Legal
Privacy Policy
Who we are
Cadi is a software service operated by Cadi Software Ltd (company number 17174156) ("we", "us", "our"). Our registered address is available on request. You can contact us at support@cadi.cleaning.
We are the data controller for the personal data you provide when using Cadi.
What data we collect
We collect and process the following categories of personal data:
- Account information — your name, email address, and password (hashed)
- Business information — your business name, address, and trading details
- Financial data — income, expenses, invoices, and payment records you enter
- HMRC data — your National Insurance Number (NINO), HMRC OAuth access and refresh tokens, and data returned by HMRC APIs including obligations and tax calculations
- Bank transaction data — where you connect a bank account via open banking, we receive your transaction history, account names, and balance for the accounts you select
- Customer & employee data — names, contact details, and payment information for the customers and staff you add to manage your cleaning business
- Payment information — billing details processed via Stripe (we do not store card numbers)
- Usage data — pages visited, features used, and browser/device information for fraud prevention headers required by HMRC
- Session recordings — anonymised interaction data via FullStory (opt-in via cookie consent), excluding any field marked as sensitive
How we use your data
We use your personal data to:
- Provide and maintain the Cadi service
- Submit Making Tax Digital (MTD) ITSA data to HMRC on your behalf, where you have authorised us to do so
- Process subscription payments via Stripe
- Send service-related emails (account, billing, important updates)
- Meet HMRC's fraud prevention requirements for MTD-connected software
- Improve the service and fix issues
Our lawful basis is contract performance (providing the service you signed up for) and, where required, legal obligation (HMRC fraud prevention requirements).
HMRC connection
When you connect your HMRC account, we store OAuth tokens (access token and refresh token) in our secure database. These tokens are used solely to submit and retrieve data from HMRC on your behalf. We never share them with third parties.
Your NINO is stored encrypted and used only for HMRC API calls. You can disconnect your HMRC account at any time from Settings, which revokes tokens and removes them from our database.
Open banking connection
If you choose to connect a bank account, we use Yapily Connect Ltd, an FCA-authorised Account Information Service Provider (AISP, FRN 827001), to retrieve transaction data on a read-only basis. We never have your bank credentials — those are entered directly with your bank.
Cadi Software Ltd is registered with the FCA as an agent of Yapily Connect Ltd under their AISP permission. This means Yapily is the regulated party providing the open banking service; Cadi acts on your behalf under Yapily's permission. You can verify our agent status on the FCA Financial Services Register.
Your consent under PSD2 lasts up to 90 days. We send a renewal prompt approximately 14 days before expiry so you have time to re-authorise without losing access.
Under Open Banking regulations:
- Consent lasts up to 90 days, after which you'll be prompted to re-authorise
- You can revoke access at any time through either your bank's app or in Cadi Settings → Banking
- We cannot move money or make payments — only read transactions you authorise
- Cadi uses the data solely to categorise transactions, match invoices, and prepare MTD submissions
Yapily acts as our data processor under our agreement; their privacy policy is at yapily.com/legal/privacy-policy.
Scheduler — maps, geocoding and weather
The Scheduler displays customer locations on small route maps and uses weather forecasts to flag rain-affected jobs. To do this we send limited data to three external services:
- postcodes.io — your customers' postcodes are sent to this free UK postcode lookup service to convert them into map coordinates. No customer name or contact details are sent. Results are cached locally in your browser so each unique postcode is only sent once per device.
- Carto / OpenStreetMap — the map tiles themselves are served by CARTO using OpenStreetMap data. Your IP address and the map area you're viewing reach these providers (a normal consequence of loading any map).
- Met Office DataHub — we request weather forecasts for the postcode areas you have jobs in. Only the postcode is sent; no customer identity is attached.
None of these services receive financial data, HMRC tokens, or anything Cadi marks as sensitive.
Direct debit collection
If you enable customer direct debit collection, we use GoCardless (FCA FRN 597190) as the payment processor. Your customers' bank details are entered directly with GoCardless — Cadi never sees them. GoCardless is the controller for the bank details they collect; their privacy policy is at gocardless.com/legal/privacy.
AI processing
Some features (conversational onboarding, the service builder, money insights, weekly reports) use AI models provided by Anthropic. When you use these features, the relevant content you provide is sent to Anthropic for processing.
Anthropic processes this data as our data processor under their commercial terms, does not train on it, and retains it only for the duration needed to return a response (plus short-term abuse-monitoring caches). No bank credentials, NINO, or HMRC tokens are ever sent to Anthropic.
Sub-processors
We share data with these processors solely to provide the service:
- Supabase — database, authentication, edge functions (EU region)
- Vercel — application hosting and CDN
- Stripe — subscription billing
- GoCardless — customer direct debit collection (when enabled)
- Yapily — open banking transaction access (when enabled)
- HMRC — MTD ITSA and RTI submissions on your behalf
- Anthropic — AI features (onboarding, insights, reports)
- Resend — transactional email (welcome, billing, reports)
- FullStory — anonymised session replay (opt-in only)
We do not sell your data to third parties. We do not use it for advertising.
Data retention
We retain your data for as long as your account is active. If you delete your account from Settings, we begin erasure within 7 days and complete it within 30 days, except where retention is required by law (specifically: HMRC requires you keep tax records for 5 years and 10 months from the end of the relevant tax year — anonymised tax-relevant records may be retained for this period).
Bank transaction data syncs are retained while your bank is connected and for 12 months after disconnect (to support tax return preparation), then deleted.
Server logs are retained for 30 days for security and operational purposes.
International transfers
Our primary data store is hosted in the EU (Ireland). Some sub-processors (Anthropic, Stripe, FullStory, Vercel) process data in the United States. These transfers rely on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses as the safeguard.
Security
We protect your data with: TLS 1.2+ encryption in transit, AES-256 encryption at rest, row-level isolation between businesses, single-sign-on for staff access, principle-of-least-privilege for internal access, and regular dependency updates.
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and you without undue delay.
Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict processing
- Data portability
- Lodge a complaint with the ICO (ico.org.uk)
To exercise any of these rights, contact us at support@cadi.cleaning.
Audit log
Cadi keeps an internal log of sensitive actions taken on your account — customer archives and erasures, SAR exports, job deletions, bulk round changes, and invoice payment events. This log is private to you and is provided so you can demonstrate accountability if asked by the ICO or a customer. We never use it for advertising or share it outside your account.
Cookies
Cadi uses essential cookies for authentication and session management. With your consent (via the cookie banner) we also use FullStory for anonymised session recording — this helps us debug issues and improve usability. You can change your choice at any time by clearing your cookies and reloading the app.
Changes to this policy
We may update this policy from time to time. We will notify you by email of any material changes. Continued use of Cadi after changes constitutes acceptance of the updated policy.
Questions? Email support@cadi.cleaning · Terms & Conditions