Privacy Policy

1. Introduction

Figurs Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our accounting and company secretarial SaaS platform ("Service").

We are the data controller for the personal information we process, unless otherwise stated.

2. Data Controller Details

Figurs Ltd
Company Registration Number: [To Be Completed]
Registered Office: [To Be Completed]
Email: privacy@figurs.co.uk
Data Protection Officer: dpo@figurs.co.uk

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, password, phone number
• Company Information: Company name, registration number, registered address, accounting reference date, VAT registration details
• Financial Data: Bank transactions, invoices, bills, expenses, VAT returns, financial reports
• Company Secretarial Data: Director details, shareholder information, PSC records, share capital, statutory filings
• Payment Information: Billing address and payment method details (processed by Stripe and GoCardless)

3.2 Information Automatically Collected

• Usage Data: Pages visited, features used, time spent, actions taken
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies: See our Cookie Policy for details

3.3 Information from Third Parties

• HMRC: VAT obligations, corporation tax data, self-assessment information
• Companies House: Company details, filing history, officer information
• Finexer (Open Banking): Bank account details, transaction data
• Payment Providers: Transaction confirmations, payment status

4. How We Use Your Information

4.1 Legal Basis for Processing (UK GDPR)

• Contract Performance: Providing our accounting and company secretarial services
• Legal Obligation: Compliance with HMRC, Companies House, FCA, and other regulatory requirements
• Legitimate Interests: Improving our services, fraud prevention, security
• Consent: Marketing communications, optional analytics

4.2 Purposes

• Provide, maintain, and improve our Service
• Process transactions and manage your account
• Submit VAT returns, corporation tax returns, and statutory filings on your behalf
• Sync bank transactions and reconcile accounts
• Generate financial reports and insights
• Communicate with you about your account and services
• Comply with legal obligations and respond to legal requests
• Detect, prevent, and address fraud, security issues, and technical problems
• Analyse usage patterns to improve user experience

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share data with the following processors under Data Processing Agreements:

• HMRC: VAT returns, corporation tax, PAYE, self-assessment (statutory requirement)
• Companies House: Statutory filings, company updates (statutory requirement)
• Finexer: Open Banking connection for bank feed synchronisation
• Stripe: Payment processing for invoice payments
• GoCardless: Direct debit payments for subscriptions
• AWS: Cloud hosting and data storage
• Email Service Provider: Transactional and marketing emails

5.2 Legal Requirements

We may disclose your information to:

• Comply with legal obligations (court orders, subpoenas)
• Enforce our Terms of Service
• Protect the rights, property, or safety of Figurs, our users, or others
• Investigate fraud or security issues

5.3 Business Transfers

If Figurs is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

Your data is primarily stored in the UK and European Economic Area (EEA). Where we transfer data outside the UK/EEA, we ensure adequate safeguards are in place through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the UK Information Commissioner's Office
• Binding Corporate Rules

7. Data Retention

We retain your data for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (e.g., 6 years for accounting records under UK law)
• Resolve disputes and enforce agreements

Specific Retention Periods

• Accounting Records: 6 years from the end of the financial year (UK legal requirement)
• VAT Records: 6 years (HMRC requirement)
• Company Secretarial Records: 10 years (Companies Act 2006)
• Payment Records: 7 years (tax and anti-money laundering requirements)
• Marketing Data: Until consent is withdrawn or 2 years of inactivity

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for marketing or optional analytics

To exercise these rights, contact us at privacy@figurs.co.uk.

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Multi-factor authentication (MFA)
• Regular security audits and penetration testing
• Access controls and role-based permissions
• Security monitoring and incident response procedures
• Employee training on data protection

10. Children's Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Cookies and Tracking

We use cookies and similar technologies to provide, protect, and improve our Service. For detailed information, see our Cookie Policy.

You can manage your cookie preferences at any time through your Cookie Consent Settings.

12. Marketing Communications

With your consent, we may send you marketing emails about new features, special offers, and updates. You can unsubscribe at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your preferences in your account settings
• Contacting us at marketing@figurs.co.uk

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Email notification
• Prominent notice on our website
• In-app notification

The "Last updated" date at the top of this policy indicates when it was last revised.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: privacy@figurs.co.uk
• Data Protection Officer: dpo@figurs.co.uk
• Post: Figurs Ltd, [Address to be completed]

15. Complaints

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk