Your data is yours.
You own it. You can export it as CSV or PDF in two taps. Cancel, and I delete it — keeping a 90-day “in case you change your mind” copy, then it's gone.
Trust centreNo mystery.
No mystery.
No small print.
How I handle your data, your books and your customers’ details. Written in English, not legalese — with the long-form documents linked underneath if you want the full version.
Last reviewed · 14 April 2026
The promises
Four things, in plain English.
The whole approach in four short rules. If anything I do ever feels out of line with these — tell me, and I’ll fix it.
I never sell it.
Not now. Not later. Not anonymised. Not “aggregated”. Your data is for running your books — not for somebody else's ad targeting.
UK hosted. UK supported.
Everything sits on encrypted UK servers. Support is real humans in real UK time zones — no offshore call centre, no ticket bot.
You stay in charge.
I never send, file or invoice on my own. Every quote, every chase, every HMRC submission needs your nod. AI helps; it doesn't decide.
Assistive. Reviewable. Never the boss.
AI helps with the boring bits — turning a voice note into a quote, suggesting a category for an expense, drafting a chase email. It never sends, files or invoices on its own.
It never trains on your data.Your invoices, customers, quotes and receipts are not used to train any model — mine or anyone else's.
Every output is reviewable.You see what I've drafted before it leaves the app — every email, every quote, every quarterly figure.
Edit, override, or ignore.Every AI draft is yours to change before it goes anywhere. Don't like the wording? Rewrite it. Wrong category? Switch it. Don't trust the figure? Type your own.
Off by default. On only if you say so.
The public site stays light — only what’s needed to make it work. Analytics, marketing pixels and any other extras are opt-in, explained clearly, and easy to switch back off.
No cookie wall.You can read the entire site without agreeing to anything. The banner asks once, politely, and remembers your answer.
No third-party trackers in-app.The signed-in app is tracker-free. We use a single first-party analytics tool to spot bugs — no Google, no Meta, no LinkedIn pixels.
Change your mind any time.“Cookie settings” lives in the footer of every page. One tap to switch things off, no hunting.
What I hold, and for how long
Every byte, explained.
The full list of what I keep on you, why I keep it, and when it goes away. No surprises buried in a 40-page privacy policy.
DataWhy I have itHow long I keep it
Your account & sign-in
So I know it's you, and to send you receipts & reminders.
Until you deleteQuotes, invoices, jobs
So I can show them, search them, send them and bill from them.
Until you delete · 6yr if filed to HMRCCustomer contact details
So you can email/text them, and I can route invoices & reminders.
Until you delete the customerVoice notes & receipt photos
To turn into quotes, categorise expenses, and back up your records.
7 days (raw) · summary keptCard & bank details
I never hold these. Stripe and your bank do. I only see the last 4 digits.
Held by Stripe, not meUsage logs
To spot bugs and figure out which features are useful.
30 daysLocked on the way, locked at rest.
Your data is scrambled while it travels and while I'm holding it — backups too, kept in a separate UK region in case anything goes pop.
Locked down by default.
Only the engineers who need to access production can — with two-factor sign-in, hardware keys, and an audit log every time they touch a row of data.
If something goes wrong.
I'll tell you within 72 hours — by email, in the app, and on this page. I'll explain what happened, what was affected, and what to do next.
The documents
The long-form, if you want it.
Plain-English summaries above. Full versions here. Pick the one you need.
Not covered here? Just ask.
If something isn’t answered on this page, email me. A real person — not a bot — will reply, usually the same day.
✉ hello@hellokwilo.comReplies within 1 working day · UK office hours