Legal

Privacy Policy

Last updated: [[EFFECTIVE DATE — set on approval, e.g. 9 June 2026]]

This policy explains what personal data Toot collects, why we collect it, who we share it with, and the rights you have over it. Toot is an AI bookkeeper, so we handle financial information, accounting records, and — when you connect a mailbox — receipts and invoices from your email. We treat all of it with care.

1Who we are

Toot is a product of Vineyard Finance Ltd ("Toot", "we", "us", "our"), a company registered in England & Wales under company number 16963228, with its registered office at Flat 1, 11 Cambridge Park, Twickenham, England, TW1 2PF. "Toot™" is a registered trademark of Vineyard Finance Ltd.

We act as a data controller for your account, billing, and security data, and as a data processor acting on your instructions for the accounting records and mailbox content you connect — while remaining directly accountable for Google user data as required by Google's policies. We are registered with the UK Information Commissioner's Office (ICO) under registration number [[ICO REGISTRATION NUMBER]].

Where you connect Toot to your accounting system or mailbox, Toot processes the records in those systems on your behalf to provide the service. As between you and Toot, you remain responsible for the underlying financial records and for having a lawful basis to upload or connect them.

2Scope of this policy

This policy applies to the Toot website at toot-books.com, the Toot application (including each customer's workspace at {your-company}.platform.toot-books.com), and the Toot API. Existing enterprise customers served under the vineyard-finance.com domain are covered by the same practices.

It does not cover third-party services you separately connect or visit — such as Zoho, Google, or your bank — which have their own privacy policies.

3What data we collect

Account & identity data

When you sign up, we receive your name and email address from Google Sign-In, and a unique account identifier. We do not receive or store your Google password.

Company & setup data

During onboarding we collect your company name and VAT registration status, which we use to configure your accounting workspace (including tax treatment and chart of accounts).

Billing data

When you start a trial, we will ask for a payment card. Card details will be collected and stored by our payment processor, Stripe — Toot will never receive or store your full card number — and we will hold only a payment token, the card's last four digits and expiry, billing country, and your subscription and invoice history. [[Stripe billing is build step D1/C12 — describe as it works once live; do not publish as a current feature before Stripe is integrated.]]

Financial & accounting data

Toot reads your bank transactions and reconciliation status from Zoho Books (the system of record you connect to your bank). We store enrichment we generate locally — transaction classifications, matched receipts and receipt files, reconciliation results, and the logs of the automated agents that produce them. Each customer's data is held in a separate, isolated database.

Mailbox data (only if you connect Gmail)

If you connect a mailbox, Toot's receipt finder uses read-only access to search that mailbox for receipts and invoices, read candidate messages and their attachments, and extract the details needed to match a receipt to one of your accounting transactions. We store the extracted receipt text and any receipt files you choose to attach to a transaction. See section 5 for the specific Google requirements that apply.

Technical & usage data

We log activity needed to run and debug the service securely — for example API calls, automated agent steps and decisions, timestamps, IP address, and browser/device information. Detailed operational logging is core to how we keep the product reliable and auditable.

4How and why we use it

We use your data to:

create and run your isolated Toot workspace and accounting environment;
classify transactions, find and match receipts, and reconcile your books;
write reconciliation results back to your Zoho accounting records when you approve them;
authenticate you, secure your account, and prevent abuse;
take payment, manage your subscription, and meet tax/accounting obligations;
provide support, send service messages, and (with your consent) product updates;
monitor, debug, and improve the reliability and accuracy of the service.

Our lawful bases under UK GDPR are: performance of a contract (providing the service you signed up for); legitimate interests (securing, debugging, and improving the service, and communicating with customers), balanced against your rights; consent (connecting your Gmail mailbox, and any non-essential cookies or marketing email — which you can withdraw at any time); and legal obligation (tax, accounting, and compliance record-keeping).

5Google user data & Gmail

Toot only ever requests read-only Gmail access (gmail.readonly). We never send email on your behalf, and we never modify or delete anything in your mailbox.

When you connect a mailbox, you grant Toot read-only access so the receipt finder can locate receipts and invoices and match them to your transactions. We access only the messages and attachments relevant to that purpose, and we store the extracted receipt details and any files you attach to a transaction.

Toot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, Google user data obtained through Gmail is:

used only to provide the receipt-finding feature you enabled;
never sold, and never used for advertising;
never transferred to others except as needed to provide the feature, for security, or to comply with the law;
never used to train generalised or non-personalised AI/ML models;
read by humans only with your explicit consent, where required for security or to comply with the law, or where the data has been aggregated and anonymised.

You can disconnect a mailbox at any time from your workspace Settings, and you can also revoke Toot's access from your Google Account permissions. Stored mailbox access tokens are held in your access-controlled, per-customer isolated database. [[Encryption-at-rest of mailbox tokens with a per-customer key is build step E1/C12 — state it here once it ships; until then do not claim per-customer-key token encryption.]]

6AI processing of your data

Toot uses third-party AI models to read transaction descriptions and receipt text and to suggest classifications and reconciliations. To do this, the relevant transaction and receipt text is sent to our AI subprocessors (listed in section 7) for processing. We send only the data needed for the task, and we do not send your card details or Google sign-in credentials to these providers.

[[CONFIRM: our AI subprocessors do not use customer data to train their models — adjust this sentence to match the contractual position with each provider.]] Subject to that confirmation, your data is processed only to generate output for you and is not used by these providers to train their general models.

Automated classifications and reconciliations are suggestions. The reconciliation and receipt actions that write to your accounting records are initiated by you, and your own classifications always take priority over automated output. [[A per-write "Save to Zoho?" confirmation is build step F3 — once it ships you can state each write-back is confirmed; today a found receipt can write back without a separate confirmation dialog.]]

7Service providers & subprocessors

We use a small set of trusted providers to deliver Toot. Each processes data only on our instructions and under a data-processing agreement.

Providers we use today (Current) and providers in our launch plan (Planned)
Provider	Purpose	Data involved	Region	Status
Google Cloud (Cloud Run, Cloud SQL)	Hosting & database	All application data	London, UK (europe-west2)	Current
Cloudflare	Marketing-site hosting & CDN	Visitor IP & request data	Global / UK edge	Current
Zoho Books	Accounting system of record	Bank transactions, reconciliation, accounting records	Per your Zoho org / EU	Current
Google (Sign-In & Gmail API)	Login & read-only mailbox access	Name, email; receipt/invoice messages & attachments	EU / US	Current
Google Fonts	Web fonts on our pages	Visitor IP address	US	Current
Google Forms & Sheets	Waitlist form (until replaced by in-app sign-up)	Name, email, phone & company details you submit	EU / US	Current
Anthropic	AI classification & reconciliation	Transaction & receipt text	US	Current
OpenAI (incl. Codex / ChatGPT)	AI reconciliation	Transaction & receipt text	US	Current
Fireworks AI	AI receipt extraction	Receipt text	US	Current
Bank of England (public rates API)	Currency conversion rates	No personal data sent	UK	Current
Stripe	Payments & subscription billing	Card token, billing details, invoices	EU / US	Planned (D1)
Resend	Transactional & invite email	Name, email address	EU / US	Planned (H1)
Google Identity Platform / Firebase Auth	Sign-up & login	Name, email, auth identifiers	EU / US	Planned (A1)

We keep this list current. The regions above reflect each provider's typical processing locations; see international transfers for the safeguards we rely on.

9International data transfers

Your Toot workspace and database are hosted in the United Kingdom (London). Some of our subprocessors — including certain AI, payment, and email providers — process data outside the UK, including in the United States. Where data leaves the UK, we rely on appropriate safeguards: where a provider is certified under the EU–US Data Privacy Framework and its UK extension (the "UK Data Bridge"), we rely on that adequacy route; otherwise we use the UK International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses, together with additional technical and organisational measures. You can request details of the safeguards used by contacting us.

10How long we keep data

We keep your data for as long as your account is active and as needed to provide the service. Indicative retention periods by category:

Billing & tax records: at least 6 years, to meet UK tax and accounting requirements.
Accounting & reconciliation data: for the life of your account, then deleted or anonymised after closure (subject to the tax-record requirement above).
Operational & security logs: [[log retention period — e.g. 90 days]].
Mailbox access tokens: until you disconnect the mailbox.
Other account & personal data: deleted or anonymised within [[period — e.g. 30 days]] of account closure.

We may keep certain records longer where we must to meet legal obligations, resolve disputes, or enforce our agreements. Cancelling a mailbox connection stops further mailbox access and removes the stored access token.

11How we protect data

We use technical and organisational measures appropriate to the sensitivity of financial data, including: a separate, isolated database per customer (on shared, access-controlled infrastructure); encryption in transit (HTTPS) and at rest for our databases; restricted, least-privilege access to stored mailbox tokens [[per-customer-key token encryption is planned — E1]]; authenticated access with least-privilege service identities; private networking for databases; and detailed audit logging. No system is perfectly secure, but we work to protect your data and to detect and respond to incidents. If a breach affects your rights, we will notify you and the ICO as required by law.

12Your rights

Under UK data protection law you have the right to: access a copy of your personal data; have inaccurate data corrected; have data erased; restrict or object to certain processing; data portability; and withdraw consent at any time (where we rely on consent). To exercise any of these, contact us using the details below — we will respond within the statutory timeframe.

If you are unhappy with how we handle your data, you can complain to the UK Information Commissioner's Office at ico.org.uk. We'd appreciate the chance to address your concern first.

Toot's automated classifications and reconciliations are decision-support only — they are suggestions you review, and they do not produce legal or similarly significant effects about you without human involvement. As such, the right relating to solely automated decision-making (Article 22 UK GDPR) does not apply, but you can still ask us how a particular suggestion was produced.

13Cookies & analytics

In the app. Toot uses cookies and similar technologies that are strictly necessary to sign you in and keep your session secure. [[CONFIRM whether any non-essential analytics/marketing cookies are used; if so, list them and obtain consent. Otherwise state "we use only strictly necessary cookies".]]

On our website. Our pages load web fonts from Google Fonts, which means your IP address is sent to Google to deliver the fonts. If you use our sign-up or waitlist form, the details you enter are processed via Google Forms/Sheets, and some fields may be stored in your browser's local storage to make the form easier to use. Our homepage includes a click-to-load video: no video cookies are set unless you choose to play it, at which point YouTube may set its own cookies.

Where the law requires consent for non-essential cookies or similar technologies (under PECR and UK GDPR), we will ask for it and let you manage your choices.

14Children

Toot is a product for businesses, intended for users aged 18 or over (see our Terms), and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

15Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "last updated" date above and, where appropriate, notify you by email or in the app. Continuing to use Toot after a change means you accept the updated policy.

16How to contact us

For any privacy question or to exercise your rights, contact:

Vineyard Finance Ltd
Data protection enquiries: [[PRIVACY CONTACT EMAIL — e.g. [email protected]]]
Registered office: Flat 1, 11 Cambridge Park, Twickenham, England, TW1 2PF