VioTrade

Privacy Policy

Last updated: March 2026

1. Data Controller

VioTrade ("we", "us", "our") is the data controller responsible for your personal data. If you have questions about this policy or wish to exercise your data rights, contact us at support@viotrade.co.uk.

2. Platforms Covered

This privacy policy applies to:

  • The VioTrade web application at viotrade.co.uk
  • The VioTrade mobile application for iOS and Android
  • Any websites generated and hosted through our platform
  • Any communications sent through our platform (emails, quotes, invoices)

Collectively referred to as "our Services".

3. Data We Collect

We may collect and process the following personal data:

  • Account information - name, email address, and hashed password when you create an account.
  • Business information - business name, trade type, contact details (phone, email, address), service descriptions, and business logo used to generate and configure your website.
  • Payment information - processed securely by Stripe. We do not store your card details on our servers.
  • Website content - AI-generated pages, CMS edits, uploaded images, customer reviews, and gallery photos.
  • Lead and customer data - names, email addresses, phone numbers, and enquiry messages submitted by visitors through your website contact forms.
  • Quotes and invoices - line items, amounts, tax rates, client details, payment status, and related correspondence.
  • Expense data - descriptions, amounts, categories, vendors, VAT rates, VAT amounts, dates, currency, and notes.
  • Receipt images - photographs or scans of receipts uploaded for expense tracking, which are processed by AI to extract financial data.
  • Analytics data - anonymised page view data on your generated websites, only collected if visitors accept cookies.
  • Device information - when using our mobile app: device type, operating system, and push notification tokens for delivering alerts.
  • Usage data - how you interact with the VioTrade dashboard and mobile app to help us improve our services.
  • Phone number - collected during account verification via SMS one-time passcode.
  • Calendar data - event titles, dates, times, locations, reminders, linked contacts, and auto-generated events from quotes and invoices.
  • Job data - job descriptions, notes, site photos, uploaded documents, and linked expenses, quotes, and invoices.
  • RAMS documents - AI-generated risk assessments and method statements for construction trades.
  • Voice commands - text transcriptions of voice commands processed by AI to create leads, quotes, invoices, expenses, calendar events, and jobs. Audio is not stored.
  • Social media data - OAuth access tokens (encrypted at rest), post content, scheduling data, and engagement analytics from connected Facebook, Instagram, and Google Business Profile accounts.
  • Marketing lead data - if you submit your details through one of our social media lead forms (e.g. on Facebook or Instagram), we collect your name, email address, and trade type. This data is used to send you a short series of introductory emails about VioTrade. You can unsubscribe from these emails at any time using the link in each email.

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contract - processing necessary to provide our services to you (Article 6(1)(b)).
  • Consent - for analytics cookies and marketing communications (Article 6(1)(a)).
  • Legitimate interest - for improving our platform and preventing fraud (Article 6(1)(f)).

5. How We Use Your Data

  • To provide, maintain, and improve our web and mobile platforms.
  • To generate, host, and publish your business website.
  • To process and deliver lead enquiries from your website visitors, and send you notification emails about new leads.
  • To create, send, and track quotes and invoices on your behalf.
  • To record and categorise your business expenses.
  • To process receipt images using AI to extract and pre-fill expense data.
  • To generate accounting reports including profit & loss statements, VAT summaries, and CSV exports.
  • To process payments and manage your subscription through Stripe.
  • To send transactional emails including account verification, payment confirmations, website publish notifications, lead alerts, quote and invoice correspondence, and overdue payment reminders.
  • To deliver push notifications to your mobile device (e.g., new lead alerts).
  • To analyse platform usage and improve our services.
  • To verify your phone number during account setup via SMS one-time passcodes.
  • To manage calendar events, reminders, and auto-generated scheduling from quotes and invoices.
  • To manage jobs including notes, site photos, documents, and AI-generated invoices from job data.
  • To generate RAMS (Risk Assessment and Method Statement) documents using AI.
  • To process voice commands via AI to create and manage business data hands-free.
  • To connect and publish content to your Google Business Profile, Facebook, and Instagram accounts when you authorise these integrations.
  • To sync reviews and engagement analytics from your connected social media accounts.
  • To send marketing emails if you submit your details through a social media lead form. You will receive up to 5 introductory emails over 10 days. Each email includes an unsubscribe link. We stop sending marketing emails immediately if you unsubscribe or sign up for a VioTrade account.

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Stripe - for secure payment processing, under their privacy policy.
  • Amazon Web Services (AWS) - for website hosting and content delivery (S3 and CloudFront), file storage (including receipt images, job documents, website assets, and generated content).
  • OpenAI - for AI-powered content generation, receipt image parsing, voice command processing, RAMS document generation, and invoice generation from job data. Business information you provide is sent to OpenAI's API for processing.
  • Groq Inc. (USA) - for speech-to-text transcription of voice commands via the Groq Whisper API. Short audio recordings are transmitted to Groq for transcription and are not stored after processing. Privacy policy: groq.com/privacy
  • ElevenLabs Inc. (USA) - for text-to-speech synthesis of voice agent spoken responses. Response text is transmitted to ElevenLabs to generate audio. No personal data is included in text-to-speech requests. Privacy policy: elevenlabs.io/privacy
  • Resend - for transactional email delivery.
  • Expo - for push notification delivery to our mobile app.
  • Vonage - for SMS phone verification and one-time passcode delivery during account setup.
  • Google - for Google Business Profile integration including review management, local post publishing, and business information updates, when you connect your Google account.
  • Meta (Facebook/Instagram) - for social media post publishing and engagement analytics, when you connect your Facebook or Instagram accounts. We also use the Meta Pixel on our marketing website to measure advertising effectiveness (only active with your cookie consent).
  • Law enforcement or regulatory bodies where required by law.

7. Receipt and Image Data

When you upload a receipt image for expense tracking:

  • The image is uploaded to and stored on Amazon Web Services (AWS) S3.
  • The image may be sent to OpenAI's API for AI-powered data extraction (vendor, amount, date, VAT rate).
  • Extracted data is used to pre-fill expense fields for your convenience.
  • Receipt images are permanently deleted from our servers when you delete the associated expense.
  • We do not use your receipt images for any purpose other than expense data extraction.

8. Mobile Application Data

When you use the VioTrade mobile app:

  • Authentication is handled via secure bearer tokens stored in your device's encrypted storage.
  • Push notification tokens are collected solely to deliver lead alerts and are stored on our servers.
  • The mobile app accesses the same data as the web platform - no additional personal data is collected.
  • Camera and photo library access is used for receipt scanning and job site photography.
  • Voice commands are recorded and uploaded to Groq's API for speech-to-text transcription. The transcript text is then sent to our servers for AI processing. Audio recordings are not stored after transcription.
  • A short excerpt of your voice command transcript (up to 500 characters) is retained on our servers for service analytics and usage quota enforcement. This data is linked to your account and is not shared with third parties beyond the subprocessors listed in this policy.
  • You can revoke push notification permissions at any time through your device settings.

9. Data Retention

Account data is retained for the duration of your active account. If you delete your account, your personal data will be deleted within 30 days.

Business data including leads, quotes, invoices, expenses, and website content is retained while your account is active and deleted when you delete your account.

Receipt images are deleted when the associated expense is deleted, or when your account is deleted.

Payment records are retained as required by UK law for accounting and tax purposes (typically 6 years).

10. Your Rights

Under UK GDPR, you have the right to:

  • Access - request a copy of the personal data we hold about you.
  • Rectification - request correction of inaccurate data.
  • Erasure - request deletion of your personal data ("right to be forgotten").
  • Restriction - request we limit how we use your data.
  • Portability - receive your data in a structured, machine-readable format.
  • Objection - object to processing based on legitimate interest.
  • Withdraw consent - withdraw consent at any time where processing is based on consent.
  • Unsubscribe from marketing emails - click the unsubscribe link in any marketing email to stop receiving them immediately. You can also contact us to be removed from our marketing list.

To exercise any of these rights, please contact us at support@viotrade.co.uk. We will respond within one month.

11. Cookies

We use cookies on this website. For full details on which cookies we use and how to manage them, please see our Cookie Policy.

12. International Transfers

Some of our service providers (AWS, OpenAI, Stripe, Expo, Vonage, Google, Meta) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or equivalent mechanisms approved under UK GDPR.

13. Children

Our services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at support@viotrade.co.uk and we will delete it promptly.

14. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

15. Company Information

VioTrade is a product of Vioscale Technologies Ltd, registered in England & Wales. Company Registration Number: 14751646. Registered address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

16. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or business practices. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.