Privacy Policy
Last updated: 29 May 2026
This Privacy Policy explains how FreightNI Ltd ("FreightNI", "we", "us") collects, uses, and protects personal data when you use EasyReports (the "Service").
1. Who we are
Data controller: FreightNI Ltd, Unit 2g Redwither Tower, Redwither Business Park, Wrexham, Wales, LL13 9XT, United Kingdom. Registered in England and Wales under company number 14742473.
Contact: [email protected]
2. What we collect
We collect the following categories of personal data:
- Account data — name, email address, password (hashed), organisation name, and role.
- Authentication & device data — IP address, browser type, login timestamps, and session identifiers.
- Amazon Selling Partner data — when you link an Amazon Seller Central account, we receive Amazon Marketplace data through the official Amazon Selling Partner API (SP-API), including product catalogues, order data, advertising performance, and financial reports. We do not receive payment card data of your end-customers.
- Subscription & billing data — your subscription tier, status, and billing history. Payment details (card number, billing address, etc.) are collected and stored by Stripe, our payment processor. We never see or store your full card details.
- Usage data — pages visited, features used, and error logs, used for diagnostics and product improvement.
3. Why we use your data (lawful basis under the GDPR)
We process personal data on the following lawful bases:
- Performance of a contract — to deliver the Service you have signed up for (account creation, report generation, subscription management).
- Legitimate interests — to keep the Service secure, prevent fraud, and improve our product.
- Legal obligations — to comply with tax, accounting, and regulatory requirements.
- Consent — where required (for example, non-essential cookies or marketing emails); you may withdraw consent at any time.
4. Who we share data with
We do not sell your personal data. We share it only with the following categories of recipients, and only when necessary:
- Microsoft Azure — our cloud infrastructure provider, where Service data is stored. Data is stored within the European Union.
- Stripe — our payment processor for all subscriptions (Stripe Payments Europe Limited for European customers; Stripe, Inc. for other regions), operating within compliant GDPR frameworks.
- Amazon Web Services (where applicable for SP-API connectivity) — limited to what is necessary for technical communication with Amazon's APIs.
- Sentry — error monitoring (anonymised technical data).
- Tax authorities, courts, and law enforcement — where we are legally required to disclose data.
We do not share, aggregate, or sell Amazon operational insights or trends across customers. Your seller data remains segregated.
5. International transfers
Where data is transferred outside the United Kingdom (for example, to Stripe entities in the European Economic Area or the United States, or for technical communication with Amazon), we rely on adequacy decisions (such as the UK–EU adequacy decision) or, where no adequacy decision applies, on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum.
6. How long we keep your data
- Account data — for as long as your account is active, and up to 24 months after closure for legal and accounting purposes.
- Billing records — 6 years (UK tax law).
- Amazon SP-API data — retained while your subscription is active. On account closure, we delete or anonymise this data within 90 days.
- Logs and error data — typically 90 days.
7. How we protect your data
- All traffic is encrypted in transit (HTTPS / TLS 1.2+).
- Data at rest is encrypted using AES-256 on Microsoft Azure.
- Secrets and API keys are stored in Azure Key Vault.
- Access is restricted to authorised personnel under strict authentication controls.
- Production access is logged and audited.
8. Your rights (GDPR)
If you are in the EEA or the UK, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten"), subject to legal retention obligations.
- Restrict or object to processing.
- Portability — receive your data in a machine-readable format.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with a supervisory authority. In the United Kingdom: the Information Commissioner's Office (ICO), ico.org.uk. In the EU, you may contact your local data protection authority.
To exercise any of these rights, email [email protected]. We aim to respond within 30 days.
9. Cookies
We use a minimal set of cookies necessary to operate the Service (authentication, session). We do not use third-party advertising cookies. If we add analytics or marketing cookies in future, we will ask for your consent first.
10. Children
The Service is not intended for individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced to active customers by email and posted on this page at least 30 days before taking effect.
12. Contact
Company No. 14742473
Email: [email protected]
