Privacy Policy
1. Who we are
Kaizen Solutions UK ("we", "us", "our") operates Rooby. We are the data controller for personal data processed through this service. To contact us about data privacy: adam@kaizensolutionsuk.com.
2. What data we collect
We collect and process the following categories of data:
- Account data: your name, company name, email address, and login credentials (passwords are hashed; we do not store them in plain text).
- Xero financial data: profit & loss figures, balance sheet entries, VAT return data, and organisation details drawn from your connected Xero account via the Xero API.
- Usage data: log data including IP addresses, browser type, pages visited, and timestamps, collected automatically when you use Rooby.
We do not collect payment card details. We do not sell your data to third parties.
3. How we use your data
We use your data to:
- Provide the Rooby service — calculate and display tax deadlines and estimates
- Maintain the security and integrity of the platform
- Comply with legal obligations
4. Legal basis for processing
Under UK GDPR, we rely on the following legal bases:
- Contract: processing necessary to provide the Rooby service to you.
- Legitimate interests: security monitoring, fraud prevention, and service improvement.
5. Data storage and security
Your data is stored in the European Union using Supabase (PostgreSQL). We use industry-standard encryption in transit (TLS) and at rest. Xero OAuth tokens are stored securely and used only for API access.
We retain your data for as long as you have an active account, and for up to 6 years after account closure to comply with HMRC record-keeping requirements.
6. Third parties
We share data with the following sub-processors:
- Supabase — database and authentication (EU hosting)
- Xero — accounting data source (OAuth read access)
- Vercel — application hosting
We do not share your financial data with any other third parties.
7. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request erasure of your data (subject to legal retention requirements)
- Object to processing or request restriction
- Data portability
- Withdraw consent for marketing at any time
To exercise any of these rights, email adam@kaizensolutionsuk.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
Rooby uses strictly necessary cookies for authentication (session management via Supabase). We do not use tracking, advertising, or analytics cookies.
9. Changes to this policy
We may update this policy periodically. The "last updated" date above will reflect any changes. Material changes will be communicated by email.