Worraps (“we”, “us”, “our”) is a cloud-based software platform designed specifically for self-employed individuals in the United Kingdom. The platform helps users organise income, expenses, receipts, and financial records in one place and supports workflows related to Making Tax Digital (MTD) compliance.

Worraps is designed to simplify bookkeeping for self-employed workers such as contractors, tradespeople, couriers, freelancers, and other independent professionals who need a simple way to keep financial records organised and prepare information required for tax reporting.

This Privacy Policy explains how we collect, use, store, and protect personal data when you create and use a Worraps account, upload receipts, invoices, or financial information, organise financial records within the platform, visit our website, or interact with our services.

We are committed to processing personal data responsibly and transparently in accordance with the UK GDPR and the Data Protection Act 2018. Worraps acts as a Data Controller for personal data collected for account management, website usage, and service administration. Where users upload or process personal data within the platform, Worraps acts as a Data Processor on behalf of the user.

The entity operating the Worraps platform acts as the data controller for personal data processed in connection with the platform and related services. This means we determine the purposes and methods of processing personal data.

Legal entity details

The legal entity responsible for operating Worraps will be formally registered in the United Kingdom.

Legal entity name, company number, and registered address: Will be added in a future update once the company is formally registered.

Data Protection Contact

Worraps will appoint a Data Protection contact or Data Protection Officer responsible for overseeing data protection matters and ensuring compliance with applicable data protection laws.

DPO contact details: Will be added in a future update.

Regulatory Authority

Worraps will register with the Information Commissioner's Office where required under applicable data protection law. Registration details and reference number will be published in this Privacy Policy once available.

Who this policy applies to

• Self-employed users who create an account and use the Worraps platform
• Prospective users who sign up for early access, trials, or request information about the service
• Website visitors who browse the Worraps website or interact with contact forms or other online features

When you use the Worraps platform, we may collect different types of information depending on how you interact with the service. This includes information you provide directly, financial records you upload or create within the platform, and technical information generated when using the system.

3.1 Account Information

• Full name
• Email address
• Phone number, if provided
• Login credentials, with passwords stored in encrypted form
• Account preferences and settings

3.2 Financial and Business Data

• Income records
• Expense records
• Invoices
• Receipts
• Transaction descriptions
• Tax-related financial information
• VAT-related information, if applicable

3.3 Receipt and Document Data

Users may upload receipts, invoices, or other financial documents. These documents may contain merchant or supplier names, transaction dates, transaction amounts, purchase descriptions, and supplier details.

3.4 Technical and Usage Data

• IP address
• Browser type and version
• Device type
• Operating system
• Login timestamps
• System activity logs
• Error reports and diagnostic data

3.5 Communication Data

• Support requests
• Messages sent to our support team
• Feedback about the platform

3.6 Website Usage Data

• Pages visited
• Time spent on pages
• Referral sources
• Interactions with forms or website features

3.7 Automated Document Processing

Worraps may use automated systems to process certain information uploaded by users, such as receipts, invoices, or other financial documents. These processes may analyse transaction dates, amounts, merchant names, purchase descriptions, and expense categories. Users remain responsible for reviewing and confirming financial records and any tax-related information before it is used for reporting or submission purposes.

4.1 Account Registration

We collect data when you create a Worraps account, including your name, email address, login credentials, and contact details.

4.2 Manual Data Entry

Users may manually enter financial information into the platform, including income records, expenses, transaction notes, and tax-related information.

4.3 Receipt and Document Uploads

Users may voluntarily upload receipts, invoices, or other financial documents that may be processed by the system to extract relevant financial details.

4.4 Bank Data Imports

Where supported, users may choose to import transaction data from bank accounts or financial institutions, either through secure third-party providers or file uploads such as bank statements or exports.

4.5 HMRC Integrations

Where applicable, users may authorise Worraps to prepare or transmit tax-related information to HM Revenue & Customs through approved integrations related to Making Tax Digital.

4.6 Cookies and Website Technologies

Cookies or similar technologies may be used to maintain website functionality, improve user experience, and analyse website traffic. For more detail, this should be supported by a separate Cookie Policy.

4.7 Legal Record Requirements

Some financial and tax-related records may need to be retained for minimum legal periods under UK tax law, which can affect deletion requests.

5.1 Performance of a Contract

Most processing is necessary to create and maintain user accounts, provide access to the platform, store and organise financial records, process uploaded documents, and generate summaries or reports.

5.2 Legal Obligation

Certain personal or financial data may be processed to comply with UK legal obligations, including tax reporting and regulatory compliance associated with Making Tax Digital.

5.3 Legitimate Interests

Worraps may process data to maintain platform security, prevent fraud, monitor reliability, and improve platform functionality and user experience, provided those interests do not override user rights.

5.4 User Consent

Consent may be relied on for marketing communications and optional website cookies or analytics tools, where required by law.

Worraps does not sell, rent, or trade personal or financial data for marketing or commercial purposes.

6.1 Providing the Worraps Services

Data is processed to create and manage accounts, allow users to record and organise financial information, store transactions, and organise receipts and financial documents.

6.2 Processing Financial Records

Financial information may be structured and analysed to help users review records and generate summaries of financial activity. Worraps does not independently determine tax liabilities and does not make legally binding tax decisions.

6.3 Platform Operation and Maintenance

Technical data may be used for system administration, troubleshooting, and maintaining reliability.

6.4 Security and Fraud Prevention

Data may be processed to detect unauthorised access attempts, suspicious activity, fraud, or misuse.

6.5 Customer Support

Information may be used to respond to support requests and service enquiries.

6.6 Service Improvement

Usage and technical data may be analysed to improve functionality, usability, performance, and reliability.

6.7 Compliance with Legal Obligations

In certain situations, personal and financial data may be processed or retained to comply with legal or regulatory obligations.

Worraps does not sell personal or financial data. Data may be shared where necessary for hosting, payment processing, analytics, support, legal compliance, or authorised submissions.

7.1 Hosting and Infrastructure Providers

Worraps stores and processes platform data using secure hosting infrastructure provided by IONOS. IONOS acts as a data processor and processes data according to Worraps instructions.

7.2 Payment Service Providers

Payment processing may be handled by Stripe, PayPal, or other authorised providers. Worraps does not store full payment card details on its own systems.

7.3 Government Authorities and Regulatory Bodies

Where required by law or authorised by the user, Worraps may transmit relevant tax-related information to HM Revenue & Customs.

7.4 AI Processing Providers

Worraps may use external AI service providers to assist with automated processing of financial documents such as receipts or invoices. These providers act as data processors and do not make automated legal or financial decisions.

7.5 Analytics and Website Tools

Where analytics tools such as Google Analytics are used, they should only be activated with user consent where required by law.

7.6 Email Communication Services

Worraps may use email services provided by IONOS to send account notifications, password reset emails, service updates, and security alerts.

7.7 Legal Requirements

Personal data may be disclosed where required by law, regulation, legal process, or regulatory authority.

Some third-party service providers used by Worraps may operate outside the UK or may transfer data internationally as part of their services.

8.1 Payment Providers

Payment providers such as Stripe and PayPal may process customer name, billing email address, payment details required for the transaction, transaction amount, and billing country.

8.2 Website Analytics Providers

Analytics providers may receive anonymised IP address data, device and browser information, pages visited, session duration, and referral source.

8.3 Safeguards for International Transfers

Where personal data is transferred internationally, Worraps will take reasonable steps to ensure safeguards are in place, including recognised transfer mechanisms under UK data protection law.

Worraps retains personal and financial data only for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements.

9.1 Financial and Tax Records

Financial records may be retained for up to six years, or longer where required by applicable law or regulatory obligations.

9.2 Account Information

Personal information associated with an account may be retained while the account remains active and for a limited period afterward where necessary for compliance, disputes, fraud prevention, or record-keeping.

9.3 Support and Communication Records

Support and communication records may be retained for a reasonable period to maintain service quality and resolve potential disputes.

9.4 Data Deletion

Where personal data is no longer required for legal, operational, or regulatory purposes, Worraps will take reasonable steps to securely delete or anonymise it.

9.5 Security of Retained Data

Retained data is protected through appropriate technical and organisational measures designed to safeguard personal and financial information.

10.1 Technical Security Measures

• Secure server infrastructure
• Encrypted data transmission using HTTPS
• Access controls and authentication mechanisms
• System monitoring and logging
• Regular system updates and security maintenance

10.2 Organisational Security Measures

Access to user data is restricted to authorised personnel only where necessary for administration, maintenance, or support.

10.3 Third-Party Security

Where Worraps relies on third-party providers, reasonable steps are taken to ensure they maintain appropriate security standards.

10.4 Security Limitations

No system can guarantee absolute security, and users should also protect their account credentials.

10.5 Incident Response

In the event of a personal data security incident, Worraps will investigate and respond in accordance with applicable legal obligations.

11.1 Right of Access

Users may request access to personal data held about them.

11.2 Right to Rectification

Users may request correction of inaccurate or incomplete personal data.

11.3 Right to Erasure

Users may request deletion of personal data in certain circumstances, subject to legal record-keeping requirements.

11.4 Right to Restrict Processing

Users may request that processing be restricted in certain cases.

11.5 Right to Data Portability

Where applicable, users may request certain data in a structured, machine-readable format.

11.6 Right to Object

Users may object to certain processing where Worraps relies on legitimate interests.

11.7 Exercising Your Rights

Requests may be made using the contact information provided in this Privacy Policy.

Worraps is committed to addressing concerns relating to the processing of personal data fairly and transparently.

12.1 Contacting Worraps

Users are encouraged to contact Worraps first regarding privacy or data protection concerns so the matter can be reviewed and, where possible, resolved.

12.2 Right to Lodge a Complaint

Users have the right to lodge a complaint with the Information Commissioner's Office if they believe their personal data has been processed unlawfully.

12.3 Seeking Resolution

Contacting Worraps first does not affect a user's right to contact the ICO at any time.

Worraps may update this Privacy Policy from time to time to reflect changes in the platform, legal requirements, or data processing practices. The revised version will be published on the website or platform, and where appropriate users may be notified of significant changes through platform notifications or email communication.

Worraps – Data Protection Contact

Email: Will be added in a future update.

Registered company name: Will be added in a future update once the company is formally registered.

Registered address: Will be added in a future update once the company is formally registered.

If a Data Protection Officer is appointed in the future, their contact details will be published in this section.