SME Pilot

Legal

Privacy Policy

Last updated: 1 January 2026

1. Introduction

SME Pilot (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the SME Pilot platform, website, and related services (collectively, the “Service”).

SME Pilot is the data controller for the personal data described in this policy. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, our data protection contact can be reached at [email protected].

2. Information we collect

We collect information in the following ways:

Information you provide directly. When you create an account, subscribe to the Service, or contact us, you provide information such as your name, email address, phone number, company name, job title, and billing details.

Client Data. In the course of using the Service, you may upload data relating to your clients, including names, contact details, financial records, and correspondence. You are the data controller for this Client Data, and we process it on your behalf as a data processor.

Usage data. We automatically collect information about how you use the Service, including pages visited, features used, session duration, IP address, browser type, operating system, and device information.

Cookies and similar technologies. We use cookies and similar tracking technologies to operate the Service, remember your preferences, and analyse usage patterns. See Section 9 for more information.

3. How we use your information

We use the personal data we collect for the following purposes:

  • To provide, maintain, and improve the Service.
  • To process payments and manage your Subscription.
  • To communicate with you about your account, the Service, and updates.
  • To provide customer support.
  • To detect, prevent, and address technical issues and security threats.
  • To comply with legal obligations and enforce our Terms of Service.
  • To analyse usage patterns and improve the user experience.

4. Legal basis for processing

We process your personal data on the following legal bases under the UK GDPR:

  • Contract performance: Processing necessary to perform our contract with you (providing the Service, processing payments, managing your account).
  • Legitimate interests: Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and communicating relevant updates to you, where those interests are not overridden by your rights.
  • Legal obligation: Processing necessary to comply with our legal obligations, such as tax and accounting requirements.
  • Consent: Where you have given specific consent to processing, such as for marketing communications. You can withdraw consent at any time.

5. Data sharing

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Service providers: Third-party companies that help us operate the Service, including cloud hosting providers, payment processors, email delivery services, and analytics providers. These providers process data on our behalf and are bound by contractual obligations to protect your data.
  • Professional advisers: Our accountants, lawyers, and auditors where necessary for the operation of our business.
  • Law enforcement and regulators: Where required by law, regulation, or legal process.
  • Business transfers: In connection with any merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

6. Data storage and security

All data is stored on servers located within the United Kingdom and the European Economic Area. We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption at rest and in transit, access controls, regular security assessments, and staff training.

While we take all reasonable steps to protect your data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

7. Data retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law. When you cancel your account, we will retain your data for 30 days to allow you to request an export. After this period, your data will be securely deleted or anonymised.

Certain data may be retained for longer periods where required for legal, tax, or accounting purposes. For example, billing records are retained for seven years in accordance with HMRC requirements.

8. International transfers

Where we transfer personal data outside the United Kingdom, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office or transfers to countries that have been deemed to provide an adequate level of data protection.

9. Cookies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for the Service to function, including authentication and security cookies.
  • Analytics cookies: Help us understand how visitors interact with the Service so we can improve it.
  • Preference cookies: Remember your settings and preferences for a better experience.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

10. Your rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that we correct inaccurate or incomplete data.
  • Right to erasure: You may request that we delete your personal data, subject to certain exceptions.
  • Right to restrict processing: You may request that we restrict the processing of your data in certain circumstances.
  • Right to data portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by law.

11. Children's privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. We encourage you to review this policy periodically.

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom

Website: ico.org.uk
Telephone: 0303 123 1113

14. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:

SME Pilot

Email: [email protected]