Pocket Bookkeeper Pro

1. Introduction & Data Controller Responsibility

Welcome to Pocket Bookkeeper Pro. We unequivocally act as your primary Data Controller. This means we are formally and legally responsible for protecting your personal data strictly under the parameters governed by the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Process, Why We Process It, and Our Lawful Basis

Under UK GDPR Article 6, our explicit 'Lawful Basis' for processing your personal data is (a) 'Contract' (to physically provide the SaaS accounting capabilities you subscribed to), and (b) 'Legal Obligation' (to ensure our architectural compliance with Tax Authority Digital Record Keeping mandates). What data do we process? We securely process narrow Identity Data (Name, Email) for biometric session authentication, and direct Financial Submittals (Scanned receipts, invoices, ledger calculations). Why? Exclusively to automate your accounting ledgers and generate mathematically accurate Tax Authority submissions. We never monetize, sell, or train public AI models on your independent data.

3. How We Process Your Data (Third-Parties)

In order to provide our 'Smart AI Engine' service, we actively rely on the following secure data architectures as Data Sub-Processors:

Google Firebase: Used exclusively for highly-encrypted cloud storage architecture (AES-256 at rest) and biometric identity Authentication synchronization across your sessions.
Google Gemini AI: Utilised solely as a rigid text-extraction engine natively reading your uploaded receipts to calculate dynamic Tax Authority allowances automatically. Our AI algorithms do NOT physically permanently store your financial data nor do they train public dataset models dynamically based off your invoices.
Stripe, Inc: Manages secure PCI-compliant recurring billing architectures handling your subscription payments natively on their servers.

4. Your Legal Rights (Right to be Forgotten)

Under formal explicit UK GDPR rules, you natively maintain the physical right to demand immediate access, erasure, and restriction of your cloud data. You may execute an aggressive 'Right to be Forgotten' destructive deletion sequence wiping all active cloud records permanently by simply verifying your credentials globally inside your Account Security Settings and selecting 'Obliterate Account Forever'.

5. Automated Deletion & Portability

In the event you physically terminate your identity, your core encrypted Firebase Storage vaults, your Universal Ledgers, and your active Stripe recurring subscription nodes will automatically trigger explicit cancellation and destruction routines completing the cascade natively in milliseconds. We legally compel you to backup natively to Excel (`.xlsx`) via the Ledger page before initiating.

6. Security & Encryption