Skip to main content

Privacy Policy



Version: 3.4

Last Updated: 4th July 2026

This Privacy Policy explains how Tweed Tyne Technologies Ltd (“Company”, “we”, “us”, “our”) collects, uses, processes, stores, and protects personal data when you use BizHub365, including:

  • The website at https://bizhub365.com;
  • Web dashboards and APIs;
  • iOS applications distributed via the Apple App Store;
  • Android applications distributed via Google Play.

1. Data Controller

Tweed Tyne Technologies Ltd
5 South Charlotte Street
Edinburgh, Scotland, EH2 4AN
ICO Registration Reference: ZC184042

Contact: https://bizhub365.com/support

For the purposes of UK GDPR and EU GDPR, we act as:

  • Data Controller for account, billing, and platform data;
  • Data Processor where you upload tax or client data and we process it solely on your instructions.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Name
  • Email address
  • Telephone number (optional)
  • Billing and business address
  • Account credentials
  • Financial and tax-related information uploaded by you
  • Bank account and transaction data (where you choose to connect a bank account), such as account name/type, masked account identifiers, balances, transaction dates, amounts, merchant/descriptions, and related categories (if provided)
  • Technical logs (IP address, device type, browser type, timestamps)
  • Approximate device location (latitude and longitude), transiently processed and not stored by us, where you explicitly choose to use the "Use my location" feature on our public trades directory pages (see Section 6 — Location Services)
  • E-commerce integration data (where you connect a third-party store): customer names, email addresses, shipping and billing addresses, telephone numbers, order details, product descriptions, quantities, and financial transaction amounts imported from your connected platform on your instruction.

We do not sell personal data.


3. Data We Do Not Intentionally Collect

  • Advertising identifiers;
  • Device contact lists;
  • Biometric data;
  • Special category data unless voluntarily uploaded by you.

We do not collect or store device location data for tracking or profiling purposes. The limited, transient use of device location coordinates via the optional "Use my location" feature is described in Section 2 and Section 6.


4. Lawful Bases for Processing

  • Contractual necessity – to provide the Service;
  • Legal obligation – accounting and regulatory compliance;
  • Legitimate interests – platform security, service improvement, and direct marketing to corporate subscribers (see Section 5 — Marketing Communications);
  • Consent – where explicitly provided (including when you connect a bank account, or for marketing communications to individual subscribers, as described in Section 5).

5. How We Use Personal Data

  • Provide and maintain the Service;
  • Process payments;
  • Enable HMRC integrations and Submissions;
  • Provide bank feed functionality (if enabled by you), including importing transactions and supporting reconciliation and reporting features;
  • Respond to support requests;
  • Prevent fraud and ensure security;
  • Comply with legal obligations;
  • Sync orders, customers, and stock levels between connected e-commerce platforms and your BizHub365 account, where you choose to enable an integration.
  • Send marketing communications about our products, services, offers, and updates (see "Marketing Communications" below).

Marketing Communications

We may send marketing communications by email about our products, services, offers, and updates, including to email addresses captured via our landing pages, pricing guides, and other marketing forms.

  • Corporate subscribers — limited companies, LLPs, and Scottish partnerships, being bodies with separate legal personality — are not "individual subscribers" for the purposes of the Privacy and Electronic Communications Regulations 2003 (PECR). Where we send marketing emails to an address associated with a corporate subscriber, we rely on our legitimate interests under UK GDPR Article 6(1)(f) in promoting our services to other businesses. You may object to or opt out of such communications at any time.
  • Individual subscribers — including individuals, sole traders, and unincorporated partnerships — are protected under PECR. We will only send marketing emails to individual subscribers where you have given your consent at the point your details were collected, or where the narrower "soft opt-in" exemption applies (broadly: you provided your details to us in the course of, or negotiations for, a sale of a similar product or service, and were given a simple means to refuse marketing at that time and in every message since).

Every marketing email includes a clear and simple way to unsubscribe or opt out at any time, free of charge. Opting out of marketing communications does not affect your receipt of essential service, billing, or account-related communications.


6. Data Sharing

We may share data with the following processors and service providers:

  • Stripe (payment processing);
  • SMTP2GO (email delivery);
  • Anthropic, PBC (used internally to generate blog and marketing content; does not process your personal or financial data);
  • HMRC APIs (where you initiate a Submission);
  • Professional advisers, auditors, or regulators where required;
  • Law enforcement where legally compelled.

E-Commerce Platform Integrations

Where you choose to connect a third-party e-commerce platform, we act as your data processor to import and process data from that platform on your behalf. Each platform you connect is an independent data controller for the data held within it. You remain responsible for ensuring your customers have been informed that their data may be shared with BizHub365 for accounting and order management purposes.

Platforms we currently support:

  • WordPress / WooCommerce (self-hosted software installed on the merchant's own server; data is transmitted directly to BizHub365 via a plugin and is not shared with any WordPress or WooCommerce third-party infrastructure).
  • Magento / Adobe Commerce (Adobe Inc., United States)
  • PrestaShop (PrestaShop SA, France, European Union)
  • OpenCart (self-hosted software installed on the merchant's own server; data is transmitted directly to BizHub365 via a plugin and is not shared with any OpenCart third-party infrastructure).

Only the data necessary to create invoices, customer records, and stock entries within BizHub365 is imported. We do not share your e-commerce customer data with any other third party.

AI Processing (Anthropic Claude API)

We use the Anthropic Claude API internally to generate blog articles and marketing content for the Service. This processing does not involve your personal data, financial data, or any other business records you submit to BizHub365.

  • Purpose: Generating editorial and marketing content published on the Service.
  • Processor Role: Anthropic, PBC acts as a data processor under contractual terms designed to include appropriate data protection safeguards.
  • No Training Use: Anthropic does not use API inputs or outputs to train its models by default.

We require all processors to implement appropriate administrative, technical, and organisational safeguards.


7. International Transfers

Where personal data is transferred outside the United Kingdom or EEA, we rely on one of the following safeguards: UK adequacy regulations, the UK-US Data Bridge (where the recipient is a certified participant), International Data Transfer Agreements (IDTAs) issued by the ICO, or Standard Contractual Clauses (SCCs).

General Service Providers

Transfers to Anthropic (United States) are made under IDTAs or the UK-US Data Bridge where applicable.

E-Commerce Platform Integrations

Where you connect an e-commerce platform, personal data imported from that platform originates from each platform's own infrastructure. The applicable transfer mechanism for each supported platform is set out below.

Platform(s) Processing Location Transfer Mechanism
PrestaShop France (EU) UK adequacy regulations (EU)
Magento / Adobe Commerce United States IDTA or UK-US Data Bridge where the provider is a certified participant
WordPress / WooCommerce Merchant's own server No transfer to third-party infrastructure; data is transmitted directly to BizHub365 via a plugin
OpenCart Merchant's own server No transfer to third-party infrastructure; data is transmitted directly to BizHub365 via a plugin

8. Data Retention

We retain data only as long as necessary for contractual, regulatory, accounting, or legitimate business purposes.

Account data may be retained for up to 6 years after closure where required for tax and legal compliance.


9. Security

We implement administrative, technical, and organisational safeguards designed to protect Personal Data appropriate to the nature of the Service.

  • Encryption in transit using TLS;
  • Encryption at rest within managed database and storage environments;
  • Role-based access controls and authentication safeguards;
  • Secure cloud hosting infrastructure;
  • Access logging and monitoring of security-relevant events;
  • Routine patching and maintenance of infrastructure components.

Definition (Encryption at rest):

“Encryption at rest” means data stored within persistent storage systems (such as databases and backups) is encrypted using provider-managed or application-managed encryption controls.

While we take reasonable steps to protect data, no system can guarantee absolute security. We do not guarantee that unauthorised access, cyber-attack, loss, or disclosure will never occur.


10. Data Breaches

In the event of a personal data breach, we will assess and notify the ICO and affected individuals where required by law.


11. Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects.


12. Your Rights

Under UK GDPR and EU GDPR, you may:

  • Request access;
  • Request correction;
  • Request deletion;
  • Object to processing;
  • Request restriction;
  • Request data portability;
  • Opt out of marketing communications at any time, via the unsubscribe link in any marketing email, or by contacting us.

Requests can be submitted via: https://bizhub365.com/support

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We are registered with the ICO as a data controller, registration reference ZC184042.


13. Cookies

We use essential session cookies strictly required for authentication and Service functionality. We do not use advertising or behavioural tracking cookies.


14. Children’s Privacy

The Service is not intended for children under 13. We do not knowingly collect data from children.


15. Changes to This Policy

We may update this Privacy Policy periodically. Continued use of the Service constitutes acceptance of updates.


16. Contact

Tweed Tyne Technologies Ltd
5 South Charlotte Street
Edinburgh, Scotland, EH2 4AN
ICO Registration Reference: ZC184042
https://bizhub365.com/support