PRIVACY NOTICE
How we look after your data.
Plain English. UK GDPR-shaped. Specific to LedgerSense — not generic SmartScanit Group boilerplate.
[square brackets] need filling in before this goes live.
1 · What this notice covers
This privacy notice explains how SmartScanit Group Ltd (“we”, “us”, “SmartScanit”) collects and uses personal data when:
- You visit the LedgerSense product pages on smartscanitgroup.co.uk
- You submit the LedgerSense pilot enquiry form
- Your firm uses the LedgerSense plugin for Claude (the “Service”) to conduct forensic financial analysis
This notice is specific to LedgerSense. SmartScanit Group’s other products (SiteSense, LanguageSense, LetterSense, CreditSense, OverpaymentSense, DebtSense, TaxSense) have their own privacy notices.
If you are a client whose firm has engaged us for forensic work, your firm is the data controller of the bank statements and ledger data they upload to LedgerSense; we are a data processor acting on their instructions. Section 9 covers that relationship.
2 · The data we collect
2.1 Data you provide directly
When you submit the pilot enquiry form on smartscanitgroup.co.uk/ledgersense-for-firms/, we collect:
- Firm name and your name
- Your role at the firm (Partner, Solicitor, Practice manager, etc.)
- Work email address
- Phone number (optional)
- Firm size, expected schedule volume, tier of interest
- The types of forensic work your firm undertakes
- Whether your firm currently uses Claude
- How you heard about us
- Any free-text notes you choose to include
When your firm engages LedgerSense under a Pilot, Standard, High-Volume or Enterprise tier, we additionally collect:
- The firm’s invoicing details (company number, registered address, billing contact, VAT number)
- The named users authorised to use the Service on the firm’s behalf
- An OAuth-issued access token associated with the firm’s tenant. We do not see, store, or have access to any user’s Claude account credentials — only the OAuth tokens minted via the standard OAuth 2.1 + PKCE flow.
2.2 Data your firm uploads through the Service
When solicitors at your firm use LedgerSense to perform forensic analysis, the following may be uploaded into our infrastructure:
- Bank statements (typically CSV exports)
- Sales and purchase ledgers
- Statutory accounts
- Payroll and dividend summaries
- Any other source documents relevant to a forensic matter
These documents will contain personal data about your firm’s clients, opposing parties, third parties named in transactions, payees, and other natural persons. Your firm — not SmartScanit — is the data controller of this information, and is responsible for ensuring that uploading it to LedgerSense is lawful under your engagement with the client and applicable law (Solicitors Regulation Authority code, UK GDPR, Data Protection Act 2018, professional privilege).
2.3 Data we collect automatically
When you use the Service we record technical information including:
- IP addresses and user-agent strings of requests to our MCP server
- A SHA-256 hash-chained audit trail of every state-changing action taken on a matter (matter creation, document attachment, schedule production), including the actor (the firm’s tenant) and timestamp
- Cloudflare Worker logs (request status, latency, error traces; retained 7 days)
- Airtable platform logs (operational metadata; retained per Airtable’s terms)
We use cookies on smartscanitgroup.co.uk for essential site function, analytics, and (with your consent) marketing — see the cookie banner on first visit. The Service itself (the MCP plugin inside Claude) does not set cookies.
3 · Why we use your data, and the lawful basis
| Purpose | Categories of data | Lawful basis |
|---|---|---|
| Responding to your pilot enquiry | Form submissions (§2.1) | Legitimate interests — operating our business and responding to commercial enquiries you initiated |
| Providing the LedgerSense Service to your firm | Firm engagement details, OAuth tokens, source documents uploaded (§2.1, §2.2) | Contract — performance of the engagement letter / Master Services Agreement |
| Producing the audit trail | Action records, actor IDs, timestamps (§2.3) | Legal obligation and legitimate interests — the audit chain is what makes the schedule fit for use in proceedings |
| Billing | Firm contact and payment details | Contract — invoicing under the engagement |
| Security, abuse prevention, debugging | Worker logs, request metadata | Legitimate interests — protecting the integrity of the Service and our clients’ data |
| Marketing about LedgerSense and related SmartScanit products | Email address from the pilot form | Legitimate interests / soft opt-in for similar services; you can object at any time (see §8) |
We do not rely on consent as the lawful basis for the Service itself — we rely on contract. We rely on consent only for non-essential website cookies and any future marketing campaigns where the soft opt-in does not apply.
4 · Who we share data with
LedgerSense relies on a small number of carefully chosen sub-processors. Each one is bound by a written contract that includes UK GDPR Article 28 data-processor terms.
| Sub-processor | Role | Data processed | Location |
|---|---|---|---|
| Cloudflare, Inc. | Edge compute (Workers), OAuth state store (KV) | All MCP requests; OAuth tokens; transient auth codes | EU / global |
| Airtable, Inc. | Matter store: tenants, matters, documents, schedules, audit trail | All data uploaded into the Service; all derived analysis output | US-served at present [note: investigating EU region availability] |
| Anthropic, Inc. | Underlying AI model used inside the firm’s Claude session | Conversation contents only during processing — Anthropic do not retain commercial API conversation contents for training purposes | US, with EU regional inference on Claude Team / Enterprise |
| Make.com (Celonis) | Orchestration of certain non-real-time workflows (lead capture; optional Drive write-back) | Pilot enquiry form submissions; selectively, derived schedule artefacts | EU |
| Google LLC (Google Workspace) | Email notifications and our team mailbox | Notification emails; our internal correspondence | EU / US |
| Stripe Payments UK, Ltd. | Card payment processing for paid tiers | Firm billing details and transaction records — we never see full card numbers | UK / EU |
| WordPress hosting [insert provider] | Hosting of the public marketing pages | Form submissions before forwarding to Make; cookie data | [insert region] |
We share data with law enforcement or other government bodies only where we are legally required to (a court order, statutory request, or equivalent), and will inform the affected data subject(s) where doing so is lawful.
We do not sell personal data, and we do not use it for purposes incompatible with those stated in this notice.
5 · International transfers
Some sub-processors (Anthropic, Airtable, Stripe US entity) are headquartered in the United States. Where data is transferred outside the UK or EEA, the transfer is protected by:
- The UK International Data Transfer Agreement (where the importer offers it), or
- The European Commission’s Standard Contractual Clauses with the UK Addendum, supplemented by transfer impact assessments where appropriate.
For enterprise clients with stricter requirements, we offer a Zero Data Retention add-on that keeps your firm’s matter data in-region with no model-vendor retention.
6 · How long we keep your data
| Data | Default retention |
|---|---|
| Pilot enquiry form submissions | 24 months from submission, then deleted unless a Service engagement has begun |
| Firm engagement records (contracts, billing) | 7 years after the engagement ends, per UK statutory accounting retention |
| Matter data (uploaded documents, derived schedules) | As specified in your firm’s engagement letter; default 7 years |
| Audit trail entries | Retained for the lifetime of the matter, plus 7 years |
| Cloudflare Worker logs | 7 days |
| Cookie data | Per cookie consent settings; see cookie banner |
We can delete matter data on a shorter cycle on request, subject to any legal or regulatory obligation that requires us to retain it.
7 · How we protect data
- Encryption in transit: TLS 1.3 to all our endpoints (MCP, OAuth, public pages).
- Encryption at rest: AES-256 (Cloudflare KV); Airtable platform encryption.
- Authentication: OAuth 2.1 + PKCE with RS256-signed JWT access tokens; no password-based access to the Service.
- Tenant isolation: every read from our matter store is filtered by the
tenant_idpresent in the bearer JWT; firms cannot see each other’s data. - Audit trail: SHA-256 hash-chained, append-only, tamper-evident; any modification to a sealed entry breaks the chain irrecoverably.
- Access control: principle of least privilege within SmartScanit; only named operations personnel have access to production infrastructure, logged and reviewable.
- Cyber Essentials: certification in progress, targeted Q3 2026. ISO 27001 is on our 24-month roadmap.
We will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of a personal-data breach that poses a risk to data subjects, and the affected firms and (where appropriate) end data subjects without undue delay.
8 · Your rights under UK GDPR
If you are a data subject whose personal data we process, you have the right to:
- Access the personal data we hold about you (a Subject Access Request)
- Rectify inaccurate data
- Erase your data (“right to be forgotten”), subject to overriding legal obligations on us to retain it
- Restrict processing in certain circumstances
- Object to processing based on legitimate interests, including for marketing
- Data portability for data you provided to us
- Not be subject to decisions based solely on automated processing that have legal or similarly significant effects on you. LedgerSense produces draft schedules; the practitioner makes the legal decision based on them.
To exercise any of these rights, email privacy@smartscanitgroup.co.uk with the request and enough detail to identify your records. We aim to respond within one month (extendable to three for complex requests, with notice).
If you are unhappy with how we have handled your personal data, you can complain to the UK Information Commissioner’s Office at ico.org.uk or 0303 123 1113.
9 · Where your firm is the controller and we are the processor
When solicitors at a firm use LedgerSense to analyse documents relating to a client matter, the firm is the controller of the personal data in those documents. SmartScanit Group Ltd acts as a processor on the firm’s instructions. The processing terms are set out in:
- Our Master Services Agreement / engagement letter with the firm
- Schedule A to the MSA: the Data Processing Agreement (DPA), which carries the Article 28 mandatory clauses and the sub-processor list
A current copy of the DPA is available on request from ledgersense@smartscanitgroup.co.uk. We provide signed Standard Contractual Clauses where international transfers are involved.
If you are a client of a firm that uses LedgerSense and want to exercise your rights as a data subject, contact your firm in the first instance — they are best placed to identify and correct your records. We will support the firm’s response.
10 · Children
The Service is not aimed at children, and we do not knowingly collect personal data from anyone under 18. If we become aware that we hold personal data of a child collected without appropriate consent, we will delete it.
11 · Changes to this notice
We will update this notice when our practices change. The version and effective date at the top are the canonical reference. Material changes will be communicated to engaged firms by email and posted on this page at least 30 days before they take effect.
For LedgerSense-specific questions: ledgersense@smartscanitgroup.co.uk. For wider Group privacy questions: privacy@smartscanitgroup.co.uk.
LedgerSense™ is a product of SmartScanit Group Ltd, a SenseEngine™ company.