Who We Are

novariqelos operates as a data controller under UK GDPR and the Data Protection Act 2018. Our registered office is located at Quentin Blake Centre for Illustration, Rear of 28 Amwell St, London EC1R 1XU, United Kingdom.

When you use our expense tracking platform, we're responsible for deciding how your personal data gets processed. That's a responsibility we take seriously – your financial information isn't something we treat casually.

What Information We Collect

Here's what we gather and why. No hidden surprises, just the facts about what running an expense tracking service actually requires.

Information We Don't Collect

We don't gather your actual bank account credentials. We don't track your location unless you explicitly enable that feature for receipt capture. And we don't collect information about other apps on your device.

How We Use Your Information

Every piece of data we collect serves a specific purpose. Here's the breakdown:

• Providing the Service: Processing your expenses, generating reports, and maintaining your account. That's the basic contract between us.
• Security and Fraud Prevention: Monitoring for unusual activity, protecting against unauthorized access, and keeping your financial data safe.
• Service Improvements: Understanding which features work well and which need refinement. We analyze usage patterns (not individual expenses) to make better decisions.
• Customer Support: Helping you when things go wrong or when you have questions. We keep records of our conversations to provide consistent assistance.
• Legal Compliance: Meeting our obligations under UK financial regulations and data protection laws. Sometimes we're required to keep certain records.
• Communication: Sending important updates about your account, service changes, or security alerts. We'll ask separately before sending marketing emails.

Legal Basis for Processing

UK GDPR requires us to have a lawful basis for processing your data. Here's what applies to our operations:

• Contractual Necessity: Most of our processing happens because it's essential to provide the expense tracking service you signed up for.
• Legitimate Interests: We process some data to improve our service, prevent fraud, and ensure platform security. These are legitimate business needs that benefit everyone.
• Legal Obligations: Financial services have compliance requirements. Sometimes we must retain data to meet regulatory standards.
• Consent: For optional features like location-based receipt capture or marketing communications, we'll ask your permission first.

Data Retention Periods

We don't keep your information forever. Different types of data have different retention schedules based on practical and legal requirements.

After these periods end, we securely delete or anonymize your data so it can no longer identify you.

Who We Share Information With

We're selective about data sharing. Your information only goes to parties that need it for specific, legitimate purposes.

Service Providers

Cloud hosting companies store your data securely. Payment processors handle subscription payments. Email service providers deliver account notifications. These companies work under strict contracts that limit what they can do with your information.

Legal Requirements

Sometimes we're legally obligated to share information with authorities – think court orders, regulatory investigations, or serious fraud cases. We'll always verify the legitimacy of such requests.

Business Transfers

If novariqelos merges with another company or gets acquired, your data might transfer as part of that transaction. Any new owner would still be bound by this privacy policy's commitments.

We don't share your data with advertisers, data brokers, or unrelated third parties. Your expense information stays within the ecosystem needed to run the service.

Your Rights Under UK GDPR

Data protection laws give you substantial control over your personal information. Here's what you can do:

To exercise these rights, email us at info@novariqelos.com with your request. We'll verify your identity and respond within one month. If your request is complex, we might need an additional two months – but we'll let you know if that's the case.

Security Measures

Protecting financial data requires multiple layers of security. Here's how we approach it:

• Encryption: All data transmits over encrypted connections (TLS 1.3). Stored data uses AES-256 encryption. Your password gets hashed with industry-standard algorithms.
• Access Controls: Staff only access data when necessary for support or technical maintenance. All access gets logged and monitored.
• Infrastructure Security: We use reputable cloud providers with ISO 27001 certification and regular security audits.
• Monitoring: Automated systems watch for suspicious activity, unauthorized access attempts, and potential security breaches.
• Regular Testing: Periodic security assessments and vulnerability scans help identify potential weaknesses before they become problems.
• Incident Response: We have procedures for handling security breaches, including notifying affected users and authorities within required timeframes.

No system is perfectly secure – but we invest significant resources in protecting your information and staying ahead of evolving threats.

International Data Transfers

Your data primarily stays within the UK on servers located in British data centres. If we need to transfer information internationally (for example, using cloud services with global infrastructure), we ensure adequate protections are in place.

This means using standard contractual clauses approved by UK authorities, working with providers certified under appropriate frameworks, or employing other legally recognized safeguards. Any country receiving your data must offer protection essentially equivalent to UK standards.

Cookies and Tracking

Our platform uses cookies – small text files stored on your device. Some are essential for the service to function. Others help us understand usage patterns and improve performance.

Essential cookies handle things like keeping you logged in and remembering your preferences. Analytics cookies (which you can decline) show us which features get used most and where people encounter difficulties.

You can manage cookie preferences through your browser settings or our cookie preference center. Disabling essential cookies will affect platform functionality, but you're free to block optional ones.

Children's Privacy

novariqelos isn't designed for children under 18. We don't knowingly collect information from minors. If we discover that someone under 18 has created an account, we'll delete it promptly.

Parents who believe their child has provided us with personal information should contact us immediately so we can remove it.

Changes to This Policy

Privacy practices evolve as technology and regulations change. When we update this policy, we'll post the new version here with an updated date at the top.

For significant changes that materially affect your rights, we'll notify you by email or through a prominent notice on the platform. You'll have a reasonable period to review changes before they take effect.

Continuing to use novariqelos after changes become effective means you accept the updated policy.

Complaints and Concerns

If you're unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue. Most concerns can be addressed through direct communication.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority. You can reach them at ico.org.uk or by calling 0303 123 1113.

The ICO investigates complaints about data protection violations and can take enforcement action against organizations that breach regulations.