Maddock & Co.

Privacy Policy

Last updated: 20 June 2026

1. Who We Are

Maddock & Co. UK Ltd ("we", "us", "our") operates VAT Checker at vat.maddockandco.com. We are committed to protecting your personal data in accordance with UK GDPR and the Data Protection Act 2018.

2. Data We Collect

We collect the following personal data:

  • Account data: Name, email address, firm name
  • Client data: Client names, contact names, email addresses
  • Financial data: Turnover figures imported from Xero (no bank account numbers or payment details)
  • Usage data: Login timestamps, import history, alert history

3. How We Use Your Data

  • To provide the VAT Checker service
  • To send automated VAT threshold alert emails
  • To send service emails (account confirmation, password reset)
  • To notify you of data retention deadlines for archived clients
  • To improve the service

4. Legal Basis for Processing

We process your data on the basis of contractual necessity (to provide the service you have subscribed to) and legitimate interests (service improvement and security).

5. Data Storage and Security

Your data is stored securely using Supabase (hosted in the EU). We use industry-standard encryption for data in transit and at rest. Access to your data is restricted by row-level security policies.

6. Data Retention

Active account data is retained while your account is active. Archived client records are retained for 6 years in accordance with Companies Act record keeping requirements. On account termination, data is deleted within 30 days. You will always receive advance notice before any data is deleted.

7. Third Party Services

We use the following third party services:

  • Xero: Accounting data integration (read-only)
  • Supabase: Database and authentication
  • Vercel: Hosting and deployment
  • Resend: Email delivery

We do not sell your data to any third parties.

8. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability

To exercise these rights, contact us at info@maddockandco.com.

9. Cookies

We use only essential cookies required for authentication. We do not use tracking or advertising cookies.

10. Contact and Complaints

For privacy queries contact info@maddockandco.com. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

← Back to sign up