Simple Version: We collect the information you need to use our invoicing service. We keep it safe. We don't sell it to anyone. You can ask us to delete it anytime.
1. Who We Are
Company: GK Tools Ltd
Website: invoicer.gk.tools
Contact: support@invoicer.gk.tools
We are a UK company registered in England. We provide simple invoicing software for tradespeople. This privacy policy explains how we handle your personal data in accordance with UK GDPR and Data Protection Act 2018.
2. What Information We Collect
Account Information
- Your name and email address
- Your business name and type of trade
- Bank details (account number and sort code) if you provide them
- Address details if you provide them
Customer Information (That You Enter)
- Your clients' names, addresses, and email addresses
- Invoice details (amounts, dates, descriptions)
- Insurance documents you upload
Payment Information
- Payment card details (processed securely by Stripe - we never see your full card number)
- Bank account details for Bacs Direct Debit (processed securely by Stripe - we never see your full account details)
- Subscription status and payment history
- Billing address
Technical Information
- IP address and browser type
- Pages you visit on our site
- Login dates and times
3. Why We Collect This Information
We collect your information for these reasons:
- To provide the service: We need your business details to create and send invoices on your behalf
- To process payments: We need payment details to manage your subscription
- To communicate with you: We send you login codes, important service updates, and respond to your queries
- To provide personalized insights: We use aggregated business statistics (e.g., revenue, invoice counts, client counts) with Google AI to generate helpful daily business insights for you
- To comply with the law: We keep financial records as required by UK tax law
- To improve the service: We look at how people use the service to make it better
Legal Basis: We process your data under "contract performance" (to provide the service you signed up for) and "legitimate interest" (to run and improve our business).
4. How Long We Keep Your Information
- Active accounts: We keep your data while your account is active
- After you cancel: We keep your data for 7 years after you close your account (UK tax law requirement for financial records)
- Login codes: Expire after 15 minutes, automatically deleted after 30 days
- Login attempts: Automatically deleted after 90 days
- Activity logs: Kept for 2 years for security and audit purposes, then automatically deleted
- Email logs: Kept for 2 years, then automatically deleted
- Marketing emails: Until you unsubscribe
We run automated data cleanup processes to ensure we don't keep data longer than necessary.
5. Who We Share Your Information With
We only share your information with these trusted third parties:
Stripe (Payment Processing)
We use Stripe to process all payments securely, including card payments and UK Bacs Direct Debit. They handle your payment details directly - we never see your full card number or bank account details. View Stripe's Privacy Policy
Google AI (Personalized Business Insights)
We use Google's Gemini AI to generate personalized daily business insights for you. We only share aggregated, non-sensitive business statistics (revenue totals, invoice counts, client counts, location, business type). We do NOT share: client names, email addresses, phone numbers, invoice line items, or payment details. Messages are generated fresh daily and not stored by Google. View Google's Privacy Policy
Email Service Provider
We use an email service to send you invoices and login codes. They only process emails on our instruction.
Web Hosting
Our website is hosted on secure UK servers. The hosting provider has access to data only for technical maintenance.
Important: We will never sell your data to anyone. We will never use it for advertising. We only share what's necessary to provide the service.
6. Your Rights Under UK GDPR
You have these rights over your personal data:
- Right to access: You can ask us for a copy of all the data we hold about you
- Right to rectification: You can ask us to correct any wrong information
- Right to erasure: You can ask us to delete your data (subject to legal requirements)
- Right to data portability: You can ask us to send your data to another service
- Right to object: You can object to how we use your data
- Right to restrict processing: You can ask us to limit how we use your data
To exercise these rights: Email us at support@invoicer.gk.tools. We'll respond as soon as possible.
7. How We Protect Your Information
We take security seriously and follow industry best practices:
- Encryption in transit: All data is encrypted using HTTPS/TLS with HSTS enforcement
- Encryption at rest: Sensitive data like bank details is encrypted using AES-256-GCM
- Passwordless authentication: We use secure one-time codes and passkeys instead of passwords, eliminating password-related risks
- Rate limiting: Login attempts are rate-limited to prevent brute force attacks
- Secure hosting: UK-based servers with regular security updates and monitoring
- Access control: Data access is restricted to essential personnel only
- PCI DSS compliance: Payment card data is handled by PCI DSS Level 1 compliant Stripe (we never see your card details)
- Security headers: We implement HSTS, CSP, X-Frame-Options, and other security headers
- Data retention: We automatically delete expired login codes, old login attempts, and other temporary data
8. Cookies and Tracking
Essential Cookies
These cookies are necessary for the website to function and cannot be switched off:
- Session Cookie (PHPSESSID): Keeps you logged in. Expires when you close your browser.
- Cookie Consent (cookie_consent): Remembers your cookie preference. Lasts 12 months.
- CSRF Token: Security protection against cross-site attacks. Lasts for your session.
Optional Cookies
These cookies help us improve Invoicer. You can choose to accept or decline them:
- Analytics (if you accept): We may add Google Analytics or similar in future to understand how people use Invoicer.
Managing Cookies
You can change your cookie preferences at any time:
- Click the "Cookie Settings" link in the footer of any page
- Clear cookies in your browser settings
- Use your browser's "Do Not Track" setting
9. Children's Privacy
Our service is for business users only. We don't knowingly collect information from anyone under 18. If you believe we've collected data from a child, please contact us immediately.
10. International Data Transfers
Your data is stored on UK servers. Some third-party services (like Stripe) may process data internationally, but only with appropriate safeguards in place as required by UK GDPR.
11. Changes to This Policy
We may update this privacy policy occasionally. If we make significant changes, we'll email you and update the "Last Updated" date at the top. Continued use of the service after changes means you accept the new policy.
12. How to Contact Us
If you have any questions about this privacy policy or how we handle your data:
Email: support@invoicer.gk.tools
We aim to respond promptly to all enquiries.
13. How to Complain
If you're unhappy with how we've handled your data, you have the right to complain to the UK's data protection authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk/make-a-complaint
Phone: 0303 123 1113
Bottom Line: Your data is yours. We're just looking after it while you use our service. We keep it safe, use it fairly, and will delete it if you ask (after meeting our legal obligations).