Privacy Policy

Last updated: December 2025

1. Introduction

SME Solutions ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business tools and services.

We are registered as a data controller with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Password (stored securely using bcrypt hashing)
  • Subscription and billing information

2.2 Audit Data

When you run compliance audits, we collect:

  • URLs of websites you audit
  • Screenshots and HTML captures for analysis
  • Cookie data found on audited websites
  • Audit results and compliance scores

2.3 Technical Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Usage data and access times

3. Legal Basis for Processing

We process your personal data based on:

  • Contract: To provide the services you've requested
  • Legitimate interests: To improve our service and prevent fraud
  • Legal obligation: To comply with applicable laws
  • Consent: For marketing communications (where applicable)

4. How We Use Your Information

We use your information to:

  • Provide and maintain our compliance auditing service
  • Process your subscription and payments
  • Send service-related communications
  • Generate compliance reports and recommendations
  • Improve and optimize our service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers: Hosting, payment processing, and analytics providers
  • Legal authorities: When required by law or to protect our rights
  • Business transfers: In connection with a merger or acquisition

All third-party processors are contractually bound to protect your data and process it only as instructed by us.

6. Data Retention

We retain your data for:

  • Account data: Until you delete your account, plus 30 days
  • Audit reports: 12 months from creation (or longer for paid accounts)
  • Billing records: 7 years (as required by UK tax law)
  • Server logs: 90 days

7. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, common format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@smesolutions.uk. We will respond within one month as required by law.

8. Cookies

We use the following cookies:

  • Essential cookies: Required for authentication and security
  • Functional cookies: To remember your preferences

We do not use third-party tracking or advertising cookies. As a compliance auditing platform, we practice what we preach.

9. Data Security

We implement appropriate security measures including:

  • Encryption in transit (TLS 1.3) and at rest
  • Secure password hashing (bcrypt)
  • Regular security assessments
  • Access controls and audit logging
  • Data hosted in UK/EU data centres

10. International Transfers

Your data is primarily processed and stored within the UK and European Economic Area. If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries or to exercise your rights:

Email: privacy@smesolutions.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113