AccounteeBack to app

Privacy Policy

Last updated: 1 August 2025

1. Who we are

Accountee (“we”, “us”, “our”) is a Software-as-a-Service application designed for Irish contractors and small businesses. For the purposes of the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988–2018, we act as the data controller of personal data collected through this platform.

2. Data we collect

Account data

  • Name and email address (required for registration)
  • Hashed password (we never store your password in plain text)
  • Business details you enter: company name, VAT number, address, phone number

Financial data

  • Invoices, customers, expenses, contracts, and payment records you create
  • VAT periods and submissions you manage

Technical data

  • Hashed IP address (for security audit logs only — not the raw IP)
  • User-agent string (browser type, for security logging)
  • Session tokens stored in encrypted cookies

Cookies

We use essential cookies only to keep you logged in and maintain session security. We do not use advertising, tracking, or analytics cookies.

3. Legal basis for processing

  • Performance of a contract (Article 6(1)(b) GDPR): processing necessary to provide the service you signed up for.
  • Legitimate interests (Article 6(1)(f) GDPR): security logging, fraud prevention, and service improvement.
  • Legal obligation (Article 6(1)(c) GDPR): retaining financial records as may be required under Irish tax law.

4. How we use your data

  • To provide and operate the Accountee service
  • To send transactional emails (invoice delivery, password reset, account verification)
  • To detect and prevent fraud or unauthorised access
  • To comply with our legal and regulatory obligations

We never sell, rent, or share your personal data with third parties for marketing purposes.

5. Data sharing

We share data with the following categories of sub-processors, strictly to operate the service:

  • Hosting provider: our application runs on cloud infrastructure in the EEA
  • Email delivery: transactional emails are sent via the operator's configured SMTP provider
  • Payment processing: Stripe (stripe.com) handles payment links; we do not store card details
  • Database: your data is stored in a PostgreSQL database within the EEA

6. Data retention

  • Account and financial data: retained for 7 years after account closure to satisfy Irish Revenue requirements
  • Security audit logs: retained for 12 months
  • Deleted records: permanently removed within 30 days of deletion request

7. Your rights under GDPR

As a data subject in the EU/EEA, you have the right to:

  • Access — request a copy of all personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data (“right to be forgotten”), subject to legal retention obligations
  • Restriction — ask us to limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, use the Data & Privacy section in your account settings, or contact us directly at the address below. We will respond within 30 days.

8. Cookies and consent

The cookie banner shown on your first visit lets you accept or reject non-essential cookies. Because we currently use only essential cookies, your choice affects future behaviour if we ever introduce optional cookies. You can update your preference by clearing your browser's local storage for this site.

9. Security

We implement appropriate technical and organisational measures to protect your data, including: bcrypt password hashing, encrypted session cookies, TLS in transit, hashed IP addresses in logs, and principle-of-least-privilege database access.

10. Supervisory authority

You have the right to lodge a complaint with the Irish Data Protection Commission (DPC):

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
www.dataprotection.ie

11. Changes to this policy

We may update this policy from time to time. We will notify you by email or in-app notification of any material changes. Continued use of Accountee after such notification constitutes acceptance of the updated policy.

12. Contact

For any privacy-related queries, please contact us at: privacy@accountee.ie