Privacy Policy
Last updated: 9 June 2026
1. Who we are
TradeTally is operated by Simon Holyland trading as Sima Digital, a sole trader registered in the United Kingdom.
Registered address for legal correspondence: Office 15999, 182-184 High Street North, East Ham, London, E6 2JA, United Kingdom
Email: [email protected]
ICO registration number: ZC167882
We are the data controller for personal data processed through TradeTally.
2. What data we collect
Account data: Your name, email address, and password (hashed) when you sign up.
Business data: Business name, address, phone number, trade type, and VAT details you provide in settings.
Financial data: Invoices, quotes, expenses, payments, customers, suppliers, and receipts you create within the app. This data belongs to you.
Usage data: Log data including IP addresses, browser type, pages visited, and actions taken in the app, collected to maintain security and improve the service.
Communications: Emails you send to our support address and support ticket messages.
Payment data: We do not store card details. Payments are processed by Stripe; their privacy policy applies to payment data.
3. How we use your data
We use your data to:
- Provide and maintain the TradeTally service
- Send transactional emails (invoice confirmations, password resets, account notices)
- Send service-related emails and onboarding sequences you can unsubscribe from at any time
- Provide customer support
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations (including HMRC MTD API requirements)
- Improve the service through aggregated, anonymised analytics
We do not sell your data to third parties. We do not use your financial data for advertising.
4. Legal basis for processing (UK GDPR)
Contract: Processing necessary to provide the service you signed up for (Art. 6(1)(b)).
Legitimate interests: Security monitoring, fraud prevention, service improvement (Art. 6(1)(f)).
Legal obligation: Compliance with HMRC MTD requirements and applicable UK law (Art. 6(1)(c)).
Consent: Marketing emails and non-essential cookies (Art. 6(1)(a)). You may withdraw consent at any time.
5. Cookies and analytics
We use cookies to keep you signed in and to understand how the service is used. See our Cookie Policy for full details.
We use Google Analytics 4 with consent mode. Analytics cookies are only set after you accept them through the consent banner. Microsoft Clarity follows the same consent setting.
6. Third-party services
We share data with the following third parties only as necessary to operate the service:
- Stripe: payment processing (UK/EU data residency)
- RevenueCat: subscription management
- Postmark / SMTP: transactional email delivery
- Google Analytics 4: anonymised usage analytics (consent-gated)
- Microsoft Clarity: session analytics (consent-gated)
- Trustpilot: reviews widget (consent-gated)
- HMRC: MTD API submissions, only when you authorise a connection
- OpenAI: receipt OCR (anonymised receipt image data only; not linked to your account in OpenAI's system)
We do not transfer your data outside the UK/EEA except where the above processors have adequate safeguards in place (Standard Contractual Clauses or UK adequacy decisions).
7. Data retention
We retain your account and financial data for as long as your account is active, plus 90 days after closure to allow reactivation.
After 90 days following account closure, personal data is deleted. Financial records required for tax compliance may be retained in anonymised form.
Support ticket messages are retained for 2 years.
Server logs are retained for 90 days.
8. Your rights
Under UK GDPR you have the right to:
- Access: request a copy of your personal data
- Rectification: correct inaccurate data
- Erasure: request deletion of your data ("right to be forgotten")
- Portability: export your financial data in CSV/Excel format (available in Settings)
- Restriction: restrict processing in certain circumstances
- Object: object to processing based on legitimate interests
- Withdraw consent: withdraw consent at any time for consent-based processing
To exercise any right, email [email protected]. We will respond within 30 days. Account deletion is also available directly in Settings → Account.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Security
We use industry-standard measures including HTTPS/TLS encryption, bcrypt password hashing, rate limiting, and regular security reviews. Financial data is stored in an encrypted PostgreSQL database with nightly encrypted backups.
No system is perfectly secure. If you discover a security issue please email [email protected].
10. Children
TradeTally is not directed at children under 18. We do not knowingly collect data from anyone under 18.
11. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email and/or an in-app banner at least 14 days before taking effect. The date at the top of this page shows when it was last updated.
12. Contact
Data protection enquiries: [email protected]
General: [email protected]
Post: Office 15999, 182-184 High Street North, East Ham, London, E6 2JA, United Kingdom