Privacy Policy

ReceiptNudge is a UK-based software service that helps bookkeepers automate the process of chasing clients for missing receipts. References to "we", "us", or "ReceiptNudge" in this policy mean the operator of receiptnudge.com.

If you have any questions about this policy or how we handle your data, please contact us at hello@receiptnudge.com.

We collect the following categories of personal data:

• Bookkeeper account data: your name, email address, business name, and billing information (processed securely via Stripe — we do not store card details ourselves).
• Client data: names, email addresses, and phone numbers uploaded by bookkeepers for the purpose of sending receipt requests. This data is provided by the bookkeeper, who acts as the data controller for their clients' information.
• Transaction data: descriptions, amounts, and dates imported via CSV upload.
• Receipt files: images and PDF documents uploaded by clients via magic links. These are stored securely and accessed only by the relevant bookkeeper.
• Usage data: login times and basic feature usage. We do not use third-party analytics or advertising trackers.

We use the data we collect to:

• Provide and operate the receipt chasing service.
• Send automated emails and SMS messages to clients on the explicit instruction of the bookkeeper.
• Process subscription payments securely via Stripe.
• Store uploaded receipt files in Supabase Storage and make them available to the relevant bookkeeper.
• Respond to support enquiries and account-related communications.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

To deliver our service, we share data with the following third-party processors. Each is bound by data processing agreements and operates under applicable data protection law:

• Supabase — database and file storage. Data is stored on EU/UK-region servers.
• Resend — transactional email delivery (receipt request emails sent to your clients).
• Twilio — SMS delivery (nudge messages sent to your clients).
• Stripe — subscription billing and payment processing. Stripe is certified to PCI DSS Level 1.
• Vercel — application hosting and serverless infrastructure.

We process personal data under the following legal bases as defined by the UK General Data Protection Regulation (UK GDPR):

• Contract performance: we process bookkeeper account data to fulfil our contractual obligations to you as a subscriber.
• Legitimate interests: we send receipt requests to clients on the bookkeeper's instruction. The bookkeeper, as the data controller for their client relationships, is responsible for ensuring they have an appropriate basis to instruct us to do so.
• Legal obligation: we retain billing and transaction records as required by applicable financial and tax regulations.

• Bookkeeper account data is retained while your subscription is active and for 90 days following cancellation, after which it is deleted.
• Transaction data and uploaded receipts are retained for 7 years in line with UK accounting record-keeping requirements.
• You may request deletion of your data in writing. We will fulfil requests promptly subject to any overriding legal retention obligations.

You have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data in certain circumstances.
• Right to restriction — ask us to limit how we use your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.

To exercise any of these rights, please contact us at hello@receiptnudge.com. We will respond within one calendar month.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

ReceiptNudge uses only essential cookies necessary to maintain your authenticated session. We do not use tracking, analytics, or advertising cookies. No cookie consent banner is required as we rely solely on strictly necessary cookies.

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email at the address associated with your account at least 14 days before the changes take effect. Continued use of ReceiptNudge after that date constitutes acceptance of the revised policy.

The current version of this policy is always available at receiptnudge.com/privacy.

For any data protection queries, access requests, or complaints, please write to us at hello@receiptnudge.com.