Rooby

Privacy Policy

Last updated: April 2026

1. Who we are

Kaizen Solutions UK ("we", "us", "our") operates Rooby. We are the data controller for personal data processed through this service. To contact us about data privacy: adam@kaizensolutionsuk.com.

2. What data we collect

We collect and process the following categories of data:

  • Account data: your name, company name, email address, and login credentials (passwords are hashed; we do not store them in plain text).
  • Xero financial data: profit & loss figures, balance sheet entries, VAT return data, and organisation details drawn from your connected Xero account via the Xero API.
  • Usage data: log data including IP addresses, browser type, pages visited, and timestamps, collected automatically when you use Rooby.

We do not collect payment card details. We do not sell your data to third parties.

3. How we use your data

We use your data to:

  • Provide the Rooby service — calculate and display tax deadlines and estimates
  • Maintain the security and integrity of the platform
  • Comply with legal obligations

4. Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Contract: processing necessary to provide the Rooby service to you.
  • Legitimate interests: security monitoring, fraud prevention, and service improvement.

5. Data storage and security

Your data is stored in the European Union using Supabase (PostgreSQL). We use industry-standard encryption in transit (TLS) and at rest. Xero OAuth tokens are stored securely and used only for API access.

We retain your data for as long as you have an active account, and for up to 6 years after account closure to comply with HMRC record-keeping requirements.

6. Third parties

We share data with the following sub-processors:

  • Supabase — database and authentication (EU hosting)
  • Xero — accounting data source (OAuth read access)
  • Vercel — application hosting

We do not share your financial data with any other third parties.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request erasure of your data (subject to legal retention requirements)
  • Object to processing or request restriction
  • Data portability
  • Withdraw consent for marketing at any time

To exercise any of these rights, email adam@kaizensolutionsuk.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Rooby uses strictly necessary cookies for authentication (session management via Supabase). We do not use tracking, advertising, or analytics cookies.

9. Changes to this policy

We may update this policy periodically. The "last updated" date above will reflect any changes. Material changes will be communicated by email.

Terms of Service · Back to dashboard