Privacy Policy

Effective date: 19 May 2026

Overview

This Privacy Policy describes how Auditara ("we", "us", "our"), operated by Auditara Ltd, collects, uses, and protects your personal information when you use the Auditara programme management platform at auditara.io.

Auditara is not an AI platform. We do not process your data through AI models. We do not use your data to train any model. We do not sell your data to any third party.

Data Controller

Auditara Ltd

United Kingdom

Contact: hello@auditara.io

Supervisory Authority: UK Information Commissioner's Office (ICO) — ico.org.uk

What We Collect

  • Account information: Your name and email address, obtained via Google OAuth when you sign in. We do not store passwords.
  • Programme data: Client names, engagement notes, target certification dates, activity commentary, and completion status that you create within the platform.
  • Evidence files: Documents and files you upload to programme activities, stored in a private encrypted storage bucket.
  • Billing information: Subscription status and Stripe customer identifiers. We never store card numbers. Payment card data is handled exclusively by Stripe.
  • Usage data: Page views, feature interactions, and session data collected to improve the platform. Configured to exclude personally identifiable information.
  • Error logs: Anonymised error reports to support debugging. No programme data or file content is included.

How We Use Your Information

  • To provide the service: Authenticate your account, store your programme data, and deliver the features you have requested. Legal basis: Contract performance.
  • To improve the service: Analyse usage patterns and fix technical issues. Legal basis: Legitimate interest.
  • To process payments: Manage your subscription and billing via Stripe. Legal basis: Contract performance.
  • To comply with the law: Retain billing records as required by HMRC. Legal basis: Legal obligation.

Who We Share Your Information With

We share your data only with the following service providers, each bound by data processing agreements:

ProviderPurposeLocation
SupabaseDatabase, authentication, file storageEU West
StripePayment processingGlobal, PCI DSS Level 1
GoogleOAuth authenticationGlobal
LovableWeb application hostingEU
BetterstackUptime monitoringEU

We do not share your data with AI providers. We do not use third-party advertising or marketing analytics.

Data Storage and Residency

All programme data and uploaded evidence files are stored in the EU West region via Supabase. Billing data is processed by Stripe under their standard GDPR-compliant terms.

Data Retention

Account data is retained while your account is active. Programme data and evidence files are retained until you delete them or delete your account. Billing records are retained for 7 years as required by HMRC. On account deletion, all personal data is permanently deleted within 30 days.

Your Rights Under UK GDPR

You have the right to access, correct, export, and delete your personal data. You also have the right to object to processing and to lodge a complaint with the ICO at ico.org.uk.

To exercise any right, email hello@auditara.io with the subject line "Privacy Request". We will respond within 30 days.

Children

Auditara is not intended for individuals under 18. We do not knowingly collect data from minors.

Changes to This Policy

We will notify you by email at least 14 days before any material change to this policy. The effective date at the top of this page will be updated with each revision.

Contact

hello@auditara.io

← Back to home