Privacy Policy
Last updated: 1 July 2026
Mou Consulting Ltd ("we") is the data controller for personal data we collect about you. This policy explains what we collect, why, and your rights under the UK GDPR and Data Protection Act 2018.
1. What we collect
Account data: name, email, company name, role. Financial data: figures you upload or sync (revenue, costs, invoices, employees). Usage data: pages viewed, feature usage, IP address, browser type. Payment data: handled by our payment processor; we never see full card numbers.
2. Why we process it
To provide the Service (contract), to send security and service updates (legitimate interest), to comply with tax and accounting law (legal obligation), and to send marketing where you have opted in (consent).
3. AI processing
When you use AI features (narratives, chatbot, budgeting), the relevant slice of your financial data is sent to Google Gemini via a Lovable-managed gateway. Data is not used to train foundation models. Full AI logs are retained for 30 days for debugging.
4. Sharing
We share data with sub-processors: Lovable (hosting & AI gateway), Supabase (database), Stripe (payments), and email delivery providers. We do not sell your data.
5. International transfers
Our primary infrastructure is in the EU. Some sub-processors (e.g. AI providers) may process data in the US under Standard Contractual Clauses.
6. Retention
Account data is retained while your account is active plus 6 years for tax purposes. Financial data you upload is deleted 30 days after account cancellation.
7. Your rights
You have the right to access, correct, delete, restrict or port your data, and to withdraw consent. Contact enquiries@mouconsulting.co.uk. You may also complain to the UK ICO at ico.org.uk.
8. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Access is restricted by row-level security and role-based permissions. We run automated security scans on every release.
9. Contact
Mou Consulting Ltd, Mou Consulting Ltd, United Kingdom. Email enquiries@mouconsulting.co.uk.