Legal · Privacy

Privacy Policy

What personal data Kempt collects, why, and what you can do about it. We’ve tried to write it in plain English.

Last updated [DATE]Controller Zap Development LtdContact hello@kempt.me

This policy explains what personal data Kempt collects, why, and what you can do about it. For the records you put into Kempt about your own business, you are the data controller and we act as your processor. For the data we collect to run your account and operate Kempt, we are the controller. This policy covers both, and flags which is which where it matters.

01Who we are

Kempt is a bookkeeping and financial-admin app for people who work for themselves. It is provided by Zap Development Ltd (“we”, “us”, “our”), a company registered in England and Wales (company number 11318277), registered address [REGISTERED ADDRESS].

For anything in this policy, including any request about your data, contact us at .

02The data we hold

Account data We’re the controller

Your name and email address, your password (stored only as a secure hash — we never see it), and basic settings and preferences.

Your business records You’re the controller

Whatever you enter or import to do your bookkeeping: income and expenses, invoices and clients, mileage, payroll figures, VAT and tax workings, your financial-year settings, and reference identifiers you choose to store such as your Company Registration Number and tax reference (UTR). If you upload receipts, we store those files too.

Technical data We’re the controller

Standard server and security logs (IP address, browser type, timestamps, actions taken) needed to keep the service running and secure.

We do not ask for or store HMRC Government Gateway credentials or authentication codes. Kempt prepares figures — it does not file on your behalf. We also don’t collect special-category data (such as health or biometric data), and Kempt isn’t intended for anyone under 18.

03Why we use it, and our legal basis

WhatWhyLawful basis (UK GDPR)
Run your account and provide the serviceSo you can use KemptPerformance of a contract
Keep the service secure and workingFraud prevention, debugging, abuse preventionLegitimate interests
Respond to your support and data requestsTo help youContract / legal obligation
Service emails (sign-in, account notices)Essential to operating your accountPerformance of a contract
Any marketing or product-update emailsTo tell you about KemptConsent — opt out anytime

Where we rely on legitimate interests, we’ve considered your rights and limited the data to what’s necessary; ask us if you’d like the details.

04Who we share it with

We don’t sell your data and we don’t share it for anyone else’s marketing. We use a small number of trusted service providers (“processors”) to run Kempt. Each is bound by a data-processing agreement and may only act on our instructions:

  • SupabaseDatabase, authentication and file storage. Your data is hosted in a UK/EU region.
  • VercelApplication hosting and content delivery.
  • Postmark Wildbit / ActiveCampaignSending account and service emails.
  • [ERROR MONITORING]e.g. Sentry — diagnosing faults, configured to minimise personal data. Remove this row if not used.

We may also disclose data if the law requires it, or to establish or defend legal claims.

05Where your data is held

Your business records and account data are stored in a UK or EU data-centre region. Where any processor needs to transfer personal data outside the UK, we rely on an appropriate safeguard — a UK adequacy decision, the International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses — so it stays protected to UK standards.

06How long we keep it

We keep your account and business records for as long as your account is open. If you close your account, we will delete or irreversibly anonymise your data within [RETENTION PERIOD, e.g. 30 days], except where we need to keep limited records longer to meet our own legal obligations or to resolve disputes. You can export your full data from within Kempt at any time before you leave.

07Your rights

Under UK data protection law you have the right to: access your data; have it corrected; have it erased; restrict or object to how it’s used; and receive it in a portable format. Much of this is built into Kempt — you can view, edit, export and delete your records directly. For anything else, email and we’ll respond within one month.

08Cookies

Kempt uses only strictly necessary cookies — to keep you signed in and to keep your session secure. We don’t use advertising or third-party tracking cookies. Because these cookies are essential to a service you’ve asked for, we don’t show a consent banner.

Optional — keep only if trueIf we add privacy-friendly analytics, we’ll update this section, tell you what they do, and give you a way to opt out.

09Complaints

If you’re unhappy with how we’ve handled your personal data, please tell us first at . We will acknowledge your complaint within 5 working days, investigate, and aim to give you a full response within 30 days. We keep a log of complaints so we can track and resolve them properly.

If you’re still not satisfied, you have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator, at ico.org.uk or on 0303 123 1113. We’d appreciate the chance to put things right first.

10Changes to this policy

If we make material changes, we’ll update the date above and, where appropriate, let you know by email or in the app.

Questions about your data?

Email us any time at — a real person will reply.