Privacy policy

Last updated: 15 April 2026

This privacy policy explains how HiThrive Ltd ("HiThrive", "we", "us", "our") collects, uses and protects personal information about you. It covers:

  • visitors to our website (hithrive.co)

  • people who enquire about our services

  • our clients and their employees, contractors, customers and suppliers, to the extent that their personal data is processed by us in the course of delivering our services

We take your privacy seriously and are committed to handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

Who we are

HiThrive Ltd is the data controller for the personal information described in this policy (except where we act as a data processor on behalf of a client — see "When we act as a data processor" below).

  • Registered office: 7–8 Delta Bank Road, Metro Riverside Park, Gateshead, NE11 9DJ

  • Company number: 10676234 (registered in England and Wales)

  • Privacy contact: privacy@hithrive.co

What we collect

Depending on how you interact with us, we may collect the following categories of personal data:

Website visitors

  • IP address and device/browser information

  • Pages visited, referrer URL, and time spent on site (via Google Analytics — see "Cookies" below)

People who enquire about our services

  • Name, business name, email address and telephone number

  • Any information you voluntarily include in a message to us

Clients and prospective clients

  • Contact details for the nominated person and any other authorised contacts

  • Identity verification documents required by anti-money laundering regulations (for example, a copy of photo ID and proof of address)

  • Financial, bookkeeping and payroll information required to deliver our services

  • Correspondence with you

How we use the information we collect

We use your personal data for the following purposes:

  • to reply to your enquiries

  • to provide the professional services you have engaged us for

  • to meet our legal and regulatory obligations, including anti-money laundering (MLR 2017) and tax legislation

  • to comply with professional obligations to which we are subject as a member of the Association of Accounting Technicians (AAT)

  • to invoice you and manage our fees

  • to improve our website and understand how visitors use it

  • to send you occasional updates about our services, where you have consented to this

Legal bases for processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The legal bases we rely on are:

  • Consent — for example, if you have opted in to receive marketing emails from us. You can withdraw consent at any time.

  • Performance of a contract — where processing is necessary to provide you with the services you have engaged us for.

  • Legal obligation — for example, processing required under MLR 2017 or tax legislation.

  • Legitimate interests — for example, operating and securing our website, and contacting existing clients about related services. Where we rely on legitimate interests we have assessed that our interests are not overridden by your rights.

Cookies

Our website uses cookies to collect standard internet log information and visitor behaviour. We use Google Analytics to understand how visitors engage with our site. Google Analytics cookies do not identify you personally to us.

You can set your browser to refuse cookies, or you can install the Google Analytics opt-out browser add-on available at tools.google.com/dlpage/gaoptout. Blocking cookies may affect the functionality of parts of the site.

For general information about cookies, see ico.org.uk/for-the-public/online/cookies.

Who we share your information with

We do not sell your personal data. We may share it with:

  • HMRC, Companies House, and other government bodies where required by law

  • the Association of Accounting Technicians (AAT), our professional body, and the Office of Professional Body Anti-Money Laundering Supervisors (OPBAS), where required for practice assurance and AML supervision

  • cloud software providers that we use to deliver our services (including Xero, Hubdoc, and the AI-assisted tools listed below)

  • our professional indemnity insurers and, if relevant, legal advisers

  • any third party you specifically authorise us to correspond with on your behalf

  • law enforcement and regulators where we are legally required to do so

Use of AI-assisted tools

In the course of providing our services, we use AI-assisted tools to help with tasks such as optical character recognition (receipt and invoice capture), transaction categorisation suggestions, transcription, and drafting routine correspondence.

The tools we currently use include HubdocXeroClaude (Anthropic), Jasper, and Zoom AI Companion (for meeting summaries and action-item capture — see "Meetings and calls" below). We may adopt additional tools from time to time where they help us deliver our services more efficiently and securely.

All outputs from these tools are reviewed by a qualified member of our team before being relied upon or shared with you. No fully automated decisions are made in relation to you or your affairs (see also "Automated decision-making" below).

We only use AI-assisted tools whose providers either contractually commit not to use your data to train their models, or where we have configured the service (including opting out of training where that is the relevant control) to prevent such use. We do not submit your personal or financial data to public or consumer AI services.

If you are a client and you would prefer we did not use AI-assisted tools in relation to your work, please let us know and we will discuss an alternative approach.

Meetings and calls

We use Zoom to run video meetings and calls with clients, prospective clients and suppliers. As a matter of routine we record our meetings and use Zoom's AI Companion feature to generate written summaries and action lists. We do this to support accurate note-taking and record-keeping — the recording and any AI-generated summary are not a substitute for the professional work itself, which continues to be reviewed and signed off by a qualified member of our team.

When a meeting is being recorded, Zoom plays an audio announcement and displays a visible recording banner before the recording starts. AI Companion has its own separate in-meeting notification. If at any point you would prefer we did not record a call, or did not use AI Companion, please tell us at the start of the meeting (or in advance) and we will turn them off.

Recordings and AI-generated transcripts and summaries are stored within our Zoom account, are accessible only to authorised members of our team, and are not shared externally. We retain them for up to 12 months from the date of the meeting, after which they are deleted unless we are required to keep them for a specific legal or regulatory reason.

Our lawful basis for this processing is legitimate interests (keeping accurate records of professional conversations and the instructions given to us). Where we record a meeting with someone who is not a client — for example, a prospective client or supplier — we rely on the same basis, combined with the in-meeting notification.

Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects in relation to you. Our use of AI-assisted tools (described above) supports our work — it does not make decisions about you or your affairs.

International transfers

Some of the tools we use are provided by organisations based outside the UK, including in the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions made by the UK Government.

How long we keep your information

We keep personal data for as long as we need it for the purposes described in this policy, and in accordance with our legal and professional obligations. In practice:

  • Website enquiry data — up to 24 months from the date of the enquiry, unless you become a client.

  • Client records — 7 years from the end of our relationship with you, in line with the retention requirements of the AAT and HMRC.

  • Marketing contacts — until you withdraw consent or ask to be removed.

When we act as a data processor

When we process personal data on behalf of a client (for example, when we run a client's payroll), our client is the data controller and we act as a data processor. In that case:

  • our processing is governed by a written data processing agreement with the client

  • we only process that personal data in accordance with the client's instructions and the law

  • queries about that personal data should in the first instance be directed to our client, who is the controller

Your rights

Under UK GDPR you have the following rights in relation to your personal data:

  • Right of access — you can ask for a copy of the personal data we hold about you. This is free of charge.

  • Right to rectification — you can ask us to correct inaccurate or incomplete data.

  • Right to erasure ("right to be forgotten") — you can ask us to delete your personal data in certain circumstances.

  • Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.

  • Right to object — you can object to certain types of processing, including direct marketing.

  • Right to data portability — you can ask to receive your data in a machine-readable format, or to have it transferred to another organisation, in certain circumstances.

  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time.

  • Right to complain to the ICO — you can complain to the Information Commissioner's Office (see below).

To exercise any of these rights, please email privacy@hithrive.co. We will respond within one month.

Complaints

If you have a concern about how we have handled your personal data, please contact us first at privacy@hithrive.co and we will do our best to resolve it.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Changes to this policy

We may update this privacy policy from time to time. When we do, we will change the "Last updated" date at the top of this page. For material changes, we will take reasonable steps to notify you — for example, by email or by prominent notice on our website.

Contact us

If you have any questions about this policy or about the information we hold about you, please contact us:

  • Email: privacy@hithrive.co

  • Post: HiThrive Ltd, 7–8 Delta Bank Road, Metro Riverside Park, Gateshead, NE11 9DJ

Let’s Talk