We take your privacy very seriously. So we've decided to make a promise about what we'll use the information you give us for. You consent to us processing these types of personal data so that we can provide the app to you.
We think the term process is a little misleading for what we're doing, but the term is widely used in the EU's General Data Protection Regulation (GDPR). In plain English, we collect and store your email address so we can identify you as an account holder. If you forget your password, we can email you with a link to reset it. We will also email you about your account from time to time, for example if there's a problem with your account.
When you use our online backup and sync service ("Online Syncing"), your role as a Data Controller means you should ensure you have consent from your customers and suppliers to store their personal information. Our role as a Data Processor is limited to storing your bookkeeping database; we do not access the information you store unless you want us to, and we would never extract information about your customers and suppliers.
If at any time you do not want us to "process" this personal data, you can contact us via the support link on the website. You should be aware that we will not be able to provide the app to you without your permission to store your email address. You can also delete your account if you want to (see later).
Running the app
When you run the app, the following statistical data is collected to help us monitor what kind of devices are running the app. This is used to decide when the app should take advantage of new features of new operating systems and when to discontinue development on older platforms.
- Hardware Model and OS (iPhone, iPad, iMac, Macbook Air and so on)
- Version of the app
Easy Books Online Account
To use the app, you will need to register an account using your email address. We collect the following additional information:
- Your email address
- IP Address
By supplying your email address, you give us consent to store this personal information for the purposes of providing the app to you.
Our servers will send out email reminders when your service period is coming to an end so that you can continue the service if you want to. We won't keep all your details though, a short time after your account expires we will automatically delete your business data (if you have chosen to upload it). We will retain your account email address and information about your past purchases with us.
Signing in from a Device
When you open the app and sign in, we collect additional information which may contain your personal information.
- Your device's name (e.g. Fred's iPhone)
The device's name is used to help tell it apart from other devices linked to your account.
If you purchase a subscription via Apple's in-app purchase system we collect an anonymous receipt from Apple. To link the purchase to your Easy Books Online Account, you will need to have registered and signed in. This process usually happens when you first run the app, but you can register at any time, including after you have made a purchase.
If you purchase directly from us by entering your contact and credit card details we will store additional information about the sale, linking it to your license file(s):
- Your name
- Your company name
We do not store your credit card information, this is stored by our trusted payment company.
We will use your information to contact you if it affects your service from us. For example, if we need to upgrade the service and it's not possible to do this in the normal period overnight we might consider it important enough to let you know. We may also use your contact details to email you about changes we've made to the app. You can unsubscribe from our emails by clicking a link at the bottom, or from your account page. If you unsubscribe, we will still send account related information such as password reset emails (if you ask for them). If you want to delete your account, see later.
Lawful Basis for Data Processing
When you register using your email address, the lawful basis for processing is 'consent'. You can withdraw your consent, but we will not be able to provide the service to you.
We use a third party called Tender to manage our support system. If you request support, your email address and anything you write will be stored in their system. By default, all support requests are private. But if we think others would benefit from your support request we'll ask to make it public. Your email address always remains private, but you can decide if you want to make the text public.
We use a well known and respected payment gateway called Fastspring to handle payments. We don't receive credit card information ourselves. We can sign in to the payment company to view your payment history and manage your subscription.
Retention of Data
If you stop using the app on a device, some information, which contains your device name and unique login token is retained for a period of 90 days, after which it is deleted.
If you delete a business from your account page, the data is deleted immediately from our server. This data is also deleted if your account lapses without payment. Any devices connected will receive a popup message saying the business is no longer available, and they stop syncing the business. If you have uploaded attachments, these are archived into a single file. You will receive an email with details about how you can obtain your archive. This is stored on our servers for a period of 90 days and then deleted. If you want to keep a copy of the files you attached to your accounts, you should download the archive within this period as we cannot retrieve your data afterwards.
We store backup copies of the sync database for disaster recovery purposes. Old copies of the data are deleted as soon as a new one is available. We keep the backups for a week, so if you delete a business, there may be small fragments of your data in our backup for up to a week after you delete it. After that, your business data is no longer retained anywhere.
Deleting Your Account
If you have no purchase history with us, you can delete your account completely from the Settings tab on your account page. Sign in at sync.easybooksapp.com.
If you have made purchases, Fastspring will retain information about your purchases. You can still delete your account from our system, but this is handled differently to preserve some purchase information. If you delete your account, we remove your account information, for example, your IP address, email, name, business and device information. Purchase history information is retained.
You authorise the engagement of Amazon Web Services, Inc. ("Infrastructure Provider") to provide underlying infrastructure services in the provision of the software. Infrastructure Provider’s role includes storage of Customer Personal Data.
Data you enter into the software, such as your customer and supplier names and addresses are stored in a separate database per user. This database is stored by Infrastructure Provider and encrypted while at rest. Decryption keys are managed by Infrastructure Provider and stored in a different location. You acknowledge your role as Data Controller, and ours as Data Processor.
Servers are housed in Amazon's secure data centres in the United States of America and are managed by us. We secure all communications to and from the app using TLS 1.2, and we reject any connections that are not encrypted. This keeps your information confidential between your device and our servers, and ensures that the data is safe from eavesdropping while on the Internet.
We will implement and maintain technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of our systems.
We will take appropriate steps to ensure compliance with the Security Measures by our employees and contractors to the extent applicable to their scope of access, including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality. Our staff connect to the servers for monitoring and maintenance. While connected, we also use encrypted connections. In addition, all our computers have encrypted hard drives and complex passwords to prevent unauthorised access, in case they are stolen.
For information about Amazon's GDPR Data Processing Addendum, please click here.
To process credit card and PayPal payments, we use Fastspring, a well known and respected payment gateway. All data passed between your computer and Fastspring is encrypted too, so your credit card details are safe. We don't store any information about the method of payment you use.
When you make a payment to us for your use of the service, Fastspring store Personal Data such as your name, address, phone number and credit card number.
We will never pass on your details to anyone else without your permission. In addition, we have not been required by any court order to reveal any user information we have stored or to keep any secrets about doing so.