Last updated: 2026-03-10

Website Privacy Notice

This notice covers only the website and website-related communication. It does not cover payout sync or Xero posting, which is covered in the Service Privacy Notice.

Controller and purpose

• Controller: SALES TO ACCOUNTS SOFTWARE LTD.
• Company number: SC881421.
• Registered office: 3 Hill Street, Edinburgh, Scotland, EH2 3JP.
• ICO registration: Registered with the Information Commissioner's Office (ICO).
• ICO registration number: ZC102490.
• Purpose: website operation and enquiry handling.

Data processed

• Access metadata (IP address, browser version, device type, session timestamps).
• Email addresses, names, and message content sent via the website question form or enquiry email.
• If operational website measurement is enabled, minimal page, CTA, referrer-domain, UTM attribution, and short-lived session identifier data.

Cookies and similar technologies

• The website currently uses only essential or exempt cookies and similar technologies.
• A basic appearance preference, such as theme, may be stored on your device.
• No optional analytics or marketing cookies are used by default.
• If operational website measurement is enabled, it uses first-party delivery and session-scoped storage rather than optional analytics cookies, and non-allow-listed query parameters are stripped before capture.
• See the cookies page for the current website-level explanation.

Why processed

• Keep the site secure.
• Respond to enquiries.
• Route website question submissions for email follow-up.
• Meet records and legal obligations.
• Manage abuse prevention and fraud prevention where possible.
• Understand high-level website demand and request-access intent without capturing enquiry body content.

Processors

• Cloudflare (CDN, DNS, TLS, website intake endpoint processing, and minimal intake audit storage) - https://www.cloudflare.com/privacypolicy/
• Google Workspace (email communication and secure handling) - https://workspace.google.com/terms/user_privacy_and_security/

Lawful basis

• Legitimate interests for secure and reliable operation.
• Contract where communication relates to service work.
• Legal obligation where retention is required.

Retention

• Website enquiry records, including website question submissions: 12 months after last correspondence (unless we need it longer to handle a dispute or legal hold).
• Access and security logs: 30 days (rolling).

International transfers

• Data is processed by Cloudflare and Google via their standard infrastructure and contractual transfer mechanisms.
• If transfer terms change, the privacy updates page is updated before rollout and linked below.

Deletion and retention enforcement

• Website enquiries are removed after the retention period in this notice unless a legal obligation requires retention.
• Enquiry attachments are deleted once the ticket is closed.
• Website access and security logs are minimised to the stated retention period and then deleted.

Incident and support handling

• Security incidents and abuse reports are processed via the security and support contacts on the contact page.
• We share only incident-relevant data with service providers needed for investigation and do not use those data for marketing.

Rights

• UK GDPR rights to access, correction, objection, erasure, and portability where applicable.
• Privacy contact: info@salestoaccounts.co.uk.
• You may complain to the ICO if unresolved.

Updates

• We update this notice when required.

Privacy enquiries: info@salestoaccounts.co.uk