Privacy Policy

Effective date: 9 March 2026

Back to site

This Privacy Policy explains how DirectorOS collects, uses, stores, and shares personal data when you use the DirectorOS website and application.

DirectorOS is a UK-focused compliance and risk visibility product for company directors and accountancy firms. It helps users track filing deadlines, monitor company data, decode administrative emails, and manage compliance workflows.

1. Who is responsible for your data

DirectorOS is the controller of personal data collected through the DirectorOS marketing site, product, and related communications. If you need to contact us about privacy matters, please email hello@directoros.uk.

2. The data we collect

We may collect and process the following categories of data:

  • account information such as your name, email address, authentication identifiers, role, and firm details;
  • billing information and subscription status, including customer and subscription metadata from Stripe;
  • company-related information you add to the platform, including company numbers, filing dates, obligations, officer information, and workspace associations;
  • information from public sources such as Companies House and related public company records used to support monitoring and sync features;
  • content you submit for decoding or analysis, including pasted emails or other administrative text;
  • usage data, audit events, log data, and product interaction history;
  • beta lead or contact form submissions made through the marketing site; and
  • email delivery and notification metadata.

3. How we use your data

We use personal data to:

  • create and manage user accounts;
  • authenticate users and secure access to the product;
  • provide subscription, billing, and account management features;
  • monitor companies, obligations, and compliance-related workflows;
  • send reminder emails, product notifications, and service communications;
  • process and return decoder outputs based on content you submit;
  • operate audit logs, fraud prevention, and operational monitoring;
  • respond to support requests and beta enquiries; and
  • improve the service and investigate incidents, errors, or abuse.

4. Lawful bases

We generally rely on the following lawful bases under UK data protection law:

  • performance of a contract with you;
  • legitimate interests in operating, securing, and improving the service; and
  • compliance with legal obligations where applicable.

5. Third-party service providers

DirectorOS uses third-party providers to operate the service, including:

  • Clerk for authentication and account access;
  • Stripe for subscription billing and payment administration;
  • Resend for transactional email delivery;
  • Vercel and Render for hosting and runtime infrastructure;
  • PostgreSQL and Redis infrastructure used to support application data and jobs;
  • Supabase for marketing-site beta lead storage where used; and
  • AI model providers used to process decoder requests.

These providers process data on our behalf or as independent controllers depending on the service involved.

6. Companies House and public company data

DirectorOS may ingest or reference public company information, including Companies House data, to support monitoring, deadline tracking, officer visibility, and related compliance workflows. Public company data may be combined with workspace data you submit or manage within the platform.

7. AI-assisted decoder processing

If you use the decoder feature, the text you submit may be processed by an AI service provider in order to generate structured summaries, risk signals, and suggested next steps. You should avoid submitting unnecessary sensitive personal data and should only submit content you are entitled to use.

8. Email communications

We may send service emails such as account notices, billing notices, reminder emails, beta access emails, and operational notifications. We may also send founder or support-side notifications triggered by product events.

9. Data retention

We keep personal data for as long as reasonably necessary to operate the service, comply with legal obligations, resolve disputes, maintain auditability, and enforce our terms. Retention periods may vary depending on the type of data and the status of your account.

10. Security

We use reasonable technical and organisational measures designed to protect personal data. No service can guarantee absolute security, but we take access control, provider selection, logging, and infrastructure security seriously.

11. Your rights

Depending on the circumstances, you may have rights to access, correct, erase, restrict, or object to certain processing of your personal data, and to request data portability where applicable. To make a request, contact hello@directoros.uk.

12. International transfers

Some service providers may process data outside the UK. Where relevant, we rely on appropriate safeguards or provider commitments intended to support lawful transfers.

13. Beta use

During private beta, some functionality may change, be incomplete, or be withdrawn. We may monitor usage more closely during beta to improve reliability, onboarding, and support. Please do not rely on beta functionality as your sole compliance control.

14. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be published on this page with an updated effective date.

15. Contact

Privacy questions or requests can be sent to hello@directoros.uk.