Telegram's privacy policy.
• Your Accountant and Other Third Parties: Our service generates a secure, shareable link to your Draft Accounts and Supporting Documents. You are in complete control of this link and are responsible for sharing it only with trusted individuals, such as your nominated accountant.
• Legal & Regulatory Bodies: We may be required to disclose your data if compelled by law, such as to HMRC or law enforcement.

Section 5: Data Security

• We take the security of your data very seriously. While our service is in beta, we use the following technical and organisational measures to protect your information:
  • Encryption in Transit: Using secure, encrypted connections (SSL/TLS) for all data transferred between you, our service, and our third-party partners.
  • Secure Hosting Environment: Hosting your data in a professional data centre with robust physical security, firewalls, and network intrusion prevention systems.
  • Strict Access Controls: Implementing software-level access controls to ensure only authorized processes and personnel can access your information. This includes using strong credentials and secure protocols for server administration.
  • Data Minimisation: Our 'privacy by design' approach, including the anonymisation techniques used in our AI processing, ensures we limit the processing of identifiable data wherever possible.

Section 6: International Data Transfers

• Some of our third-party providers (like Google and Telegram) may store or process data outside the UK. When this happens, we ensure that your data is protected by legal mechanisms approved under UK GDPR, such as Standard Contractual Clauses (SCCs) and the UK's Adequacy Decisions.

Section 7: Data Retention

• We will only keep your personal data for as long as it is needed for the purpose it was collected.
• We will retain your account and financial data for as long as you are a customer.
• After you close your account, we may need to retain your financial records for a period of up to 6 years to comply with our legal and regulatory obligations (e.g., for HMRC tax purposes).
• Data that is no longer required will be securely deleted or fully anonymised.

Section 8: Your Data Protection Rights

• Under UK GDPR, you have rights over your personal data:
  • The right to be informed: To know how we use your data (which is what this policy does).
  • The right of access: To request a copy of the data we hold about you.
  • The right to rectification: To have inaccurate data corrected.
  • The right to erasure: To ask us to delete your data (also known as the 'right to be forgotten').
  • The right to restrict processing: To limit how we use your data.
  • The right to data portability: To receive your data in a common format.
  • The right to object: To object to us processing your data.
• To exercise any of these rights, please contact us at TermsAndPrivacy@BankAssistant.co.uk.
• You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator.

Section 9: Changes to This Policy

• We may update this policy from time to time. We will notify you of any significant changes by email.