Privacy Policy

1. Introduction

Invoice Watchdog Ltd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Account Information

• Email address
• Full name
• Password (encrypted)
• Account creation and login timestamps

Amazon FBA Data

When you upload reports, we process:

• Inventory adjustment records (SKUs, FNSKUs, quantities, dates)
• Reimbursement records (amounts, case IDs, reasons)
• Returns data (order IDs, dispositions, quantities)
• Settlement data (transaction types, amounts)

Note: We do not access your Amazon Seller Central account directly. You manually upload CSV files exported from Amazon.

Technical Data

• IP address
• Browser type and version
• Device information
• Usage logs and timestamps

3. How We Use Your Information

We use collected information to:

• Provide and maintain the Service
• Analyse your FBA data to identify reimbursement opportunities
• Generate Claim Dossiers with suggested ticket messages
• Calculate and invoice success fees
• Send service-related communications
• Improve and optimise the Service
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

• Contract: Processing necessary to provide the Service you requested
• Legitimate Interests: Improving the Service, fraud prevention, security
• Legal Obligation: Compliance with tax, accounting, and other legal requirements
• Consent: Where you have given explicit consent (e.g., marketing communications)

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. For pilot programme participants:

• Account data: Retained until account deletion + 30 days
• FBA report data: Retained for 6 months from end of pilot period
• Case and dossier data: Retained for 6 months from end of pilot period
• Billing records: Retained for 7 years (legal requirement)

We retain FBA report and dossier data for 6 months after the end of the pilot to allow for follow-up analysis, handling of disputes and validation of reimbursements, after which it is deleted unless we need to retain it longer to comply with legal obligations or to establish or defend legal claims.

Note: These retention periods are reduced for the pilot phase. Retention periods may be extended after public launch.

6. Data Security

We implement appropriate technical and organisational measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest
• Encrypted backups with secure key management
• Access controls and authentication
• Regular security assessments
• Rate limiting and abuse prevention

7. Data Sharing

We do not sell your personal data. We may share data with:

Service Providers

• Cloud hosting (Hetzner, Germany)
• Backup storage (Backblaze)
• AI processing (Anthropic) — for generating claim ticket text. We send product identifiers (SKU, FNSKU, ASIN) and transaction data to generate suggested messages. We do not send personally identifiable information or Amazon account credentials. Our use of AI providers is based on our legitimate interests in improving automation and efficiency. Where such providers are located outside the UK/EEA, we implement appropriate safeguards such as Standard Contractual Clauses.

Legal Requirements

When required by law, court order, or governmental authority

Business Transfers

In connection with a merger, acquisition, or sale of assets

8. International Transfers

Your data is primarily stored within the European Economic Area (Germany). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

9. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@invoicewatchdog.ai. We will respond within 30 days.

10. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking or advertising cookies.

11. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

13. Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: ico.org.uk

14. Contact Us

For privacy-related questions or to exercise your rights:

Invoice Watchdog Ltd
Company No. 16958960
71-75 Shelton Street
Covent Garden, London
WC2H 9JQ, United Kingdom
Email: privacy@invoicewatchdog.ai