Privacy Policy

Last updated: June 2026

Servio One ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business management software and website.

1. Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us, including:

• Name and contact details (email address, phone number, postal address)
• Company name and job title
• Account credentials (username and password)
• Payment information (processed securely through our payment providers)
• Any other information you choose to provide

Usage Data

We automatically collect certain information when you use our services:

• IP address and browser type
• Device information and operating system
• Pages visited and features used
• Date and time of access
• Referring website addresses

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send administrative information, updates, and security alerts
• Respond to your comments, questions, and support requests
• Communicate with you about products, services, and events
• Monitor and analyse usage trends and preferences
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations

Our lawful bases for processing (UK GDPR)

We are the data controller responsible for protecting your personal data. We rely on the following lawful bases under Article 6 of the UK GDPR:

• Contract: to provide and operate the software and your account, and to deliver the services you have requested.
• Legal obligation: to meet legal and regulatory requirements, including submitting Making Tax Digital information and the required fraud-prevention header data to HMRC, and retaining tax records for the periods required by law.
• Legitimate interests: to secure our services, prevent fraud, maintain audit logs, and improve our products — balanced against your rights and freedoms.
• Consent: where we rely on your consent (for example certain communications), which you may withdraw at any time.

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service Providers: Third parties who perform services on our behalf (hosting, payment processing, analytics)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you have given us permission to share

4. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Reporting a security issue

If you are a customer or third party and need to report a security risk, vulnerability, or incident, please contact us at [email protected]. Our security disclosure details are also published at /.well-known/security.txt. We aim to acknowledge reports promptly and investigate without delay.

5. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law. When data is no longer needed, we securely delete or anonymise it.

6. Your Rights (GDPR)

Under the UK GDPR and Data Protection Act 2018, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request restriction of processing
• Portability: Request transfer of your data to another provider
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at [email protected].

7. Cookies

We use cookies and similar tracking technologies. For more information, please see our Cookie Policy.

8. International Transfers

Your data is stored on servers located in the United Kingdom and European Union. We do not transfer personal data outside of the UK/EEA unless appropriate safeguards are in place.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Making Tax Digital (HMRC) Integration

Where you use our software to meet your obligations under HMRC's Making Tax Digital (MTD) for VAT and/or Income Tax, we connect to HMRC's APIs and submit information to HMRC on your behalf. For this purpose we process:

• Your VAT Registration Number (VRN) and/or National Insurance Number (NINO)
• Business identifiers and accounting period dates
• The financial figures you enter or import for your returns and quarterly updates (for example VAT box values, turnover, income and expenses)
• OAuth authorisation tokens that allow us to submit to HMRC on your behalf (held securely and encrypted at rest)

Fraud prevention header data (required by HMRC)

HMRC's MTD rules require that, on every submission, we send technical "fraud prevention header" data describing the device and connection used. This may include your public IP address and timestamp, browser type and user agent, installed browser plugins, "Do Not Track" setting, screen and window size, time zone, a randomly generated device identifier, and a user identifier within our application. This data is collected solely to comply with HMRC's anti-fraud requirements and is transmitted to HMRC with your submissions. It is not used for advertising, profiling, or tracking your behaviour.

Who we share MTD data with

This information is transmitted to HM Revenue & Customs via HMRC's MTD APIs. Submissions are routed through our secure connection service operated at servio.one, which manages the HMRC connection and authorisation on our behalf. We are registered with the UK Information Commissioner's Office (ICO registration number C1951671).

Retention

Tax submissions, the associated fraud prevention data, and related records are retained for at least the period HMRC requires for tax records (generally a minimum of 6 years). Some of this data must be retained to meet legal obligations and cannot be erased on request while that obligation applies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Servio One
6th Floor
37 Lombard Street
London, EC3V 9BQ
Email: [email protected]
Phone: 020 4634 7615