Sidgrove
SidgroveIntelligence

Privacy policy

How we handle your data

This policy explains what personal information Sidgrove Intelligence collects, why we hold it, and the rights you have over it. We aim to be plainly written rather than legalistic - if anything is unclear, email dave@sidgrove.com.

Last updated: 28 April 2026

Who we are

Sidgrove Ltd (“Sidgrove”, “we”, “us”) is a UK-registered accountancy practice. We operate Sidgrove Intelligence - a private dashboard at intelligence.sidgrove.com used by our team and our clients to view bookkeeping, cashflow, deadlines, payroll, and reporting data we deliver as part of our accountancy services.

For the personal data described below, Sidgrove is the data controller under UK GDPR.

What we collect

We hold three categories of information:

  1. Account profile - when you sign in with Google or Microsoft, your provider returns your name, email address, and (where available) your profile picture. We record the email address against your session so we can authorise what you see in the app.
  2. Application data you create or generate - comments you leave on bookkeeping rows, sign-offs you submit on reports, configuration choices you make for your client workspace, and similar in-app activity.
  3. Source data we read on your behalf - where you have authorised it, we read accountancy source data from connected services (e.g. specific Google Drive folders, Google Sheets, or third-party finance tools) so we can present the information back to you in a more useful form. We only read what is necessary for the service you have engaged us for.

How we use it

We process your information to deliver the accountancy services you have engaged Sidgrove for, to operate and secure the Sidgrove Intelligence platform, and to communicate with you about your engagement.

We do not sell personal data, run advertising, or share data with third parties for marketing purposes.

Lawful basis (UK GDPR)

We rely on:

  • Performance of a contract - to deliver the accountancy services described in your engagement letter.
  • Legal obligation - to retain accounting records for the periods required by UK tax and company law.
  • Legitimate interests - to keep the platform secure, prevent abuse, and improve how the product serves our clients. Where we rely on this basis we have considered and respected your interests and rights.

Sub-processors

We use a small number of trusted infrastructure providers to run Sidgrove Intelligence. They are bound by data-processing agreements that hold them to standards consistent with this policy.

  • Vercel - application hosting and edge networking.
  • Supabase - managed Postgres database and authentication infrastructure.
  • Google - sign-in (OAuth), and read access to Drive / Sheets data you have authorised.
  • Microsoft - sign-in (OAuth) for users on Microsoft Entra accounts.
  • Anthropic - large-language-model processing for AI-generated summaries and insights. Source content sent for processing is not used by Anthropic to train their models.
  • Slack - internal workflow notifications, where you have asked us to deliver them via your Slack workspace.

Some of these providers process data on infrastructure outside the UK / EEA. Where international transfers occur, they are covered by the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or an adequacy decision.

How long we keep it

We retain your data while you are an active client of Sidgrove. After an engagement ends:

  • Accounting records required by UK tax and company law are retained for the statutory periods (which currently extend up to seven years for limited companies).
  • Application data not subject to statutory retention (e.g. interface comments, configuration settings) is deleted within 90 days of engagement termination on request, or sooner where you ask for erasure.
  • Operational logs (sign-in records, error traces) are kept for up to 12 months for security and debugging.

Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • ask for your data to be erased (subject to statutory retention obligations above);
  • ask us to restrict or stop certain processing;
  • receive a portable copy of data you have given us;
  • object to processing carried out under legitimate interests;
  • withdraw consent at any time where consent is the lawful basis (this does not affect lawful processing already carried out).

To exercise any of these, email dave@sidgrove.com. We aim to respond within 30 days.

You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint.

Security

Data is encrypted in transit (TLS) and at rest in our databases and object storage. Access to client data is restricted to authorised Sidgrove staff and to authenticated users on the relevant client workspace. We use modern OAuth flows for sign-in and do not store passwords.

No system is perfect. If we ever detect a breach that affects your data we will notify you and the ICO as required.

Cookies

We use a single category of cookies: those strictly necessary to keep you signed in. We do not use advertising or analytics cookies.

Children

Sidgrove Intelligence is a business product. It is not directed at, and should not be used by, anyone under 18.

Changes to this policy

We will update this page if our practices change. The “last updated” date at the top reflects the most recent revision. Material changes affecting how we use your data will be notified to active clients by email.

Contact

Questions, requests, or complaints about how we handle your personal data: dave@sidgrove.com.

© 2026 Sidgrove Ltd
PrivacyTermsContact