Privacy Policy

Version: 2.0

Last Updated: 23rd February 2026

This Privacy Policy explains how Tweed Tyne Technologies Ltd (“Company”, “we”, “us”, “our”) collects, uses, processes, stores, and protects personal data when you use BizHub365, including:

The website at https://bizhub365.com;
Web dashboards and APIs;
iOS applications distributed via the Apple App Store;
Android applications distributed via Google Play.

1. Data Controller

Tweed Tyne Technologies Ltd
5 South Charlotte Street
Edinburgh, Scotland, EH2 4AN

Contact: https://bizhub365.com/support

For the purposes of UK GDPR and EU GDPR, we act as:

Data Controller for account, billing, and platform data;
Data Processor where you upload tax or client data and we process it solely on your instructions.

2. Personal Data We Collect

We may collect the following categories of personal data:

Name
Email address
Telephone number (optional)
Billing and business address
Account credentials
Financial and tax-related information uploaded by you
Bank account and transaction data (where you choose to connect a bank account), such as account name/type, masked account identifiers, balances, transaction dates, amounts, merchant/descriptions, and related categories (if provided)
Technical logs (IP address, device type, browser type, timestamps)

We do not sell personal data.

3. Data We Do Not Intentionally Collect

Precise GPS location data;
Advertising identifiers;
Device contact lists;
Biometric data;
Special category data unless voluntarily uploaded by you.

4. Lawful Bases for Processing

Contractual necessity – to provide the Service;
Legal obligation – accounting and regulatory compliance;
Legitimate interests – platform security and service improvement;
Consent – where explicitly provided (including when you connect a bank account).

5. How We Use Personal Data

Provide and maintain the Service;
Process payments;
Enable HMRC integrations and Submissions;
Provide bank feed functionality (if enabled by you), including importing transactions and supporting reconciliation and reporting features;
Respond to support requests;
Prevent fraud and ensure security;
Comply with legal obligations.

6. Data Sharing

We may share data with the following processors and service providers:

Stripe (payment processing);
SMTP2GO (email delivery);
OpenAI, LLC (AI-powered financial statement analysis and document processing, where you choose to use AI-assisted features);
HMRC APIs (where you initiate a Submission);
Professional advisers, auditors, or regulators where required;
Law enforcement where legally compelled.

AI Processing (OpenAI API)

Where you choose to use AI-powered features (such as financial statement analysis, document interpretation, or summarisation tools), certain data you submit may be processed via the OpenAI API.

Purpose: Processing is limited to providing AI-assisted financial analysis and related features within the Service.
Processor Role: OpenAI acts as a data processor under contractual terms designed to include appropriate data protection safeguards.
Scope of Data: This may include financial statements, transaction summaries, and associated business data submitted by you for analysis.
No Credential Access: We do not transmit user passwords or authentication credentials to OpenAI.

We require all processors to implement appropriate administrative, technical, and organisational safeguards.

7. International Transfers

Where data is transferred outside the UK or EEA, we rely on adequacy regulations, International Data Transfer Agreements (IDTAs), or Standard Contractual Clauses (SCCs).

This may include transfers associated with third-party providers we use to deliver the Service (including OpenAI, where applicable), depending on where those providers operate and process data.

8. Data Retention

We retain data only as long as necessary for contractual, regulatory, accounting, or legitimate business purposes.

Account data may be retained for up to 6 years after closure where required for tax and legal compliance.

9. Security

We implement administrative, technical, and organisational safeguards designed to protect Personal Data appropriate to the nature of the Service.

Encryption in transit using TLS;
Encryption at rest within managed database and storage environments;
Role-based access controls and authentication safeguards;
Secure cloud hosting infrastructure;
Access logging and monitoring of security-relevant events;
Routine patching and maintenance of infrastructure components.

Definition (Encryption at rest):

“Encryption at rest” means data stored within persistent storage systems (such as databases and backups) is encrypted using provider-managed or application-managed encryption controls.

While we take reasonable steps to protect data, no system can guarantee absolute security. We do not guarantee that unauthorised access, cyber-attack, loss, or disclosure will never occur.

10. Data Breaches

In the event of a personal data breach, we will assess and notify the ICO and affected individuals where required by law.

11. Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects.

12. Your Rights

Under UK GDPR and EU GDPR, you may:

Request access;
Request correction;
Request deletion;
Object to processing;
Request restriction;
Request data portability.

Requests can be submitted via: https://bizhub365.com/support

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

13. Cookies

We use essential session cookies strictly required for authentication and Service functionality. We do not use advertising or behavioural tracking cookies.

14. Children’s Privacy

The Service is not intended for children under 13. We do not knowingly collect data from children.

15. Changes to This Policy

We may update this Privacy Policy periodically. Continued use of the Service constitutes acceptance of updates.

16. Contact

Tweed Tyne Technologies Ltd
5 South Charlotte Street
Edinburgh, Scotland, EH2 4AN
https://bizhub365.com/support