Privacy Policy

Privacy Policy

Last updated: February 2026

Who we are

Lodgr.ai ("Lodgr", "we", "us") provides HMRC deadline intelligence and practice management software for UK accounting firms. Our website is lodgr.ai and our application is accessible at app.lodgr.ai.

What data we collect

We collect the following categories of personal data:

  • Account data: name, email address, and password when you create an account.
  • Client data: company names, company numbers, and associated HMRC deadlines that you enter or import via Companies House.
  • Usage data: how you interact with the application, including pages visited, features used, and session duration.
  • Analytics data: anonymised website analytics collected via Plausible Analytics (no cookies, no personal data).

How we use your data

We use your data to:

  • Provide the Lodgr service, including calculating HMRC deadlines and generating AI email drafts.
  • Communicate with you about your account, including service updates and support responses.
  • Improve the service based on aggregated, anonymised usage patterns.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Legal basis for processing

We process your data under the following legal bases:

  • Contract: processing necessary to provide the service you have signed up for.
  • Legitimate interest: improving our service and ensuring security.
  • Consent: where you have explicitly opted in (e.g., marketing emails).

Data storage and security

All data is stored on EU-based servers (Supabase EU region). Data is encrypted in transit using TLS and at rest using AES-256 encryption. Each firm's data is isolated through row-level security at the database level.

Data retention

We retain your account and client data for as long as your account is active. If you delete your account, we remove all associated data within 30 days. Anonymised usage data may be retained indefinitely for service improvement.

Your rights under GDPR

As a data subject under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate personal data.
  • Erase your personal data ("right to be forgotten").
  • Restrict processing of your personal data.
  • Port your data to another service in a machine-readable format.
  • Object to processing based on legitimate interest.

To exercise any of these rights, email hello@lodgr.ai.

Sub-processors

We use the following sub-processors to provide the service:

  • Supabase (EU region) — database, authentication, and storage.
  • Vercel — application hosting and edge functions.
  • Anthropic — AI email drafting (no client data used for model training).
  • Plausible Analytics — privacy-focused website analytics.

Cookies

The Lodgr website does not use tracking cookies. Our analytics provider (Plausible) is fully cookie-free. The application uses essential session cookies for authentication purposes only.

Changes to this policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through the application.

Contact

For any privacy-related questions, contact us at hello@lodgr.ai.