⚠️ DRAFT — Review with a qualified UK solicitor before publishing. Placeholders in {{ }} must be completed.

Privacy Policy

This Privacy Policy explains how AutoChase ("we", "us", "our") collects, uses, stores, and protects personal data when you use AutoChase at autochase.app. We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018.

Privacy contact: privacy@autochase.app

1. Data We Collect

1.1 Account Information

1.2 Invoice and Client Data

1.3 Billing Data

Payment processing is handled by Paddle.com Market Ltd as the Merchant of Record. We do not store full card numbers or payment credentials. We receive from Paddle: subscription status, subscription ID, customer ID, and transaction references. Paddle's own privacy policy governs how Paddle handles your payment data: paddle.com/legal/privacy.

1.4 Usage and Technical Data

2. Legal Basis for Processing

Purpose Legal basis
Providing the Service (account, invoices, reminders)Performance of a contract (Art. 6(1)(b) UK GDPR)
Processing subscription payments via PaddlePerformance of a contract
Security, fraud prevention, error monitoringLegitimate interests (Art. 6(1)(f))
Product analytics and service improvementLegitimate interests
Marketing communications (if you opt in)Consent (Art. 6(1)(a))
Legal and regulatory complianceLegal obligation (Art. 6(1)(c))

3. How We Use Your Data

4. Sub-processors and Third Parties

We share data with the following sub-processors only to the extent necessary to provide the Service:

Processor Purpose Location
Coolify (self-hosted)Application hosting and infrastructureconfirm server region with us
SupabaseDatabase hosting (PostgreSQL)AWS ap-southeast-1 (Singapore) — confirm with us if EU residency is required
ResendTransactional email deliveryUSA (SCCs apply)
Paddle.com Market LtdPayment processing and subscription billing (Merchant of Record)United Kingdom
Sentry (Functional Software Inc.)Error monitoring (PII scrubbing enabled — no invoice amounts, client emails, or card data transmitted)USA (SCCs apply)
GoogleOAuth sign-in (if you choose "Continue with Google")USA (SCCs apply)

We do not sell personal data to third parties. We do not use personal data for advertising.

5. International Transfers

Some of our sub-processors are located outside the UK/EEA. Where this is the case, we rely on Standard Contractual Clauses (SCCs) approved by the ICO/European Commission, or the UK International Data Transfer Agreement (IDTA), to ensure an adequate level of protection for your data.

6. Data Retention

7. Your Rights Under UK GDPR

You have the right to:

To exercise any of these rights, email privacy@autochase.app. We will respond within 30 days. We may need to verify your identity before processing your request.

8. Security

9. Cookies

We use the following cookies:

We do not use advertising, tracking, or analytics cookies. No third-party marketing scripts are loaded on authenticated pages.

10. Children's Data

The Service is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a child has provided us with personal data, contact us at privacy@autochase.app and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email at least 14 days before they take effect. The "last updated" date at the top of this page indicates when changes were last made.

12. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the supervisory authority for data protection in the UK:
ico.org.uk/make-a-complaint  ·  0303 123 1113

13. Contact

For any privacy questions or data subject requests:
Email: privacy@autochase.app