Privacy Policy

This Privacy Policy explains how Akkrev Technologies OÜ ("Akkrev", "we", "us") collects, uses, shares and protects personal data, and the rights you have under the EU General Data Protection Regulation (GDPR) and Estonian data-protection law.

Akkrev is a private limited company registered in Estonia (registry code [registry code to be confirmed]), with its registered office at Ahtri tn 12, Kesklinna linnaosa, Tallinn, Harju maakond, 15551, Estonia. For any privacy or data-protection matter, including to exercise your rights, contact us at legal@akkrev.com.

Akkrev is an AI-assisted accounting and bookkeeping platform for businesses. This policy covers our website and the Akkrev application. It applies to customers and visitors in the European Union, currently Estonia and Latvia.

The data we handle falls into two categories, and our role differs for each:

• Controller: for account and website data we decide why and how to process it: your name, email, login credentials, billing details, and how you use the platform.
• Processor: for the accounting and financial data you upload about your own business and its customers, suppliers and contacts, we act on your instructions. You (the customer) are the controller of that data. This processing is governed by our agreement with you, including a Data Processing Agreement where applicable.

Account & profile data

Name, email, password (stored hashed), company details and preferences. We process this to create and operate your account and provide the service. Lawful basis: performance of a contract (GDPR Art. 6(1)(b)).

Uploaded financial & transaction data

Bank transactions, invoices, bills, documents and the personal data of your contacts that they contain. We process this as a processor, on your instructions, to deliver the bookkeeping, tax and reporting features you use. You remain the controller.

Support & communications

Messages you send us and related correspondence. Lawful basis: our legitimate interest in supporting and improving the service (Art. 6(1)(f)) or your consent (Art. 6(1)(a)) where required.

Usage & technical data

Limited logs needed to run, secure and debug the platform (e.g. authentication events, error logs). Lawful basis: legitimate interest in a secure, reliable service.

We use only essential cookies required to sign you in and keep your session secure. We do not use analytics, advertising or third-party tracking cookies, so no cookie-consent banner is required. If this changes, we will update this policy and introduce consent controls where the law requires them.

Akkrev uses artificial intelligence to categorise transactions, draft journal entries, prepare returns and produce insights. To do this, relevant financial data is transmitted via secure API to our AI sub-processors, Anthropic (Claude) and Google (Gemini).

These providers process the data on an API basis to return a result to us. We use Google's paid API tier, under which your data is not used to train models, and we rely on the providers' limited-retention API terms. We do not sell your data, and we do not use your financial data to train our own or third-party models.

Akkrev is a tool that produces drafts. AI-generated categorisations, entries and figures are proposals for you (and, where you choose, your accountant) to review, edit and approve. You remain the final authority over your books.

To keep books current, you may enable optional automation that lets Akkrev post low-risk, routine entries automatically within thresholds you control. You can review, edit or reverse any such entry at any time, and every action is recorded in an audit trail. We do not make decisions producing legal or similarly significant effects about you without human involvement. You are responsible for reviewing and approving figures before you rely on or submit them.

We use the following trusted providers to deliver the service. We enter into the data protection agreements required under GDPR Art. 28 with each of them, and we update this list as our providers change.

Your data is stored in the European Union (Central EU, Frankfurt, Germany). Some processing involves transfers to our AI providers in the United States (Anthropic and Google). Where data leaves the EU/EEA, we rely on the European Commission's Standard Contractual Clauses and appropriate safeguards to protect it.

We keep account data for as long as your account is active and for a limited period afterwards. Accounting source records are retained for 7 years in line with the Estonian Accounting Act (Raamatupidamise seadus) and related statutory obligations. When data is no longer needed and no legal retention applies, we delete or anonymise it.

Under the GDPR you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected (rectification);
• have your data erased (the "right to be forgotten"), where applicable;
• restrict or object to processing;
• receive your data in a portable format;
• withdraw consent at any time, where processing is based on consent.

You can delete your account from within the app, and you can exercise any of these rights by contacting legal@akkrev.com. We respond within one month, as required by the GDPR. Where we act as a processor of data you control, we will assist you in meeting requests from your own data subjects. Statutory retention obligations (for example accounting records) may mean some data must be kept even after a deletion request.

We protect your data with encryption in transit and at rest, strict access controls, row-level security isolating each company's data, and an immutable audit trail. No system can be guaranteed perfectly secure, but we take appropriate technical and organisational measures to keep your data safe and to notify you of incidents where the law requires.

If you have a concern about how we handle your data, please contact us first at legal@akkrev.com so we can help. You also have the right to lodge a complaint with the Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate) (aki.ee), or with the supervisory authority in your EU country of residence.

We may update this Privacy Policy from time to time. We will revise the "last updated" date above and, where changes are material, notify you. Continuing to use Akkrev after an update means you accept the revised policy.

Akkrev bundles the following third-party classification datasets to provide activity-code selection during company setup. Each dataset is used solely as a reference lookup; no personal data is derived from or appended to these datasets.

• United Kingdom SIC 2007 (Companies House / ONS): Contains public sector information licensed under the Open Government Licence v3.0.
• Latvia NACE Rev. 2.1: Published by data.gov.lv under the Creative Commons CC0 1.0 public-domain dedication.
• Estonia EMTAK 2025: Source Registrite ja Infosüsteemide Keskus (RIK), ariregister.rik.ee, licensed under CC BY-SA 3.0.