Privacy Policy — IR35 Invoice Generator

1. Data We Collect

We collect only the personal data necessary to operate our invoice generation tool and communicate with you. The categories of data we may process include:

Email address — when you subscribe to updates, request templates, or contact us.
IP address — automatically collected by our hosting infrastructure for security, fraud prevention, and aggregated analytics.
Usage data — such as pages visited, features used, browser type, device type, referring URL, and timestamps, collected to improve service performance and reliability.

We do not require you to create an account to use the core invoice generator. Invoice content you enter in the browser is processed locally unless you explicitly choose to share or export it.

2. How We Use Your Data

We use personal data for the following purposes:

Service delivery — to provide, maintain, and improve the IR35 Invoice Generator tool, including technical support and security monitoring.
Email communications — to send service-related messages, product updates, and marketing newsletters where you have given consent. Email campaigns are sent via Brevo (formerly Sendinblue), our email service provider. Brevo processes your email address on our behalf under a data processing agreement compliant with UK GDPR.
Analytics and performance — to understand how visitors use our site and to fix errors or improve user experience (using aggregated or pseudonymised data where possible).
Legal compliance — to comply with applicable laws, respond to lawful requests, and protect our rights and the rights of others.

We do not sell your personal data to third parties.

3. UK GDPR Compliance and Legal Basis

We process personal data lawfully under the UK GDPR. Depending on the activity, our legal bases include:

Consent (Article 6(1)(a)) — for marketing emails and optional communications. You may withdraw consent at any time via the unsubscribe link in any email or by contacting us.
Contract (Article 6(1)(b)) — where processing is necessary to provide services you have requested.
Legitimate interests (Article 6(1)(f)) — for security, fraud prevention, and improving our service, balanced against your rights and freedoms.
Legal obligation (Article 6(1)(c)) — where we must retain or disclose data to comply with UK law.

As a UK-based service, we apply the UK GDPR as retained in UK law post-Brexit. Where data is transferred outside the UK, we ensure appropriate safeguards (such as UK International Data Transfer Agreements or adequacy regulations) are in place.

We act as the data controller for personal data collected through this website. Our data protection contact is reachable at the email address in Section 7 below.

4. Cookie Policy

We use essential cookies only. These cookies are strictly necessary for the website to function and cannot be switched off in our systems. They are typically set in response to actions you take, such as maintaining session state or security preferences.

We do not use non-essential cookies, advertising cookies, or third-party tracking cookies for behavioural profiling. If this changes in the future, we will update this policy and, where required, obtain your consent before placing such cookies.

You can control cookies through your browser settings; disabling essential cookies may affect site functionality.

5. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

Email addresses — retained until you unsubscribe from our mailing list or request deletion, after which we remove or anonymise your data within 30 days (except where we must retain records for legal purposes).
Server and security logs (including IP addresses) — retained for 90 days, then automatically deleted or anonymised.
Usage data — retained in aggregated form where possible; identifiable usage logs follow the same 90-day retention where applicable.

When retention periods expire, we securely delete or anonymise data in accordance with industry best practices.

6. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access Request a copy of the personal data we hold about you.

Right to erasure Request deletion of your personal data where there is no compelling reason for continued processing.

Right to data portability Receive your data in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.

Right to object Object to processing based on legitimate interests, including direct marketing at any time.

You also have the right to rectification, restriction of processing, and to withdraw consent without affecting the lawfulness of processing before withdrawal. To exercise any of these rights, contact us using the details below. We will respond within one month, as required by law.

If you are unsatisfied with our response, you may lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

7. Contact Us

For privacy-related enquiries, data subject requests, or questions about this policy, please contact:

Email: support@ir35invoicegenerator.co.uk

We aim to respond to all privacy requests within 30 days.

8. Governing Law

This Privacy Policy and any dispute arising from it shall be governed by and construed in accordance with the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction, subject to your statutory rights as a consumer in other parts of the United Kingdom.

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date at the top of this page. Continued use of the service after changes constitutes acceptance of the revised policy where permitted by law.