Last updated: 2026-03-10

Service Privacy Notice

This notice covers SaaS processing for payout/settlement posting only between supported commerce platforms and supported accounting platforms.

Service terms and privacy reference the integrations page as the authoritative current list of supported commerce platforms and supported accounting platforms. Currently: eBay Managed Payments -> Xero.

Current supported configuration is UK sole traders only on eBay Managed Payments -> Xero, non-VAT only, cash basis, single entity / single Xero organisation, and GBP only with Xero base currency GBP. The service is designed for straightforward bookkeeping without stock, inventory, or cost-of-goods handling. VAT workflows and broader accrual workflows are not supported.

Processor identity

• Processor: SALES TO ACCOUNTS SOFTWARE LTD.
• Company number: SC881421.
• Registered office: 3 Hill Street, Edinburgh, Scotland, EH2 3JP.
• ICO registration: Registered with the Information Commissioner's Office (ICO).
• ICO registration number: ZC102490.

Roles

• Customer is the data controller.
• SalesToAccounts is the data processor.
• Customer is the controller for records in their own systems and service output.

Data we process

• Tenant identity and account linkage:
  • Customer account identifiers
  • Tenant ID
  • Email addresses and names provided for service and support context
• Commerce data:
  • Payout identifiers, settlement references, payment amounts, and currency codes (currently GBP only)
  • Bank payout batch references and reconciliation status
  • Limited buyer references where required for duplicate detection and reconciliation accuracy
• Accounting data:
  • Destination account references
  • Journal payload identifiers and posting references
• Operational data:
  • Job identifiers
  • Retry state
  • Processing outcome and error context
  • Support case details

Buyer PII minimisation

We do not process buyer names, emails, phone numbers, or full shipping addresses as a product feature. For payout-level journal creation, buyer PII is not required and is not included in destination journal payloads. If buyer identifiers are present in source payloads, we drop and filter them, retaining only the minimum data needed for deduplication and reconciliation. We do not use buyer PII for advertising, lead generation, or any commercial profiling.

Why we process it

• Run scheduled payout sync jobs.
• Build payout-level posting payloads for the accounting destination.
• Post to the configured destination platform.
• Investigate incidents and support requests.
• Maintain reliability, traceability, and security.
• Meet legal and contractual record obligations.

Lawful basis

• Contract for service delivery.
• Legitimate interests for security and reliability.
• Legal obligations where records retention applies.

Retention

• Payout and posting logs: Line-level payout details: 12 months. Derived payout summaries and posting references (eg payout IDs, journal IDs, totals): 24 months (unless we need longer for a dispute or legal hold).
• Security and incident logs: 24 months after incident closure (or last activity).
• Support records: 24 months after ticket closure.
• Retry and operational logs: 30 days (rolling).
• Integration credentials: Access-token cache: up to 24 hours. Refresh tokens: stored while the integration remains connected and deleted within 7 days of disconnect (unless we need longer for a dispute or legal hold).

Sharing and transfers

• Shared only with listed subprocessors and required platform endpoints.
• This repo confirms website delivery on Cloudflare Pages; service integrations send data only to connected supported platforms as authorised by the tenant.
• Core service hosting, database, queue, and logging vendor details are listed in the Subprocessors page.
• Connected supported platforms process data under their own platform terms and regional infrastructure and may act as independent controllers/processors for their services.
• If a subprocessor or region changes, we update the Subprocessors page and this notice before rollout.

Deletion and disconnect

• On disconnect request, we immediately revoke grant tokens and block future scheduled runs.
• Non-live durable data is deleted after required operational retention periods and within the service deletion window stated in this notice.
• Any data in signed-off support tickets is retained only as long as required for audit and dispute handling.
• Customers can request earlier deletion for records that are not under statutory retention.

To request disconnect and deletion, email:

• support@salestoaccounts.co.uk

Incident and support handling

• Data handling for incidents follows our responsible disclosure process and documented post-incident review.
• Support access is limited to case-by-case ticket handling and cannot use support records for non-service purposes.
• We do not retain extra copies of incident-sensitive payloads beyond the retention terms above.

No marketing use

• We do not use service data for customer marketing segmentation or sales outreach.

Rights

• Controller-level rights are handled by customer.
• Privacy contact: info@salestoaccounts.co.uk

Complaints

• If you are unhappy with how we handle personal data, you may complain to the ICO at ico.org.uk. We would appreciate the chance to address your concerns first.