Breadcrumbs Image

Privacy Policy

Last Updated: April 2025

1. Who We Are

DexAI ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. We are a UK-based company providing AI-powered financial automation services, including receipt scanning, expense tracking, and tax reporting.

Data Controller: DexAI, 3rd Floor, 45 Albemarle Street, Mayfair, London, W1S 4JL, United Kingdom

Contact: hello@dexai.app

2. What Data We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, and business name when you register
  • Payment Details: Billing address and payment card information (processed securely by our PCI-compliant payment providers—we do not store full card details)
  • Communications: Messages you send to our support team
  • Business Details: Company registration number, VAT number, and accounting preferences

2.2 Information Collected Automatically

  • Device & Log Data: IP address, browser type, operating system, and access times
  • Usage Data: Features used, pages visited, and time spent on the platform
  • Uploaded Documents: Receipts, invoices, and expense documents you scan or upload
  • Bank Feed Data: Transaction information from connected bank accounts (via secure, read-only API access)

2.3 Information from Third Parties

  • Open Banking providers for bank account connectivity
  • Payment processors for subscription billing
  • Analytics providers to understand platform usage patterns

3. How We Use Your Data

We process your personal data for the following purposes:

  • Service Delivery: To provide receipt scanning, expense categorisation, and financial reporting features
  • Account Management: To create and manage your account, process payments, and handle support requests
  • OCR & AI Processing: To analyse your uploaded documents, extract vendor details, amounts, dates, and VAT information
  • Tax Compliance: To generate Making Tax Digital (MTD) compliant reports and submit VAT returns to HMRC
  • Platform Improvement: To enhance our OCR accuracy, develop new features, and improve user experience
  • Communications: To send service updates, security alerts, and (with your consent) marketing materials
  • Legal Compliance: To meet our obligations under UK tax law, anti-money laundering regulations, and GDPR

4. Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract Performance: Processing necessary to deliver the Services you've subscribed to
  • Legitimate Interests: Improving our platform, preventing fraud, and ensuring security
  • Consent: Marketing communications and optional data processing activities (you may withdraw consent at any time)
  • Legal Obligation: Compliance with HMRC requirements, tax records retention, and law enforcement requests

5. Data Sharing & Third Parties

We do not sell your personal data. We may share your information with:

  • HMRC: When you authorise VAT return submissions through our MTD-enabled platform
  • Payment Processors: Stripe or similar providers to handle subscription billing
  • Cloud Infrastructure: Secure hosting providers (e.g., AWS) that store and process your data within the UK/EEA
  • Professional Advisers: Lawyers, auditors, or insurers where necessary for our legitimate interests
  • Law Enforcement: Where required by law or to protect the rights, property, or safety of DexAI, our users, or the public

All third-party processors are bound by data processing agreements that meet GDPR Article 28 requirements.

6. Data Security

We implement robust technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls and multi-factor authentication
  • Regular penetration testing and vulnerability assessments
  • Secure data centres with ISO 27001 certification
  • Employee training on data protection and confidentiality
  • Automated intrusion detection and 24/7 monitoring

7. Data Retention

We retain your personal data for as long as necessary:

  • Active Accounts: For the duration of your subscription plus 30 days after cancellation
  • Financial Records: Minimum of 6 years as required by HMRC and UK Companies Act
  • Marketing Data: Until you withdraw consent or unsubscribe
  • Technical Logs: Up to 12 months for security and troubleshooting purposes

After these periods, data is securely deleted or anonymised.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention obligations
  • Restriction: Request that we limit the way we process your data
  • Portability: Receive your data in a structured, machine-readable format and transfer it to another provider
  • Objection: Object to processing based on legitimate interests or direct marketing
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at hello@dexai.app. We will respond within 30 days.

9. International Data Transfers

Your data is primarily stored and processed within the United Kingdom and European Economic Area (EEA). If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) or adequacy decisions approved by the UK Information Commissioner's Office (ICO).

10. Cookies & Tracking

We use essential cookies to operate our platform and analytics cookies to understand usage. You can manage your cookie preferences through our Cookie Policy and your browser settings. Essential cookies cannot be disabled as they are necessary for the platform to function.

11. Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes by email or a prominent notice on our website at least 14 days before they take effect.

13. Complaints

If you have concerns about how we handle your data, please contact us first at hello@dexai.app. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

14. Contact Us

For any privacy-related questions or requests:

  • Email: hello@dexai.app
  • Phone: +44 20 1234 5678
  • Address: Data Protection Officer, DexAI, 3rd Floor, 45 Albemarle Street, Mayfair, London, W1S 4JL, United Kingdom