← Back to home

Privacy Policy

Last updated: 29 April 2026

1. Who we are

Cashroll is operated by Cashroll Ltd, a company registered in England and Wales. We are the data controller for the personal data we process. You can contact us at hello@cashroll.io.

2. What data we collect

Account data

When you sign up, we collect your name and email address via Clerk (our authentication provider).

Payment data

When you connect Stripe, Stripe collects your banking and identity information directly. We store your Stripe account ID and onboarding status but do not have access to your full bank details or identity documents.

Business and client data

We store the information you enter into Cashroll: your business name, client names, email addresses, quote and invoice details, and transaction records.

Usage data

We use PostHog for product analytics and Sentry for error tracking. This includes page views, feature usage, browser type, and error logs. We do not sell this data or use it for advertising.

3. Why we process your data

  • To provide the service — creating quotes, sending invoices, processing payments, and sending reminders on your behalf.
  • To communicate with you — transactional emails about your account, payments, and service updates.
  • To improve Cashroll— understanding how the product is used so we can make it better.
  • Legal obligations— complying with tax, anti-money laundering, and other regulatory requirements.

Our legal basis for processing is contract performance (providing the service you signed up for), legitimate interest (product improvement and security), and legal obligation where applicable.

4. Who we share data with

  • Stripe— payment processing and identity verification.
  • Clerk— authentication and account management.
  • Supabase— database hosting (data stored in the EU).
  • Resend— transactional email delivery.
  • Vercel— application hosting.
  • PostHog— product analytics.
  • Sentry— error monitoring.

We do not sell your personal data to anyone. We only share data with third parties as necessary to provide the service.

5. Your clients’ data

When you add clients and send them quotes or invoices, you are the data controller for your clients’ personal data. Cashroll acts as a data processor on your behalf. We only use your clients’ data to deliver quotes, invoices, payment links, and reminders that you initiate. We do not contact your clients independently or use their data for marketing.

6. Data retention

We retain your data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required to retain records for legal or regulatory purposes (e.g. transaction records for tax compliance, which we retain for 7 years).

7. Data security

We use industry-standard security measures including encrypted connections (TLS), secure authentication via Clerk, and access controls on our database. Payment data is handled entirely by Stripe and never passes through our servers.

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Request a portable copy of your data
  • Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, email us at hello@cashroll.io. We will respond within 30 days.

9. Cookies

We use essential cookies for authentication and session management. PostHog may set analytics cookies to understand product usage. We do not use advertising or third-party tracking cookies.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email. The “last updated” date at the top of this page will always reflect the current version.