OrbitCFOAIBack to home

Legal

Privacy Notice

Last updated: May 2026

1. Who we are

OrbitCFO.AI Ltd ("we", "us", "our") is the data controller for the personal data collected through the OrbitCFO.AI platform. We are registered in the United Kingdom and provide AI-native financial intelligence software to UK SMEs.

2. What personal data we collect

We collect and process the following categories of personal data:

  • Account data: name, email address, company name, and login credentials.
  • Financial data: transaction records, bank feeds, VAT returns, and accounting data you choose to connect.
  • Usage data: IP address, device identifiers, browser type, pages visited, and feature interactions.
  • Support data: messages, tickets, and correspondence with our customer support team.
  • Payment data: billing address and subscription details. Card numbers are handled by our payment processor, Paddle — we do not store full card data.

3. How we use your data

We use your personal data for the following purposes:

  • To provide, maintain, and improve the OrbitCFO.AI service.
  • To process transactions, manage subscriptions, and send billing communications.
  • To provide customer support and respond to enquiries.
  • To ensure security, prevent fraud, and protect our platform.
  • To send service-related notifications and, where permitted, product updates or marketing.
  • To comply with legal obligations, including tax and regulatory requirements.

4. Legal basis for processing

We process your data based on: (a) contract performance — to deliver the service you subscribe to; (b) legitimate interests — for security, fraud prevention, and product improvement; (c) consent — for marketing communications, which you can withdraw at any time; and (d) legal obligation — where required by law or regulation.

5. Data sharing

We share your data only where necessary:

  • Service providers: hosting, analytics, customer support tooling, and cloud infrastructure partners.
  • Paddle.com: our Merchant of Record for payment processing, subscription management, tax compliance, and invoicing.
  • Professional advisers: legal and accounting professionals, where required.
  • Authorities: regulators, courts, or law enforcement where required by applicable law.

6. International transfers

Your data is primarily stored and processed within the United Kingdom and European Economic Area. Where we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

7. Data retention

We retain your personal data for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we securely delete or anonymise it.

8. Your rights

Under UK and EU data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate or incomplete data.
  • Request erasure ("right to be forgotten") in certain circumstances.
  • Restrict or object to processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent for marketing at any time.
  • Lodge a complaint with the UK Information Commissioner's Office (ICO).

To exercise any of these rights, contact us at privacy@orbitcfoai.com. We will respond within one month.

9. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security audits.

10. Cookies

We use essential cookies to operate the service and analytics cookies to understand usage. You can manage your cookie preferences through your browser settings.

11. Changes to this notice

We may update this Privacy Notice from time to time. We will notify you of material changes via email or through the platform.

12. Contact us

If you have any questions about this Privacy Notice or our data practices, contact us at privacy@orbitcfoai.com.