Privacy Policy

Last updated: 17 March 2025

1. Introduction

Welcome to AdminTeam ("we", "our", or "us"). We provide a business administration platform that helps small businesses and tradespeople manage invoicing, expenses, bank reconciliation, job tracking, and customer communications. We respect your privacy and are committed to protecting your personal data.

By using AdminTeam, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information to provide our services:

2.1 Account Information

Name, email address, business name, and contact details (provided during registration or via magic link authentication).

2.2 Business & Financial Data

To provide our invoicing, expense tracking, and reconciliation features, we collect and store:

Invoice details (amounts, descriptions, customer information)
Expense records (amounts, vendors, categories, receipts)
Bank statement data (uploaded CSV files for reconciliation)
Business profile information (company name, address, logo, VAT number)
Job and project details

2.3 Customer/Contact Information

When you add customers or contacts to AdminTeam, we store:

Customer name, email address, and phone number
Business name and address
Invoice and payment history

2.4 Bank Account Data

If you connect your bank account via Open Banking (powered by GoCardless):

We access transaction data to assist with reconciliation
Bank connection is authorised directly with your bank — we never see your login credentials
Access can be revoked at any time through your bank or our Connections page

2.5 Payment Information

If you or your customers use our payment features:

Card payments are processed securely by Stripe
Direct Debit payments are processed by GoCardless
We do not store credit card numbers, sort codes, or full bank account details
We receive only confirmation of payment status

2.6 Document Data

Documents uploaded or forwarded to AdminTeam (receipts, invoices from suppliers) are stored securely and processed to extract relevant information.

2.7 Voice Interaction Data

If you or your customers interact with our AI voice assistant:

Voice audio is processed in real time for speech recognition — we do not store audio recordings
Information provided during calls (names, addresses, booking details) is processed to fulfil requests
Call transcripts may be stored temporarily to complete requested actions (e.g., creating a booking)

2.8 Usage Data

Basic information on how you use the platform (e.g., features accessed, number of invoices created).

3. How We Use Your Information

We use your information solely to provide the functionality of the AdminTeam service:

Create, send, and manage invoices
Track and categorise business expenses
Reconcile bank statements against your records
Process payments through Stripe and GoCardless
Provide job and project tracking
Generate financial reports and summaries
Send transactional emails (invoice delivery, payment confirmations)
Respond to your enquiries and support requests

4. AI-Powered Features & Data Privacy

4.1 Financial AI (Private Infrastructure)

🔒 Your financial data never leaves our secure infrastructure. AI-powered features such as expense categorisation run on our own private servers. No financial data is shared with third-party AI providers such as OpenAI, Google, or Anthropic.

When we use AI to assist with transaction categorisation:

Only merchant/vendor names are processed (e.g., "SCREWFIX", "SHELL") — never account numbers, balances, or personal identifiers
Processing happens on our privately hosted AI infrastructure
Suggestions are always presented for your review and confirmation — no automated decisions are made

4.2 Voice AI Assistant (Cloud Services)

Our AI voice assistant uses industry-standard, GDPR-compliant cloud providers to deliver real-time speech capabilities:

Speech recognition: Audio is streamed to our speech-to-text provider for real-time transcription. Audio is processed transiently and not stored by the provider.
Conversation AI: Transcribed text is processed by a cloud-based language model to generate intelligent responses.
Voice synthesis: Response text is converted to natural speech via a text-to-speech provider.

Information shared during voice interactions (such as names, addresses, and booking details) is transmitted to these providers solely for the purpose of processing the conversation. All transmissions are encrypted via TLS. These providers are listed as sub-processors in Section 5 below.

5. Data Sharing & Sub-Processors

We do not sell, trade, or rent your personal information. We use trusted third-party service providers to deliver our service. These providers have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose:

5.1 Payment Processing

Stripe: For card payment processing (subject to Stripe's Privacy Policy)
GoCardless: For Direct Debit payment processing and Open Banking connections (subject to GoCardless's Privacy Policy). GoCardless is authorised by the FCA.

5.2 Document Storage

Cloudflare R2: For secure storage of uploaded documents and receipts (subject to Cloudflare's Privacy Policy)
Google Drive: If you connect Google Drive for document sync (subject to Google's Privacy Policy)

5.3 Communications

Resend: For transactional email delivery (invoice sending, payment confirmations). Email content is processed solely for delivery purposes (subject to Resend's Privacy Policy)

5.4 Calendar Integration

Google Calendar: If you connect for job scheduling (subject to Google's Privacy Policy)

5.5 Voice AI Services

When our AI voice assistant is active, voice data is processed by:

Deepgram: For real-time speech-to-text transcription. Audio is processed transiently and not stored. (Subject to Deepgram's Privacy Policy)
Google Gemini: For conversational AI processing. Text is processed to generate responses and is subject to Google's Privacy Policy. We use the API service which does not use your data for training.
ElevenLabs: For text-to-speech voice synthesis. Text is processed to generate audio responses. (Subject to ElevenLabs' Privacy Policy)
LiveKit: For secure real-time audio streaming infrastructure. (Subject to LiveKit's Privacy Policy)

5.6 Legal Requirements

We may disclose your information if required by law or to protect our rights.

6. Data Security

We implement appropriate security measures including:

Encrypted data transmission (HTTPS/TLS)
Secure authentication via magic links (no passwords stored)
AI processing on private, isolated infrastructure
Regular security updates
Limited access to personal data

While we strive to protect your information, no method of transmission over the Internet is 100% secure.

7. Data Retention

We retain your personal data only for as long as your account is active or as needed to provide services. Financial records may be retained for up to 7 years in line with HMRC requirements. You can request the deletion of your account and associated data at any time by contacting us.

8. Your Rights

Under UK GDPR, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Withdraw consent for data processing
Export your data in a portable format
Object to processing of your personal data
Lodge a complaint with the Information Commissioner's Office (ICO)

9. Cookies

We use essential cookies to:

Keep you signed in to your account
Remember your session preferences

We do not use tracking or advertising cookies.

10. Children's Privacy

AdminTeam is a business service not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us at:

Email: [email protected]