Privacy policy
Last updated: 1 June 2026
This policy explains how we collect, use, and protect personal data across VoodooTech and our products, CompanyReach and StatementConverter.UK. We handle your data in line with the UK GDPR and the Data Protection Act 2018.
1. Who we are
The data controller is VOODOO TECH LIMITED (trading as VoodooTech), a company registered in England and Wales under company number 16024355, with registered office at Peel House, 34-44 London Road, Office 203, Morden, England, SM4 5BT, United Kingdom. We are registered with the Information Commissioner’s Office under reference ZC122614. For any privacy question, email [email protected].
2. The data we collect
- Account data: your name, email address, firm details, and a hashed password.
- Usage data: conversion and activity metadata, your credit ledger, and technical logs such as IP address, browser, and timestamps.
- Content you provide: for StatementConverter.UK, the PDF statements you upload, which are processed in memory and not retained beyond the conversion; for CompanyReach, the branding and letter content you configure.
- Billing data: limited information received from Paddle to manage your subscription, such as your name, country, the last four digits of your card, and transaction identifiers. We never receive or store your full card number.
3. Payments and card data
Payments are processed by Paddle.com Market Limited (Paddle), our Merchant of Record. Paddle collects and processes your payment details directly under its own privacy notice. We receive only the limited billing data described above so we can provision your plan, issue access, and support you.
4. How we use your data and our lawful bases
- To provide the Services (performance of a contract): creating your account, running conversions and searches, and managing Credits.
- To operate and improve (legitimate interests): security, fraud prevention, diagnostics, and service quality.
- To meet legal duties (legal obligation): accounting, tax, and responding to lawful requests.
- To communicate (consent or legitimate interests): service notices, and marketing only where you have agreed, with an easy opt-out.
5. Companies House data (CompanyReach)
CompanyReach surfaces records from the official Companies House Public Data API. That information is public sector information licensed under the Open Government Licence v3.0. Where you use CompanyReach for outreach, you act as the data controller for that outreach and are responsible for compliance with the UK GDPR, PECR, and your professional obligations.
6. Who we share data with
We share personal data only with providers that help us run the Services, under appropriate agreements: Paddle for payments and tax, our hosting and infrastructure providers, and our email provider. We do not sell your personal data. We may disclose data where required by law.
7. International transfers
Where a provider processes data outside the UK, we rely on an adequacy decision or on appropriate safeguards such as the International Data Transfer Agreement or Standard Contractual Clauses.
8. How long we keep data
We keep account and billing records for as long as your account is active and for as long afterwards as we need for legal, accounting, and dispute purposes. Uploaded statement files are discarded as soon as the conversion completes. You can ask us to delete your account at any time.
9. Your rights
Under the UK GDPR you have the right to access, correct, erase, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent. To exercise any right, email [email protected]. You also have the right to complain to the Information Commissioner’s Office, though we would welcome the chance to resolve your concern first.
10. Cookies
We use cookies and similar technologies that are strictly necessary to keep you signed in and to keep the Services secure, and, where you agree, a small number for analytics. You can control non-essential cookies through your browser or any cookie controls we provide.
11. Security
We use technical and organisational measures appropriate to the risk, including encryption in transit, hashed passwords, access controls, and minimal data retention. No system is perfectly secure, but we work to protect your data and to notify you and the ICO of any breach where required.
12. Children
The Services are intended for business use by adults and are not directed at children under 18. We do not knowingly collect data from children.
13. Changes
We may update this policy from time to time. The “last updated” date above reflects the current version, and we will give notice of material changes.
14. Contact
For any privacy matter, contact us at [email protected] or by post to VOODOO TECH LIMITED, Peel House, 34-44 London Road, Office 203, Morden, England, SM4 5BT, United Kingdom. This policy works alongside our terms of service.