/ Privacy

Privacy Policy

Last updated: 3 July 2026

This policy explains what personal data Axiom Logic processes, why we process it, how long we keep it, and the rights you have under UK and EU data protection law.

01

Who we are

This Privacy Policy is issued by AxiomLogic ("Axiom Logic", "we", "us", "our"), the data controller responsible for personal data processed through this website and the client portal at axiomlogictech.com.

Registered address: AxiomLogic, Suite 151, Gramercy Tower, 6 Curran Road, CF10 5FS, Cardiff, United Kingdom. AAT registration number: [to be added]. You can contact us at any time at contact@axiomlogictech.com.

02

Scope of this policy

This policy applies to personal data we process about visitors to our website, people who submit our contact form, and users of our client portal. It is written to meet our obligations under the UK General Data Protection Regulation and Data Protection Act 2018, and the EU General Data Protection Regulation (Regulation 2016/679).

Where you are located in the European Economic Area, you have the same rights against us as UK data subjects and may lodge complaints with your national supervisory authority as well as the UK Information Commissioner's Office.

03

Personal data we collect

Contact form. When you submit our contact form we collect the name, email address, sector, and message you provide, together with your language preference and the time of submission.

Client portal accounts. When you register or are invited to the client portal we collect your email address, full name and (optionally) company name, together with authentication metadata managed by our platform provider.

Portal activity. While you use the portal we process the documents you upload, messages you send, calendar events created for you, meeting bookings, and progress you record against tasks.

Technical data. Our hosting provider processes IP addresses and standard HTTP request metadata for security, abuse prevention and service delivery. We do not use marketing cookies or third-party analytics on this site.

04

Purposes and lawful bases

We process personal data for the following purposes and on the following lawful bases (Article 6 UK/EU GDPR):

  • Responding to enquiries submitted through our contact form — legitimate interests in operating the firm and answering prospective clients.
  • Providing the client portal and delivering the accounting and consulting services you have engaged us for — performance of a contract.
  • Meeting statutory record-keeping obligations (for example, records that must be retained under UK tax law) — compliance with a legal obligation.
  • Securing our systems and preventing abuse — legitimate interests in protecting the confidentiality and integrity of client data.
  • Sending you service communications (portal notifications, engagement updates) — performance of a contract; where we ever send marketing, we will rely on your consent.

05

Sharing and subprocessors

We do not sell personal data. We share personal data only with the following categories of recipients:

  • Hosting and database — Lovable Cloud (backed by Supabase), which stores portal data, authentication records and uploaded documents.
  • Authentication — Google LLC, if you choose to sign in with a Google account (OAuth).
  • Transactional email — [to be confirmed] for account, meeting and notification emails.
  • Professional advisers and regulators where we are required to disclose information in the course of providing regulated accountancy services or to comply with law.

Each subprocessor is bound by written contractual terms that require them to protect personal data to the standard required by UK and EU GDPR.

06

International transfers

We prefer to keep personal data within the United Kingdom and European Economic Area. Where a subprocessor processes data outside those regions, we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses (Commission Decision 2021/914), together with any supplementary measures required following the assessment we conduct for each transfer.

07

How long we keep personal data

  • Contact-form enquiries — up to 24 months from your last contact with us, unless you become a client (in which case the message becomes part of the engagement record).
  • Client portal accounts — for the duration of your engagement with us and up to 7 years afterwards, in line with statutory record-keeping obligations for accountancy services.
  • Documents you upload to the portal — for the duration of your engagement and, where they form part of statutory records, for the retention period required by law.
  • System and security logs — a rolling period of up to 12 months.

We will delete or anonymise personal data at the end of the applicable period unless we are required by law to retain it for longer.

08

Your rights

Under UK and EU GDPR you have the right to:

  • request access to a copy of the personal data we hold about you;
  • have inaccurate or incomplete personal data corrected;
  • request erasure of personal data in the circumstances set out in Article 17;
  • request restriction of processing in the circumstances set out in Article 18;
  • object to processing based on our legitimate interests;
  • request portability of personal data you have provided to us;
  • withdraw consent, where processing is based on your consent, at any time.

Please send requests to contact@axiomlogictech.com. You may also lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or, if you are in the EEA, with your national supervisory authority.

09

Cookies and analytics

We use a single first-party session cookie (managed by Supabase Auth) to keep you signed in to the client portal. We do not use marketing cookies, advertising trackers or third-party analytics on this site. If we introduce analytics in the future we will update this policy and, where required, request your consent before setting any non-essential cookies.

10

Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure or alteration. A summary of the platform controls we rely on is published in our Security Overview.

11

Changes and contact

We may update this policy from time to time. Material changes will be signalled by updating the "Last updated" date at the top of this page and, where appropriate, by notifying portal users directly.

Questions or concerns about this policy? Please contact us at contact@axiomlogictech.com.