Privacy Policy

Effective Date: 15 January 2026
Last Updated: 15 January 2026

1. Introduction

BusinessExpert (UK) Ltd (trading as Offlode) (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered practice management platform, including our document collection services, AI receptionist, and WhatsApp Business messaging services.

This policy applies to all users of Offlode services, including accounting firms (our clients) and their end clients who interact with our platform.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, business name, and billing information
  • Documents: Financial documents, receipts, invoices, and other files you upload or send to us
  • Communication Content: Messages, emails, SMS, and WhatsApp conversations with our AI receptionist and document collection services
  • Voice Data: Call recordings and transcripts when you interact with our AI receptionist service

2.2 Information Collected Automatically

  • Usage Data: How you interact with our platform, including features accessed and time spent
  • Device Information: IP address, browser type, device type, and operating system
  • Log Data: Access times, pages viewed, and actions taken within the platform
  • Cookies and Similar Technologies: We use cookies to maintain sessions and improve user experience

2.3 Information from Third-Party Integrations

  • Xero Integration: Bank transactions, supplier information, and accounting data accessed through your Xero account with your explicit authorisation
  • Calendar Services: Availability and appointment information from Google Calendar or Outlook Calendar with your permission
  • WhatsApp Business API: Message delivery status, read receipts, and metadata associated with WhatsApp communications

3. How We Use Your Information

3.1 Service Delivery

  • Automate document collection and chasing processes
  • Process and forward documents to your accounting software
  • Provide AI receptionist services including call answering, message taking, and appointment scheduling
  • Send automated reminders via email, SMS, and WhatsApp
  • Match uploaded documents to accounting transactions
  • Extract information from documents using OCR and AI technology

3.2 Communication

  • Send service-related notifications and updates
  • Respond to your enquiries and support requests
  • Send marketing communications (with your consent, which can be withdrawn at any time)
  • Facilitate communication between accounting firms and their clients

3.3 Platform Improvement

  • Analyse usage patterns to improve our services
  • Train and improve our AI models (using anonymised data only)
  • Conduct research and development
  • Troubleshoot technical issues

3.4 Legal and Security

  • Comply with legal obligations including Anti-Money Laundering (AML) and Making Tax Digital (MTD) requirements
  • Detect and prevent fraud, abuse, and security incidents
  • Enforce our Terms of Service
  • Protect the rights, property, and safety of Offlode, our users, and the public

4. WhatsApp Business Messaging

4.1 WhatsApp-Specific Practices

When you communicate with us via WhatsApp Business API:

  • We use WhatsApp’s Business API to send and receive messages
  • Messages are end-to-end encrypted by WhatsApp
  • We collect message content, delivery status, and read receipts
  • We store message history to provide continuous service and maintain context
  • You may opt out of WhatsApp communications at any time by replying “STOP”
  • We comply with WhatsApp’s Business Policy and Commerce Policy

4.2 WhatsApp Data Retention

WhatsApp messages are retained for the duration necessary to provide our services and as required for legal compliance. You may request deletion of your WhatsApp conversation history at any time.

4.3 Your WhatsApp Rights

You have the right to:

  • Opt out of WhatsApp communications
  • Request a copy of your WhatsApp message history
  • Request deletion of your WhatsApp data
  • Block our WhatsApp Business number

5. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To provide the services you’ve requested
  • Legitimate Interests: To improve our services, prevent fraud, and ensure platform security
  • Legal Obligation: To comply with AML, MTD, tax, and other legal requirements
  • Consent: For marketing communications and certain data processing activities (which you may withdraw at any time)

6. How We Share Your Information

6.1 Service Providers

We share data with trusted third-party service providers who assist in operating our platform:

  • Cloud Infrastructure: Amazon Web Services (AWS) – hosting and storage in the EU (London) region
  • Communication Services: Twilio (SMS/WhatsApp), SendGrid (email)
  • AI Services: Voice AI providers, OCR processors (using data processing agreements)
  • Accounting Integration: Xero (with your authorisation)
  • Payment Processing: Payment processors for billing (stored and processed securely)

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 Between Accounting Firms and Their Clients

When an accounting firm uses Offlode to communicate with their clients, we facilitate this communication. The accounting firm and their client are both aware of and consent to this data sharing.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., HMRC, courts, or law enforcement).

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

6.5 With Your Consent

We may share your information for other purposes with your explicit consent.

7. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption in transit (TLS/SSL) and at rest
  • Access controls and authentication mechanisms
  • Regular security audits and penetration testing
  • Secure data centres in the EU (London region)
  • Employee training on data protection
  • Data processing agreements with all sub-processors
  • Multi-tenant data isolation to prevent cross-organisation access

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained while your account is active and for 6 years after closure (to comply with UK accounting and tax requirements)
  • Financial Documents: Retained for 6 years in accordance with HMRC requirements
  • Communication Records: Retained for the duration of the service relationship and 6 years thereafter
  • Marketing Data: Retained until you withdraw consent
  • WhatsApp Messages: Retained for the duration necessary to provide service, typically 2 years, unless deletion is requested

9. Your Data Protection Rights (UK GDPR)

Under UK data protection law, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restrict Processing: Request limitation on how we use your data
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing activities that require consent
  • Right to Lodge a Complaint: File a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, please contact us using the details in Section 13.

10. International Data Transfers

Your data is primarily stored and processed in the United Kingdom and EU. If we transfer data outside the UK/EU, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK ICO
  • Adequacy decisions for the recipient country
  • Other legally approved transfer mechanisms

11. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the “Last Updated” date
  • Sending an email notification for significant changes
  • Requiring acceptance of the new policy before continued use (for material changes)

Your continued use of Offlode after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

Data Controller: BusinessExpert (UK) Ltd (trading as Offlode)

Company Number: 09048387 (England & Wales)

ICO Registration Number: ZA218741

Registered Office: BusinessExpert (UK) Ltd, Level 18, 40 Bank Street, London, England, E14 5NR, United Kingdom

Email: privacy@offlode.co.uk

Phone: [INSERT UK PHONE NUMBER]

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information above.

14. Regulatory Authority

If you believe we have not handled your personal data in accordance with UK data protection law, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline: 0303 123 1113
Website: www.ico.org.uk

15. Cookie Policy

15.1 What Are Cookies

Cookies are small text files placed on your device to collect standard internet log information and visitor behaviour information. We use cookies to improve your experience and understand how our platform is used.

15.2 Types of Cookies We Use

  • Essential Cookies: Required for the platform to function (e.g., authentication, security)
  • Performance Cookies: Help us understand how visitors interact with our platform
  • Functionality Cookies: Remember your preferences and settings
  • Analytics Cookies: Provide statistics on platform usage (anonymised)

15.3 Managing Cookies

You can control and delete cookies through your browser settings. However, disabling essential cookies may affect platform functionality.

This Privacy Policy is designed to comply with UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), WhatsApp Business API policies, and other applicable UK laws and regulations.

Last reviewed: 15 January 2026