Privacy Policy

1. Introduction

Welcome to AvroBooks. We are committed to protecting your privacy and being transparent about our data practices. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data.

AvroBooks is an accounting and document management platform designed for accountants and businesses. We take your privacy seriously and only collect the minimum data necessary to provide our services.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password (encrypted), and business details
Business Data: Documents, invoices, receipts, contacts, suppliers, and accounting information you upload
Payment Information: Billing details processed through Stripe (we don't store card numbers)
Profile Information: Optional information about your practice or business
Communication: Messages you send us through support or contact forms

2.2 Information We Collect Automatically

Server Logs: IP address, browser type, pages visited, timestamps (for security and debugging)
Session Data: Authentication cookies and session management (required for login)
Error Logs: Technical information when errors occur (to fix bugs)

2.3 Information We DO NOT Collect

We DO NOT use analytics or tracking cookies
We DO NOT track your browsing behavior
We DO NOT use advertising pixels or trackers
We DO NOT build behavioral profiles
We DO NOT track you across other websites

3. How We Use Your Information

We use your information solely to provide and improve our services:

Provide the Service: Process documents, manage accounting data, facilitate Xero integration
Account Management: Create and maintain your account, authenticate logins, manage subscriptions
Payment Processing: Process subscription payments and maintain billing records
Communication: Send transactional emails (receipts, notifications, security alerts)
Security: Protect against fraud, abuse, and security threats
Legal Compliance: Comply with legal obligations and enforce our terms
Support: Respond to your questions and provide customer support
Improvements: Fix bugs, improve performance, and add features you request

4. Third-Party Services

We use the following third-party services to provide our platform. These are essential for the service to function:

Stripe

Payment Processing

Xero

Accounting Integration

hCaptcha

Bot Protection

Bunny Fonts

Privacy-focused Font Delivery

5. Do Not Track (DNT)

We respect the EFF's Do Not Track (DNT) policy.

When we detect that you have DNT enabled in your browser, we commit to:

Not loading any analytics or tracking scripts (we don't use any anyway)
Not using third-party tracking cookies
Not sharing your data for advertising or tracking purposes
Sending the Tk: N response header

Current DNT Status: Not Enabled

6. Data Retention

Account Data: Retained while your account is active
Business Documents: Retained according to your preferences and legal requirements
Server Logs: IP addresses anonymized after 7 days, logs deleted after 90 days
Billing Records: Retained for 7 years for tax and legal compliance
Deleted Accounts: Data permanently deleted within 30 days of account deletion

7. Data Security

We implement industry-standard security measures to protect your data:

Encryption: All data transmitted over HTTPS/TLS encryption
Password Security: Passwords are hashed using bcrypt (not stored in plain text)
Access Controls: Strict role-based access controls and authentication
Infrastructure: Hosted on secure, monitored servers
Regular Updates: Security patches applied promptly
Monitoring: Continuous monitoring for suspicious activity

8. Your Rights (GDPR & UK GDPR)

You have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Data Portability

Export your data in a machine-readable format

Right to Object

Object to processing of your personal data

Right to Restriction

Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at privacy@avrobooks.com

9. Cookies

We use only essential cookies necessary for the service to function:

Session Cookie: Maintains your login session (deleted when you log out)
CSRF Token: Protects against cross-site request forgery attacks
Remember Me: Optional cookie to keep you logged in (if you check "Remember Me")

We DO NOT use tracking cookies, advertising cookies, or analytics cookies.

10. Children's Privacy

AvroBooks is not intended for users under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it immediately.

11. International Data Transfers

Your data is primarily stored and processed in the UK/EU. When using third-party services (Stripe, Xero), data may be transferred internationally. These services are compliant with GDPR and use appropriate safeguards such as Standard Contractual Clauses.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting a notice on our website
Sending an email to your registered address
Updating the "Last updated" date at the top of this page

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@avrobooks.com

Support: Through the in-app contact form

Data Protection Officer: dpo@avrobooks.com

14. Complaints

If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the supervisory authority:

UK Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

TL;DR - The Short Version