Legal
Storage, sub-processors, transfers, retention, and our Data Processing Addendum (DPA).
Last updated: 13 May 2026
This Data Handling Policy supplements our Privacy Notice and our Terms of Service. It sets out, in one place, how TrueBooks stores and handles data, who our sub-processors are, what international transfers we make, and how long we retain each category of data. Section 6 (Data Processing Addendum) constitutes the contractual agreement under Article 28 of the UK GDPR for those situations in which we act as your data processor.
TrueBooks has two distinct roles, depending on the category of data:
When you connect an Amazon Seller account, we access only:
We do not access end-customer names, postal addresses, email addresses, telephone numbers, payment-card details, product reviews, advertising data, listings, browsing data or any data unrelated to financial settlements.
Your Amazon credentials (refresh token) are encrypted at rest using AES-256-GCM and used only to retrieve the data above on your behalf. They are never shared with any third party and are never visible to TrueBooks staff.
When you connect Xero, we post settlement data to your Xero organisation when you explicitly request it (manually or via the Auto Post toggle). We retain only the access and refresh tokens (encrypted at rest) and minimal metadata — tenant ID, organisation name, base currency, organisation type, tax-account chart — required to perform the post.
Where you connect Alibaba.com Open Platform, eBay Marketplace, or sign in via Google or Xero OIDC, we receive the data described in Section 2.3 of our Privacy Notice, subject to the scopes you grant.
You can disconnect any connected platform at any time from Settings → Integrations. Disconnection immediately stops further data retrieval and our copy of the access / refresh tokens is zeroed in our database. Data previously imported into your TrueBooks account is preserved so your accounting history is not lost; you may delete that data on request to support, subject to legal-retention requirements (Section 5).
Primary application data (the Postgres database, Redis caches, encrypted raw-settlement backups, application logs) is stored on infrastructure located in the United Kingdom. Customer accounts are logically isolated at the database level so that no other TrueBooks customer can access your data.
Where data is processed outside the UK by a sub-processor (see Section 7), an appropriate Article 44–49 transfer safeguard is in place.
We retain personal and business data only for as long as necessary for the purposes set out in our Privacy Notice. The retention periods we apply by category are:
| Data category | Retention | Legal basis |
|---|---|---|
| Account profile | Account lifetime + 30 days | Contract |
| Authentication credentials | Account lifetime; deleted at closure | Contract |
| Login + session metadata | 30 days after session ends | Legitimate Interests (security) |
| Audit log | 12 months | Legitimate Interests (security) / Legal Obligation |
| Billing records (invoices, charge events) | 6 years from end of accounting period | Legal Obligation (HMRC, Companies Act) |
| Settlement / transaction data | 6 years from end of tax period | Legal Obligation (HMRC) |
| Raw third-party data (integrity) | 30 days (encrypted at rest) | Legitimate Interests (integrity) |
| Marketing opt-in records | Until withdrawn + 30 days | Consent |
| Public-page analytics | 90 days | Legitimate Interests (analytics) |
| Support / live-chat conversations | 12 months from last message | Legitimate Interests (support) |
When you close your TrueBooks account from Settings → Security → Delete Account, your account profile (name, email, phone, password) is deleted within thirty (30) days. Login sessions and trusted-device tokens are invalidated immediately. Authentication credentials are deleted on closure. Login IP records are retained for ninety (90) days to support fraud-prevention investigation.
Financial records (settlement and transaction data, billing records) are retained for the period required by UK law — typically six (6) years from the end of the relevant tax year — to meet HMRC record-keeping obligations under the VAT Regulations 1995 and Companies Act 2006. After account closure this data is held in an archived state and is not accessible through the TrueBooks application.
If your Subscription is cancelled or your trial expires without conversion, your account enters a grace period. After ninety (90) days of continued inactivity, the account and non-financial data are eligible for deletion under the schedule above. Financial records are retained as required by law.
You can request deletion of personal data we hold about you at any time by emailing support@truebooks.co.uk. We will confirm what can be deleted immediately and what must be retained for legal-obligation reasons. Where retention is required, the data will be held in archived form (not accessible through the application) and deleted at the end of the legally-mandated period.
This Section 6 forms part of our agreement with you when you are the data controller of personal data processed by us as data processor (typically, personal data about your end-customers within settlement information you process through the Service). It is intended to satisfy the requirements of Article 28(3) of the UK GDPR.
Subject matter: provision of the TrueBooks accounting-automation Service. Nature of processing: retrieval, classification, storage, accounting export and reporting of financial settlement data on behalf of the controller. Purpose: to enable the controller to maintain accurate accounting records for the controller’s online-selling business.
Processing continues for the term of the Service contract, plus the legally-required retention period (Section 5).
Categories of personal data: order identifiers, SKU references, financial line items, shipping country (where retrieved), marketplace identifiers. We do not retrieve or process end-customer names, addresses, contact details or payment-card information.
Categories of data subjects: the controller’s end-customers, identified only by an opaque order reference issued by the connected marketplace.
We will:
If we become aware of a personal-data breach affecting personal data we process on your behalf, we will notify you without undue delay (and in any event within seventy-two (72) hours of becoming aware), with the information you reasonably need to comply with your own notification obligations under Articles 33 and 34 of the UK GDPR.
We will not transfer personal data we process on your behalf outside the UK without an appropriate Article 44–49 safeguard in place. Where we engage a sub-processor based outside the UK, we use the International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum, as applicable.
The following sub-processors are engaged in delivering the Service. Each is subject to a written data-processing agreement. Where any process personal data outside the UK, the Article 44–49 safeguard in place is noted.
| Sub-processor | Purpose | Location | Transfer safeguard |
|---|---|---|---|
| Cloud hosting provider | Compute, storage, database, caches | United Kingdom | UK — n/a |
| Stripe Payments UK, Ltd | Payment processing, subscription billing, tax calculation | United Kingdom / United States | UK + IDTA / SCCs with UK Addendum |
| Postmark (ActiveCampaign LLC) | Transactional email delivery (password reset, verification, billing receipts, settlement notifications) | United States | IDTA / SCCs with UK Addendum |
| MSG91 (Walkover Web Solutions Pvt Ltd) | SMS delivery for phone-number verification and SMS two-factor authentication | India | IDTA / SCCs with UK Addendum |
| Chatwoot Inc. | Live-chat support (activated only when you start a conversation) | United States | IDTA / SCCs with UK Addendum |
When you connect a third-party platform to your TrueBooks account, you authorise us to exchange data with that platform at your instruction. These platforms are not sub-processors of TrueBooks — you have your own direct relationship with each, and each operates under its own terms and privacy notice:
Each customer’s data is logically isolated at the database level. All cross-customer operations and admin queries pass through application-level controls that scope queries to a single workspace.
TrueBooks staff access production data only on a need-to-know basis to investigate a support issue, resolve a security incident or fulfil a legal obligation. All access by staff is logged and audited. Where a staff member needs to view-as a specific user account for support purposes, an “impersonation session” mechanism is used; this is time-limited, read-only, prompts for a fresh second-factor, and is recorded in the audit log with the reason given.
We apply technical and organisational measures appropriate to the risk in accordance with Article 32 of the UK GDPR, including:
Further detail is in our Security Notice.
We may update this Policy from time to time. When we add or change a sub-processor, we will notify subscribed customers by email at least thirty (30) days before the change takes effect to allow you to object if you consider the change material. Other material changes are notified by email and reflected in the “Last updated” date above.
Data-handling questions, sub-processor objections or data-subject requests should be addressed to support@truebooks.co.uk, or by post to: Ideal Creations Ltd, Princes Road, Buckhurst Hill, Essex, IG9 5DZ, United Kingdom.
TrueBooks is an independent third-party solution. TrueBooks is not affiliated with, endorsed by, sponsored by, or otherwise associated with Amazon.com, Inc. or any of its subsidiaries. Amazon, Amazon Seller Central, Selling Partner API, FBA, and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates. Xero is a registered trademark of Xero Limited. All other trademarks are the property of their respective owners. See our Amazon disclaimer for more detail.