Privacy Policy

Kit is a product of Stallion Company Ltd ("we", "us", "our"), a company registered in England and Wales. Our registered address is 4 Queen Street, Bath, BA1 1HE, United Kingdom.

We are registered with the Information Commissioner's Office (ICO) as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For data protection enquiries, contact us at: privacy@joinkit.co.uk

We collect the following categories of personal data:

Account information: Your name, email address, company name, and entity type when you create an account.

Financial data: Bank statement transaction data (dates, descriptions, amounts, balances) and PMS booking data (property names, guest names, booking dates, revenue figures) that you upload to Kit. We do not have access to your bank account login credentials. All financial data is provided by you via CSV file upload.

Property information: Property names, addresses, ownership types, landlord names, and staff names that you provide during onboarding.

Usage data: How you interact with Kit — pages visited, features used, categorisation decisions made. This is collected to improve the product and is not shared with third parties.

Technical data: IP address, browser type, device type, and operating system. Collected automatically for security and performance monitoring.

Communication data: Any messages you send to us via email or support channels.

We use your data for the following purposes:

To provide the Kit service: Processing your bank statements, categorising transactions, generating dashboards, and running the AI bookkeeper. Legal basis: performance of a contract.

To improve Kit: Analysing usage patterns to improve features, fix bugs, and develop new functionality. We never use your individual financial data to train AI models. Legal basis: legitimate interest.

To communicate with you: Sending service-related emails (account confirmation, feature updates, security alerts). We do not send marketing emails unless you explicitly opt in. Legal basis: legitimate interest / consent.

To comply with legal obligations: Responding to lawful requests from regulators or law enforcement. Legal basis: legal obligation.

Kit uses artificial intelligence to categorise transactions and answer questions about your financial data. When you use the "Ask Kit" feature, your financial summary data is sent to our AI provider's API to generate a response.

Important: Your individual transaction data is not used to train AI models. Our API providers' terms confirm that data sent via the API is not used for model training.

The AI processes your data in real time to generate responses and does not retain your data after the response is generated.

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Your data is stored on infrastructure that maintains SOC 2 Type II compliance. Servers are located in the EU/UK region.

Row-level security policies ensure that each user's data is isolated at the database level. No user can access another user's financial data.

Access to production data is restricted to authorised personnel only, using multi-factor authentication and role-based access controls.

We share your data only with the following categories of third parties, solely for the purpose of providing the Kit service:

Infrastructure providers: Database hosting and authentication.

AI providers: AI processing for the Ask Kit feature.

Stripe: Payment processing for subscriptions (and in future, financial account and card services).

We do not sell your data to anyone. We do not share your data with advertisers. We do not share your data with any other third parties.

Active accounts: Your data is retained for as long as your account is active.

Cancelled accounts: Your data is retained for 30 days after cancellation to allow you to export it. After 30 days, all data is permanently deleted.

You can request immediate deletion of your data at any time by contacting privacy@joinkit.co.uk.

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of all data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your data.
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a machine-readable format.
• Right to object: Object to our processing based on legitimate interest.

To exercise any of these rights, contact privacy@joinkit.co.uk. We will respond within 30 days.

If you are not satisfied with our response, you can complain to the Information Commissioner's Office (ICO) at https://ico.org.uk.

Kit uses essential cookies only — for authentication and session management. We do not use tracking cookies, advertising cookies, or analytics cookies that track you across other websites.

We may update this privacy policy from time to time. We will notify you of material changes via email or a notice within the Kit dashboard. The "last updated" date at the top of this page will always reflect the most recent version.