Privacy Policy

Last updated: 22 November 2024

1. Introduction

Drakon Systems Ltd ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services, including the DrakonSystems AI Invoice Importer.

Company Details:
Drakon Systems Ltd
Company Number: 16867343
ICO Registration Number: C1833149
Email: support@drakonsystems.com

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

  • Name and contact details (email address, phone number)
  • Company name and business information
  • Billing and payment information
  • Account credentials (username, encrypted password)
  • Communication preferences

2.2 Xero Data

When you connect our DrakonSystems AI Invoice Importer to your Xero account, we access and process:

  • Invoice data (supplier information, amounts, dates, line items)
  • Xero organization details
  • Contact information from your Xero account
  • Chart of accounts and tax codes

2.3 Technical Information

We automatically collect:

  • IP address and device information
  • Browser type and version
  • Usage data and analytics
  • Cookies and similar tracking technologies
  • Log files and error reports

3. How We Use Your Information

We use your information to:

  • Provide and maintain our services
  • Process invoices and sync data with your Xero account
  • Process payments and manage subscriptions
  • Send service updates and technical notices
  • Provide customer support
  • Improve our products and develop new features
  • Detect and prevent fraud or security issues
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To provide our services to you
  • Legitimate Interests: To improve our services and prevent fraud
  • Legal Obligation: To comply with accounting and tax requirements
  • Consent: For marketing communications (which you can withdraw at any time)

5. Data Sharing and Disclosure

5.1 Third-Party Services

We share your data with:

  • Xero: To sync invoice data (via OAuth 2.0)
  • Payment Processors: Stripe for processing payments
  • Cloud Hosting: Fly.io for application hosting
  • Analytics: To understand service usage
  • Email Services: For transactional and support emails

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if necessary to protect our rights, property, or safety.

6. Data Security

We implement appropriate technical and organizational security measures:

  • End-to-end encryption for data in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Regular security audits and penetration testing
  • Access controls and authentication
  • SOC 2 Type II compliance (in progress)
  • Regular backups and disaster recovery procedures

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Typically:

  • Active account data: Duration of subscription plus 7 years (for tax purposes)
  • Invoice data: 7 years (UK tax law requirement)
  • Marketing data: Until you unsubscribe or request deletion
  • Technical logs: 90 days

8. Your Rights (GDPR & UK GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Limit how we use your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: For marketing communications

To exercise these rights, contact us at support@drakonsystems.com

9. Cookie Policy

We use cookies and similar tracking technologies to enhance your experience, analyze site usage, and support our marketing efforts. You can manage your cookie preferences at any time through our cookie consent banner.

9.1 Types of Cookies We Use

We use the following categories of cookies:

  • Necessary Cookies (Always Active): Essential for the website to function properly. These enable core functionality such as security, authentication, network management, and accessibility. You cannot opt-out of these cookies as they are required for the service to work.
  • Analytics Cookies (Optional): Help us understand how visitors interact with our website by collecting and reporting information anonymously. This includes page views, time spent on pages, and user navigation patterns. We use this data to improve our website performance and user experience.
  • Marketing Cookies (Optional): Track your online activity to help us deliver more relevant advertising and measure the effectiveness of our marketing campaigns. These may be set by us or by third-party advertising partners.

9.2 Cookie Duration

  • Session Cookies: Temporary cookies that expire when you close your browser
  • Persistent Cookies: Remain on your device for a set period or until manually deleted
  • Cookie Consent: Your cookie preferences are stored for 12 months

9.3 Managing Cookies

You have several options to manage cookies:

  • Cookie Consent Banner: Use our cookie preferences tool that appears on your first visit
  • Browser Settings: Most browsers allow you to refuse or delete cookies through their settings
  • Opt-Out Tools: Use industry opt-out tools for advertising cookies

Important: Disabling necessary cookies will prevent you from using essential features of our service. Disabling analytics or marketing cookies will not affect core functionality but may result in a less personalized experience.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA. We ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our service. Continued use after changes constitutes acceptance.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Email: support@drakonsystems.com

If you're not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK at ico.org.uk