Privacy Policy

Last updated: 02/01/2026

This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the UK GDPR and Data Protection Act 2018.

1. Data Controller

AnnualVault Ltd is the data controller for personal data processed via the Service.

2. Data We Collect

We may collect:

  • Identity data: name, email address
  • Account data: login credentials (via third-party authentication)
  • Service data: renewal dates, categories, properties
  • Documents uploaded by you
  • Usage data: feature usage and analytics
  • Payment metadata (processed by third-party providers)

We do not store card details.

3. How We Use Your Data

We process data to:

  • Provide and operate the Service
  • Send reminder emails and notifications
  • Store and retrieve your documents
  • Analyse spending summaries
  • Manage subscriptions and billing
  • Improve platform performance
  • Comply with legal obligations

4. Legal Bases for Processing

We rely on:

  • Contract performance
  • Legitimate interests
  • Legal obligations
  • Consent (for marketing communications)

5. Email Communications

Service-related emails (such as renewal reminders) are essential to the Service.

Marketing emails are optional and can be unsubscribed from at any time.

6. Data Storage and Security

Data is stored using reputable third-party infrastructure providers.

We use:

  • Encryption in transit and at rest where appropriate
  • Access controls and least-privilege principles

No system is 100% secure, but we take reasonable measures to protect your data.

7. Data Sharing

We may share data with trusted service providers for:

  • Authentication
  • Email delivery
  • Hosting and storage
  • Payment processing

All processors are bound by data protection obligations.

We do not sell your personal data.

8. International Transfers

Where data is transferred outside the UK, appropriate safeguards (such as standard contractual clauses) are in place.

9. Data Retention

We retain personal data only for as long as necessary:

  • Active accounts: for the duration of use
  • Cancelled accounts: data deleted or anonymised within a reasonable period unless legally required

Users may request deletion at any time.

10. Your Rights

You have the right to:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Data portability
  • Withdraw consent

Requests can be made by contacting support.

11. Cookies

We use essential cookies for authentication and functionality. Analytics cookies may be used with consent.

12. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via the Service.

13. Contact and Complaints

If you have concerns about data protection, contact:

Email: support@annualvault.io

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).