Last updated July 2026 · placeholder copy for the prototype — replace with counsel-reviewed text before launch.
We collect only what the service needs: your contact details, Health Check answers, and — once you're a client — read-only financial data from the platforms you connect (Shopify, Xero, QuickBooks Online). We never store banking credentials; all integrations use revocable OAuth tokens, encrypted at rest.
Financial records are retained for 7 years to meet US and UK statutory requirements, then deleted. Document links expire after 15 minutes and every access to your data is recorded in an audit log you can request at any time.
We never sell data, and we share it only with subprocessors required to run the service (hosting, email delivery, Stripe for billing).
Retainers are billed monthly via Stripe and are month-to-month after an initial 3-month term. Year-end and other add-on work is quoted as a fixed fee in writing before work begins. Either party may end the engagement with 30 days' notice; we hand over your books in working order.
Compliance statuses shown in the portal are advisory signals reviewed by our tax team; filing and registration decisions are always confirmed by a qualified specialist before action is taken. Services are provided by Northbook Advisory LLC (US) and Northbook Advisory Ltd (UK, Company No. 14208871) under the laws of New York and England & Wales respectively.
For UK and EU clients, Northbook Advisory Ltd acts as data processor for personal data contained in your financial records. Our standard DPA — including the subprocessor list, UK IDTA / EU SCCs for cross-border transfers, and breach notification terms — is incorporated into every engagement letter.
You can exercise export-my-data and delete-my-organization rights at any time from your portal or by writing to privacy@northbook.co. Deletion requests are honored within 30 days, subject to the 7-year statutory retention of financial records.