Privacy Policy

Please read this privacy notice (“Privacy Notice”) carefully and ensure you understand its contents as it describes how we collect, retain, protect, use and disclose your personal information. The Privacy notice applies to and where you provide us any information in ways described below you agree that we may collect, store and use it in accordance with this Privacy Notice.

KashFlow is part of IRIS Software Group Limited. The IRIS Software group of companies (“IRIS”) or “we” (and “our” or “us” will be construed accordingly) are committed to protecting and respecting your privacy.

How we collect information

To the extent permissible under applicable law, we collect information about you and any other party whose details you provide to us when you fill out forms on our website, speak to our team over the phone, interact with us via our live chat feature or interact with us via social media. We collect information when you:

  • Register to use our applications or services (including free trials). Information we collect may include your name, business name, address, contact details (including phone number and email address). Upon registering we may also ask for additional information about your business (including industry);
  • Place an order for our products or services. This may include your name, business name, address, contact details (including phone number and email address) and payment details;
  • Complete other forms on our website enter competitions, download whitepapers, guides, eBooks or other information, post comments to our blog.
  • Interact with us via social media (including facebook, twitter and LinkedIn);
  • Contact us offline, for example by telephone, fax, SMS, email or post.

We may also collect information you provide during the registration process but only partially complete your registration and we may use this formation to provide reminders for you to complete your sign up or purchase and/or other marketing purposes.

We may enhance the data we collect from you with information from third parties that are entitled to share such information by relevant legislation.

We collect information on the use of including information from your devices and applications you (or your users) use to access and use any of our websites, applications or services. The information we may collect about usage includes:

  • Device type and operating system
  • Screen resolution
  • Geographic location
  • Pages you have visited
  • Referral urls
  • Your IP address
  • Your weblog information

This information is collected via cookies and you can find more about our use of cookies by viewing our cookie policy

Providing us with information about third parties

Where you provide us information about third parties you are responsible for ensuring that you comply with obligations (including consent) under relevant data protection legislation. You must ensure you obtain explicit consent to provide us with any information and you must explain to any party whose information you share with us, how we collect, retain, use and disclose their information.

How we use your information

In so far as is allowed under relevant legislation we use your information to:

  • Provide products, services and information you have requested or purchased (including free trials, signups and “Buy it now” purchases.
  • Verify information with third parties and ensure accuracy;
  • Monitor and measure our content, website applications and services in order to improve and personalise your user experience;
  • Run internal testing of our website, applications and systems to improve security and performance. In these circumstances
  • provide, maintain, protect and improve any applications, products, services and information that you have requested from us;
  • manage and administer your use of applications, products and services you have asked us to provide;
  • manage our relationship with you (for example, customer services and support activities);
  • undertake internal testing of our website, applications, systems and services to test and improve their security, provision and performance, in which case, we would anonymise any information used for such purposes, and ensure is it only displayed at aggregated levels which will not be linked back to you or any living individual;
  • provide you with any information that we are required to send you to comply with our regulatory or legal obligations;
  • detect, prevent or investigate crime, illegal or prohibited activities or to otherwise protect our legal rights (including liaison with regulators and law enforcement agencies for these purposes);
  • contact you to see if you would like to take part in our customer research (for example, feedback on your use of our applications, products and services);
  • to monitor, carry out statistical analysis and benchmarking. In these instances, data will be anonymised and neither you nor any living individual will be identifiable.
  • deliver targeted advertising, marketing (including in-product messaging) or information to you which may be useful to you, based on your use of our applications and services;
  • deliver joint content and services with third parties with whom you have a separate relationship (for example, social media providers and complementary third party provider); and

As far as is permitted under relevant legislation we retain information about you upon termination of your KashFlow account or if you decide not to proceed (for example from a trial to a full subscription). This information will be retained in accordance with this Privacy Notice and used for as long as is permitted for legitimate business purposes, legal and regulatory compliance and fraud prevention.

Our website, applications (including mobile applications) and services may contain technology that enables us to:

  • check specific information from your device or systems directly relevant to your use of the websites, applications or services against our records to make sure the websites, applications or services are being used in accordance with our terms and conditions and to troubleshoot any problems;
  • collect information about how you and users use the functions of the features of our website, applications and services; and
  • gather statistical information about the operating system and environment from which you access our applications or services.


We may gather information to deliver advertising, marketing or information, which may be useful to you based on your interactions with our website, applications or services. More information on how we do on this can be found below.

Monitoring Communications

We may record and monitor communications between us and you, including emails, live chat and phone conversations. Information we gather may be used for training and quality assurance purposes, to fulfil our legal obligations and to record details about applications and services you order from us of enquire about.

Sharing your information

We may share your information with:

  • any company within the IRIS Group (or our own advisors or auditors) for purposes contained within this Privacy Notice, including group wide customer relationship management, software compatibility and improvements and to provide you with any information you have requested;
  • our service providers and third parties who process information on our behalf; including hosting providers, payment processors and communication providers so we can continue to provide you with applications, services and information;
  • selected partners and third parties (including for marketing purposes). For example financial services organisations, payment providers and software solutions providers that we believe may interest you. Partners may contact you by email, phone, SMS or post with new and updated information;
  • third parties with which you have a relationship and have consented to us sending information (for example social media platforms);
  • credit reference agencies, fraud prevention agencies, law enforcement agencies and other agencies or regulators in order to fulfil IRIS’ regulatory obligations;
  • third parties in response to actual or threatened legal proceedings, where we can lawfully share information;
  • other organisations in the event that we sell or buy any business or enter into negotiations to buy or sell;

We may share information about the use of our website, applications or services publicly, and in such circumstances, any information we share will not include any data that can be used to identify you, your users or any living person.

Mobile applications

KashFlow provides mobile applications that you or your users install on their mobile devices as well as browser based technology. We are also aware of third party applications with direct links into KashFlow’s functionality. We are not responsible for such third party applications we advise you read any applicable third party privacy policies as it will apply to your use of any third party application.

As with our website or browser based applications and services, mobile applications may provide us with information related to the use of the application. Information we collect will be used to improve any mobile applications and services.

Data analytics and benchmarking

We may collect, store and use information gathered during your use of our website, applications or services for our legitimate interests to enable us to improve our service and give you and your users the best experience possible. These purposes include:

  • delivering advertising and marketing which may be of interest to you based on your interactions with us;
  • develop and improve the functionality of our website, applications or services;
  • carry out surveys (including net promoter score), research and development to continually improve our products and services;

When we use your information for legitimate interests, we will ensure that it is anonymised information, displayed in aggregate form, which will not be linked to you or any living individual.

You have the right to object to us processing your data, which you can do by contacting [email protected] and we will discuss further.


We may use your data to contact you with information about applications and products or services, which we believe, may be of interest to you based on your interactions with us. We may also share your information with carefully selected third parties for them to contact you with relevant information on their products or services, which we believe, may be of interest to you.

We (or they) may contact you by email, phone, SMS or post.

At any time, you may stop us contacting you for marketing purposes or that we stop sharing your information with third parties referred to in this section. If you wish to exercise your rights, you can do so by updating your contact preferences or by sending an email to [email protected]. You can also unsubscribe from any email you have received from KashFlow using the links provided within the email.

Data subject rights

  • to receive from IRIS any information relating to processing of personal data in a concise, transparent, intelligible and easily accessible form, using clear and plain language
  • the right of access: to their own personal data, a description of how it is being used, the source, how to exercise their rights and to complain etc.
  • the right to rectification
  • the right to erasure (‘right to be forgotten’)
  • right to restriction of processing
  • right to data portability
  • right to object
  • right not to be subject to automated individual decision-making and profiling:

Changes to this Privacy Notice

We may change this Privacy Notice from time to time. Any changes will be updated within this privacy notice.

Statement of Data Protection Policy

IRIS will use personal data legally and securely regardless of the method by which it is collected, recorded and used and whether we hold it within our products, on a Group network or device, in filing systems, on paper, or recorded on other material such as audio or visual media.

IRIS regards the proper and good management of personal data as crucial to the success of our business. Observing good data protection practice plays a huge role in maintaining customer confidence. We ensure that IRIS respects privacy and treats personal data lawfully and correctly.

We will ensure that:

  • there is someone acting in the statutory role of Data Protection Officer on behalf of the IRIS Group of companies. This person is IRIS Software Group Ltd.’s Data Protection Officer;
  • responsibility for each system or product’s data protection compliance is assigned to one or more specific individuals;
  • our collection and use of personal data complies with the data protection principles, data subject rights, relevant regulations and codes of practice, wherever we are acting as controller;
  • we provide appropriate privacy notices and explanations through whatever means we collect personal data, such as on application forms, products, web pages and via telephone wherever we are acting as controller;
  • appropriate technical and organisational measures for all of our products and Group IT systems are implemented to ensure a level of security appropriate to the risks;
  • everyone managing and handling personal data understands that they are contractually responsible for following the good data protection practice set out in this policy and the supporting guidance and standards;
  • everyone managing and handling personal data is appropriately trained, supervised and audited;
  • our privacy notices make clear to anyone that wants to make enquiries about our personal data processing, can do so through the Data Protection Officer or the product’s designated data protection representative
  • our handling and processing of personal information are regularly risk-assessed and evaluated;
  • a corporate procedure is in place to report and investigate personal data breaches without undue delay;
  • we keep the statutory records required under GDPR as well as any further records required to demonstrate compliance, such as risk assessments, policies, working procedures, records of consent and so on.

In addition, where IRIS is acting in the capacity of data processor we will:

  • provide our customers with appropriate guarantees in respect of the technical and organisational measures we have in place to protect personal data and to protect the rights of data subjects;
  • process the personal data only on documented instructions from the customer, including with regard to transfers to a third country or an international organisation;
  • ensure that persons authorised to process the personal data entrusted to us are under an appropriate statutory obligation of confidentiality;
  • assist the customer, as far as possible, by appropriate technical and organisational measures, to fulfil the customer’s obligation to respond to data subjects exercising their rights as set out in the data protection legislation;
  • at the choice of the customer, delete or return all the personal data after the end of the processing contract, and delete copies, unless the law requires us to store the personal data for longer;
  • make available all information necessary to demonstrate compliance with our data protection obligations and allow for and contribute to audits, including inspections, conducted by the customer’s auditor;
  • not engage another processor except as authorised by the customer under the processing agreement;
  • notify the customer of any intended changes concerning the addition or replacement of other processors, to give the customer the opportunity to object to such changes;
  • ensure that any other processors we engage to process the customer’s data adhere to the same standards imposed on IRIS in respect of data protection and security;

External websites and social media

If you follow a link from our website, application or service to an external website please be aware, this Privacy Notice will no longer apply. We are not responsible for the privacy practices of third party sites or services and we encourage you to read the privacy notices appearing on those sites.

Our websites, applications or services may enable you to share information with social media sites, or use social media sites to create your account or to connect your social media account. Those social media sites may automatically provide us with access to certain personal information retained by them about you (for example any content you have viewed). Social media providers should provide a way for you to manage your privacy settings within their own interface.

Cookies, Analytics and Traffic Data

Cookies are small text files, which are transferred from our websites, applications or services and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our websites, applications and services better for you.

For information on our use of cookies, please see our cookie policy

Further information

If you have any queries about how we treat your information, the contents of this Privacy Notice, your rights under local legislation, how to update your records or how to obtain a copy of the information that we hold about you, please write to our Data Protection Officer, IRIS Software Group Limited, Heathrow Approach, 470 London Road, Slough, SL3 8QY.

If you have any questions about the security of our websites, please contact us at [email protected].

See how IRIS KashFlow works with your business and your books