Privacy Policy

Last Updated: 26 October 2025

1. Introduction

GetMy Ltd ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GetMy Suite products and services.

We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: GetMy Ltd
Registered Office: [Address to be confirmed]
Contact: enquiries@getmy.group

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

  • Account Information: Name, email address, phone number, company name, professional credentials
  • Billing Information: Payment card details, billing address, VAT number
  • Client Data: Information you input about your clients (names, contact details, financial data) when using GetMyBooks
  • Document Data: Receipts, proposals, engagement letters, and other documents you upload
  • Communication Data: Your interactions with our support team and feedback

2.2 Technical Information

  • Usage Data: How you interact with our services, features used, time spent
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, pages viewed, errors encountered
  • Cookies: As detailed in our Cookie Policy

2.3 Third-Party Integrations

When you connect third-party services (such as Xero), we receive data from those services in accordance with their privacy policies and your authorization.

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide our services under our Terms of Service
  • Legitimate Interests: To improve our services, prevent fraud, and ensure security
  • Legal Obligation: To comply with UK tax, accounting, and regulatory requirements
  • Consent: For marketing communications (which you can withdraw at any time)

3.2 Purposes of Processing

We use your information to:

  • Provide, maintain, and improve our services
  • Process payments and manage your subscription
  • Communicate with you about service updates, support, and account matters
  • Ensure security and prevent fraud
  • Comply with legal obligations and enforce our terms
  • Conduct analytics to improve user experience
  • Send marketing communications (with your consent)

4. Data Sharing and Disclosure

4.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our services:

  • Cloud Hosting: Microsoft Azure (UK region)
  • Payment Processing: Stripe
  • Email Services: MailChannels
  • Analytics: Cloudflare Analytics
  • Customer Support: [To be determined]

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

4.2 Third-Party Integrations

If you choose to integrate with third-party services (e.g., Xero, QuickBooks), data will be shared with those services according to your authorization and their privacy policies.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or to protect our legal rights and the safety of our users.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Infrastructure: UK-based secure data centers with SOC 2 certification
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backups: Regular automated backups with encryption
  • Audits: Regular security audits and penetration testing

While we strive to protect your data, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for 7 years after closure (UK tax requirements)
  • Financial Records: Retained for 7 years (UK Companies Act 2006)
  • Client Data: You control retention; data is deleted when you request or after 90 days of account closure
  • Marketing Data: Retained until you unsubscribe or request deletion
  • Log Data: Retained for 90 days for security and troubleshooting

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing or optional processing
  • Right to Complain: Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, contact us at enquiries@getmy.group. We will respond within 30 days.

8. International Data Transfers

Your data is primarily stored and processed in the United Kingdom. If we transfer data outside the UK, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions recognizing equivalent data protection standards
  • Other lawful transfer mechanisms under UK GDPR

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered email address
  • Prominent notice on our website
  • In-app notification when you next log in

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Data Protection Officer
GetMy Ltd
Email: enquiries@getmy.group
Email: dpo@getmy.group

Information Commissioner's Office (ICO)
If you are not satisfied with our response, you may lodge a complaint with the ICO:
Website: https://ico.org.uk
Helpline: 0303 123 1113

Note: This is a general privacy policy template. GetMy Ltd will ensure full compliance with all applicable UK data protection laws prior to launch.