Privacy Policy — Love Your Accountants App

Last updated: 30 May 2026
Effective date: 30 May 2026
Policy URL: https://loveyouraccountants.com/app-privacy

1. Introduction

Love Your Accountants Limited ("LYA", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Love Your Accountants mobile application (the "App").

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (EU GDPR).

Please read this policy carefully. By using the App, you acknowledge that you have read and understood its contents. If you do not agree with this policy, please do not use the App.

2. Who We Are — Data Controller

Love Your Accountants Limited is the Data Controller for your personal data collected through the App.

• Company name: Love Your Accountants Limited
• Registered address: 2A The Quadrant, Epsom, Surrey, KT17 4RH
• Company number: 10775733
• Contact email: management@loveyouraccountants.com

If you have any questions about how we handle your personal data, or wish to exercise your data rights, please contact us at management@loveyouraccountants.com.

3. Data Processor and Sub-Processors

Under UK GDPR, certain organisations act as Data Processors on our behalf — meaning they process your data only on our instructions and for no other purpose.

• Data Controller — Love Your Accountants Limited: Determines how and why your data is processed.
• Data Processor — M24 Media Ltd: App development and technical maintenance. Acts under a binding Data Processing Agreement (DPA) with LYA and does not use your data for any independent purpose.
• Sub-Processor — Google LLC (Firebase): Cloud infrastructure, authentication, analytics, and crash reporting.
• Sub-Processor — Brevo (Sendinblue SAS): Sending passwordless login emails.

M24 Media Ltd processes your data solely as instructed by Love Your Accountants Limited and under the terms of a formal Data Processing Agreement. They have no right to use, share, or retain your data beyond the scope of that agreement.

4. What Personal Data We Collect

We collect only the personal data that is necessary to provide the App's services to you.

• Email address — to verify your identity and send your passwordless login link. Legal basis: performance of a contract (UK GDPR Article 6(1)(b)).
• Receipt images (photos) — submitted to LYA for accountancy and bookkeeping services. Legal basis: performance of a contract (UK GDPR Article 6(1)(b)).
• Device identifiers — collected via Firebase for analytics and crash reporting, to maintain and improve the App. Legal basis: legitimate interests (UK GDPR Article 6(1)(f)).
• App usage data — collected via Firebase Analytics to understand how the App is used and to improve functionality. Legal basis: legitimate interests (UK GDPR Article 6(1)(f)).
• Crash and error logs — collected via Firebase Crashlytics to identify and fix technical issues. Legal basis: legitimate interests (UK GDPR Article 6(1)(f)).

We do not collect passwords. We do not offer or use Google Sign-In or Apple Sign-In. Authentication is entirely passwordless via a one-time login link sent to your email address.

We do not collect sensitive personal data (also known as "special category" data) as defined under UK GDPR, and we ask that you avoid submitting any such information through the App.

5. How We Collect Your Data

We collect your data in the following ways:

• Directly from you — when you sign in to the App using your email address, and when you photograph or upload receipt images.
• Automatically — through Firebase Analytics and Firebase Crashlytics, which collect device identifiers, usage patterns, and crash/error logs as you use the App.

6. Device Permissions

The App requests the following device permissions. These are requested only to enable core App functionality and are not used for any other purpose.

• Camera — to allow you to photograph receipts directly within the App.
• Photo library / media access — to allow you to select and upload existing receipt photos from your device.

No other device permissions are requested or used. You may revoke these permissions at any time through your device settings, though doing so may limit your ability to use certain features of the App.

7. How We Use Your Data

We use your personal data for the following purposes:

• To authenticate your identity and provide you with secure access to the App.
• To receive and process receipt images as part of the accountancy and bookkeeping services provided by LYA.
• To monitor and improve the performance, stability, and usability of the App through crash reports and usage analytics.
• To communicate with you regarding your account or the services we provide, where necessary.

We will not use your personal data for automated decision-making or profiling.

8. Third-Party Services

To deliver the App, we use the following third-party services. Each acts as a sub-processor under appropriate contractual arrangements.

8.1 Firebase (Google LLC)

Firebase, operated by Google LLC, provides the following infrastructure services within the App:

• Firebase Authentication — manages passwordless email login flows.
• Firebase Storage — stores receipt images you upload.
• Firebase Analytics — collects anonymised usage data to help us improve the App.
• Firebase Crashlytics — collects crash and error data to help us identify and fix technical issues.

All data processed via Firebase is stored on Google Cloud infrastructure in the eu-west-2 (London) region. No personal data is transferred outside the United Kingdom or the European Economic Area via this service.

Google LLC's privacy policy is available at: https://policies.google.com/privacy

8.2 Brevo (Sendinblue SAS)

Brevo, an EU-based email delivery platform, is used solely to send passwordless login emails to you when you request access to the App. Brevo processes your email address for this purpose only.

Brevo is subject to EU GDPR and operates in accordance with its own privacy policy, available at: https://www.brevo.com/legal/privacypolicy/

9. Data Storage and Security

All personal data collected through the App is stored on Google Cloud / Firebase infrastructure in the eu-west-2 (London) region. This means all data remains within UK and EU jurisdiction and is not subject to international data transfer restrictions under UK GDPR.

We take appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include:

• Passwordless authentication to eliminate password-related security risks.
• Encrypted data transmission using TLS/HTTPS.
• Access controls limiting LYA staff access to submitted data on a need-to-know basis.
• Contractual obligations placed on all data processors and sub-processors.

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we will notify you and the relevant authorities in the event of a data breach where required by law.

10. Data Sharing

We share your personal data only as described below. We do not sell, rent, or otherwise disclose your personal data to any third party for their own commercial purposes.

• LYA staff — to access and process submitted receipts as part of the accountancy service.
• Google LLC (Firebase) — as the infrastructure and technical services provider.
• Brevo (Sendinblue SAS) — to send passwordless login emails.
• M24 Media Ltd — as the App developer acting as a Data Processor under a DPA with LYA.

We may also disclose your personal data where required to do so by law, regulation, legal process, or governmental or regulatory authority request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

11. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected.

• Receipt images — automatically deleted after 30 days from the date of upload.
• User account data (email address) — retained until your account is deleted.
• Analytics and crash log data — retained in accordance with Firebase's standard retention settings.

You may delete your account at any time. See Section 12 below for details of your rights and how to exercise them.

12. Your Rights Under UK GDPR

You have the following rights in relation to your personal data. To exercise any of these rights, please contact us at management@loveyouraccountants.com. We will respond to your request within one calendar month.

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may ask us to correct any inaccurate or incomplete personal data we hold about you.
• Right to erasure — you may request that we delete your personal data. You can also delete your account directly within the App at any time.
• Right to restrict processing — you may ask us to pause processing of your data in certain circumstances.
• Right to data portability — you may request your data in a structured, machine-readable format.
• Right to object — you may object to processing of your data based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
• Right not to be subject to automated decisions — we do not carry out automated decision-making or profiling.

Deleting Your Account

You may delete your account at any time by using the account deletion feature within the App, or by contacting us at management@loveyouraccountants.com. Upon deletion, your account data will be removed. Receipt images are subject to the 30-day automatic deletion policy described above.

Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:

• Website: https://ico.org.uk/make-a-complaint/
• Phone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us at management@loveyouraccountants.com in the first instance.

13. Cookies and Tracking Technologies

The App does not use browser cookies. Firebase Analytics and Firebase Crashlytics use device-level identifiers for analytics and crash reporting purposes, as described in Section 4. These are used solely to understand app performance and usage patterns and are not used for advertising.

14. Children's Privacy

The App is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data without parental consent, please contact us at management@loveyouraccountants.com and we will take steps to delete that information promptly.

15. Links to Third-Party Services

This policy applies only to the Love Your Accountants App. The App interacts with third-party services (such as Firebase and Brevo) whose privacy practices are governed by their own privacy policies, linked in Section 8. We are not responsible for the privacy practices of those services beyond our contractual obligations with them as data processors.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Where we make material changes, we will notify you within the App and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of the App after any changes have been notified constitutes your acceptance of the updated policy.

17. Contact Us

For any questions, requests, or concerns about this Privacy Policy or how we handle your personal data, please contact:

Love Your Accountants Limited
Email: management@loveyouraccountants.com
Website: https://loveyouraccountants.com

This Privacy Policy was drafted to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It should be reviewed by a qualified legal professional before publication to ensure it meets all current regulatory requirements applicable to your specific business circumstances.