Privacy Policy

Last updated: 26 March 2026

1. Who we are

Beancountr (“we”, “us”, “our”) operates beancountr.com and beancountr.co.uk. We provide financial management software for UK freelancers and small businesses. For GDPR purposes, we are the data controller.

Contact: hello@beancountr.com

2. What data we collect

  • Account data: email address, name (when you sign up)
  • Business data: client names, invoice details, time entries, expenses — data you enter into the app
  • Settings data: business name, tax rates, pension rates, invoice defaults
  • Payment data: handled entirely by Stripe — we never see or store card details
  • Usage data: pages visited, features used, error logs (to improve the service)
  • Cookie data: session cookies for authentication; analytics cookies only with your consent

3. How we use your data

  • To provide and maintain your Beancountr account
  • To process payments via Stripe
  • To send transactional emails (invoices, receipts, password resets)
  • To improve the product based on aggregate usage patterns
  • To comply with legal obligations (e.g. VAT, HMRC reporting requirements)

4. Legal basis (GDPR)

  • Contract: processing needed to deliver the service you signed up for
  • Legitimate interests: fraud prevention, security, product improvement
  • Consent: analytics cookies (you can withdraw at any time)
  • Legal obligation: compliance with UK law

5. Data sharing

We do not sell your data. We share data only with trusted processors:

  • Supabase — database and authentication (EU data centres)
  • Stripe — payment processing
  • Vercel — hosting (EU region)
  • Resend — transactional email

6. Data retention

We keep your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it by law (e.g. financial records for 6 years under UK law).

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Object to or restrict processing
  • Data portability (export your data)
  • Withdraw consent (for cookies) at any time

To exercise any of these rights, email hello@beancountr.com. We will respond within 30 days.

8. Cookies

We use:

  • Essential cookies: required for authentication and security. Cannot be disabled.
  • Analytics cookies: used only with your consent to understand how the product is used.

You can change your cookie preferences at any time using the cookie banner.

9. Security

All data is encrypted in transit (TLS) and at rest. We use Supabase Row Level Security to ensure users can only access their own data. Authentication is handled via secure OAuth/magic link flows.

10. Changes to this policy

We may update this policy from time to time. We will notify you by email of any material changes. Continued use of the service constitutes acceptance of the updated policy.

11. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.