Privacy Notice

Pocket Account Limited
Last updated: 20th February 2026

1. Introduction

This Privacy Notice explains how Pocket Account Limited ("Pocket Account", "we", "our", or "us") collects, uses, stores, and protects personal data when you use our websites, cloud-based accounting platform, mobile applications, and related services, including support, training, and events (collectively referred to as the "Services").

We are committed to protecting personal data in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • EU General Data Protection Regulation (EU GDPR)
  • UK Data Protection Act 2018
  • ISO 27001-aligned Information Security Management System (ISMS)

2. Who We Are

Pocket Account Limited is a provider of AI-powered accounting and financial automation software for accountants, bookkeepers, and businesses globally.

Registered Office: Mumbai, India
Primary Data Hosting Location: London, United Kingdom (AWS – Europe Region)
Services Offered: Globally, including the UK and European Union

3. Our Role (Controller and Processor)

Depending on how you use our Services:

  • We act as a Data Controller for personal data relating to your account, billing, and communications.
  • We act as a Data Processor when processing financial data on behalf of our customers.

If you are an accountant or business using Pocket Account, you remain the Data Controller of your client data, and we process such data strictly on your instructions.

4. Data Protection Principles

We process personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

5. Personal Data We Collect

5.1 Information You Provide

  • Name, email address, and contact details
  • Business and billing information
  • Financial documents (including invoices, payroll records, bank statements)
  • Communications with support or sales teams

5.2 Information Collected Automatically

  • IP address and device information
  • Browser type and operating system
  • Usage data, including pages visited and actions performed
  • Cookies and similar tracking technologies

6. Legal Basis for Processing

We process personal data based on:

  • Performance of a contract – to provide our Services
  • Legal obligations – including accounting and tax compliance
  • Legitimate interests – including service improvement, fraud prevention, and system security
  • Consent – for marketing communications where required

7. How We Use Personal Data

We use personal data for the following purposes:

Service Delivery: Processing financial documents and transactions; providing accounting automation and integrations with third-party platforms.

Communication: Service-related updates and notifications; customer support and technical assistance; security alerts and compliance notifications.

Service Improvement: Analysing system usage; enhancing platform performance and user experience; developing new features.

Security and Compliance: Monitoring for unauthorised access; detecting and preventing fraud or misuse.

Marketing: Sending relevant product updates and offers (subject to your preferences). You may opt out at any time.

8. AI and Automated Processing

Pocket Account uses artificial intelligence to process accounting and financial documents.

  • Processing is limited strictly to service delivery purposes
  • Personal data is not used for AI model training without explicit consent
  • Third-party AI providers are contractually bound to data protection obligations

9. Data Sharing

We may share personal data with:

Service Providers (Sub-processors): Cloud hosting providers (AWS – London, UK region); payment processors; analytics and infrastructure providers.

Legal and Regulatory Authorities: Where required by applicable law or regulation.

Corporate Transactions: In connection with mergers, acquisitions, or business restructuring.

We do not sell personal data to third parties.

10. International Data Transfers

As a global organisation, personal data may be accessed from outside the UK/EU, including India. Primary data storage is maintained in London, United Kingdom (AWS EU region).

Where personal data is transferred internationally, we implement Standard Contractual Clauses (SCCs) and appropriate safeguards to ensure GDPR compliance.

11. Data Security

We maintain appropriate technical and organisational measures aligned with ISO 27001 standards, including:

Technical Measures:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Secure API integrations
  • Role-based access control (RBAC)
  • Continuous monitoring and logging

Organisational Measures:

  • Restricted access to authorised personnel only
  • Confidentiality agreements
  • Ongoing employee security training

12. Data Retention

We retain personal data for the duration of your active account, and as required to comply with legal, tax, or regulatory obligations. After this period, data is securely deleted or anonymised in accordance with our retention policies.

13. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure of your data
  • Restrict or object to processing
  • Request data portability

To exercise your rights, contact: privacy@pocketaccount.com

You also have the right to lodge a complaint with your local data protection authority.

14. Cookies and Tracking

We use cookies and similar technologies to enhance user experience, analyse platform performance, and personalise content. You can manage cookie preferences through your browser settings.

15. Data Breach and Incident Response

In the event of a personal data breach:

  • We will notify relevant authorities within 72 hours, where required
  • Affected individuals will be informed without undue delay
  • Incident response procedures will be followed to mitigate risks

16. Sub-processors

We engage carefully selected third-party sub-processors. A current list of sub-processors is available upon request or via our Data Processing Agreement (DPA).

17. Compliance and Certifications

  • Complies with UK GDPR and EU GDPR requirements
  • Implements an ISO 27001-aligned Information Security Management System
  • Applies industry best practices for SaaS data security

18. Updates to This Privacy Notice

We may update this Privacy Notice from time to time. Material changes will be communicated via email or platform notification. The latest version will always be available on our website.

19. Contact Us

For any privacy-related queries or requests:

Email: privacy@pocketaccount.com
Website: www.pocketaccount.com

Free Trial Start Today!

Powered by Data Prociefnt

Free Trial
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Services Login Terms & Conditions Privacy policy
©2023 Data Proficient
Made with
by EBR