Want to get started?

Get in touch

Codat Global Privacy Notice

This Privacy Notice was last updated in October 2020




Thank you for visiting the Codat website. The aim of this privacy notice (“Privacy Notice”) is to clearly explain what, how and why we collect the information about you and what we do with that information. This Privacy Notice also explains how you can exercise your privacy rights.

This Privacy Notice applies to information that we use as a controller. This may include, for example, any information that we collect via our marketing website https://www.codat.io/, any personal information that we collect when you communicate with us, or any information that we collect if you transact with us to use our products and services. In a few instances, we may also act as a controller in relation to personal information that is collected through our product.

Our Services are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal information covered by this Privacy Notice, including information about any visitors to our website, as pertaining to individuals acting as business representatives, rather than in their personal capacity.

We recognize that when you provide us with information about yourself that you trust us to act in a responsible manner; and we are committed to making sure we earn that trust. We take your privacy extremely seriously, and we will not sell any information we collect about you (nor will we share it with third party organizations) unless you provide us with a clear consent, we have a legitimate interest to do this as set out in this Privacy Notice, or where required by applicable laws.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.


What is Codat?

Codat is focused on making financial integrations as simple as a click of a button. We build developer-friendly infrastructure that give businesses the ability to create their own next- generation products.

Having experienced the pain of managing integrations with multiple accounting and financial software providers we decided to build a product to make this process as quick and easy as possible.


What personal information do we collect?


Website visitors

We collect personal information when you use our website, make an inquiry or communicate with us in relation to our website. This includes:

Information that you provide voluntarily:

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be clear at the point we ask you to provide your personal information.

Information that we collect automatically:

In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Collecting this information allows us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our website to our visitors.

Information that we obtain from third party sources:

From time to time, we may receive personal information about you from third party sources, such as:

We will only receive and use this information where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.

Codat’s clients

With regard to our clients, we sometimes collect personal information about our client’s employees; for example when our clients enquire about a Codat account, or where we receive this information in order to manage our contract with the client. This may include the following information:

Information that you provide voluntarily:
Information that we collect automatically:

Device and connection information, such as the type of device you use to access our services, operating system and version, device identifiers, network information, login records, IP address and location derived from it.

End-users of the Codat product

The Codat product works by enabling Codat’s clients to access financial information about the client’s customers (“companies”). This information is held on third party applications. The specific information that is made available by companies to the client via the Codat product is determined by the client. In some cases (for example where companies are sole traders), this may constitute personal information; and Codat will use this information as a controller:

Information that you (or your company) provides voluntarily:
Information that we collect automatically:

We may use this information to satisfy our legal obligations, to help us to resolve disputes, for security reasons and for enforcing our agreements with our clients.


How do we use personal information?

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. In addition to the purposes described above, we may also use your personal information for the following purposes:

Using personal information to respond to your (or your employer’s) requests

We use personal information where it is necessary to respond to your (or your employer’s) requests. For example:

Using personal information for our legitimate interests

We use personal information for our legitimate business interests if this processing is not overridden by your rights. When we rely on legitimate business interests, we make sure to consider (and work to minimise) any privacy impact this activity could have on you. For example, we limit the information we collect to only what is necessary, we control access to the information, and where we can, we aggregate or de-identify the data. We will also make it clear to you at the relevant time what our legitimate interests are. We rely on our legitimate interests in the following circumstances:

Using personal information where required by law

We use personal information to comply with the requirements of law we operate under, and as required in other exceptional circumstances.

Using personal information on the basis of your consent

We may use personal information for any other purposes, where we have your consent to do so.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How To Contact Us” heading below.


How is personal information shared?

Codat may disclose your personal information to the following categories of recipient:


International data transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

Specifically, our Website servers are located in the United Kingdom, but our third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. This includes ensuring that the data recipient is located in an adequate territory approved by the EU Commission, or that it has Binding Corporate Rules or an EU-US Privacy Shield certification. If not, we will implement the European Commission’s Standard Contractual Clauses for transfers of personal information between our third party service providers and partners, which require all data recipients to protect personal information they process from the EEA in accordance with European Union data protection law.

Our Standard Contractual Clauses can be provided on request.


How does Codat keep my personal information secure?

We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. In particular, we impose access controls, encrypt your personal information in transit and at rest and we are certified to the ISO 27001 certification.


List of Sub-Processors


Entity name Subprocessing activities Entity country
Microsoft Azure Cloud service provider United Kingdom


No responsibility for third party websites

Please be aware that our website may contain links to and from other sites,which are not controller or operated by us (“Third Party Sites”). As such, please note that we have no control over the content, policies or actions of these Third Party Sites. Your use of these Third Party Sites is at your own risk and we do not accept any responsibility or liability for the privacy practices of these Third Party Sites. We encourage you to read the privacy policies and terms of use of each Third Party Site to which you link from our website.


Your data protection rights and choices

You have the following data protection rights:

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Exercise your data protection rights

We would like it that you came to us in the first instance with any form of complaint. However, if you have unresolved concerns, you have the right to complain to an EU data protection authority where you live or work, or where you believe a breach may have occurred. In the UK that will be:

Information Commissioner’s Office
Wycliffe House
Water Lane

ICO website: www.ico.org.uk


How long do we keep personal information?

Codat will retain the personal information that we collect from you where we have an ongoing legitimate business need to do so, such as complying with our legal obligations, resolving disputes, security reasons, and enforcing our agreements. Because these needs can vary for different data types used for different purposes, retention times will also vary. All personal information will be destroyed or deleted at the end of its retention period in accordance with our retention and secure disposal policy. However, no data will be stored for longer than 10 years.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.


Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.


Codat as a processor

We primarily act as a processor in relation to our product. If you have any questions or concerns about how we use your personal information in this context, we may have to refer you to the relevant client that we have contracted with, as our client will be the controller of your personal information. As such, if you have questions about how a controller handles your personal information in relation to our product, or if you wish to exercise your rights in relation to the personal information they hold, its usually best to contact that controller directly.


How to contact us

Our contact details are:

Codat Limited
301 Ink Rooms
28 Easton Street
London WC1X 0BE

Please contact us if you have any questions or concerns, or to exercise your data protection rights (including your right to object)

The data controller of your personal information is Codat Limited.