Policies

Last updated: 13 July 2026

Privacy Policy

Calceum Limited (“Calceum”, “we”, “us”) is the controller of the personal data described in this notice and handles it lawfully under the UK GDPR and the Data Protection Act 2018.

  • Registered: Calceum Limited, company no. 17240312, Red Gables, West Common, Harpenden, AL5 2JQ
  • Contact: privacy@calceum.com
  • ICO registration: ZC156359

Where the Calceum service includes open-banking features, those regulated services are provided through [ ] (authorised and regulated by the Financial Conduct Authority, FRN [ ]) and Calceum acts as its agent under the Payment Services Regulations 2017.

When we are a controller and when we are a processor

Calceum acts in two capacities, and it matters which applies to you:

  • As controller - for the personal data in this notice: visitors to calceum.com, people who enquire or correspond with us, and the contacts and users at the accounting practices we contract with. We decide how and why this data is used.
  • As processor - when an accounting practice uses Calceum to handle its own clients’ personal data. This includes client contact and financial records, documents, and - where the practice uses recording features - audio recordings of client meetings and their AI-generated transcripts and summaries, captured with consent gathered at the point of recording. Here the practice is the controller, and Calceum processes that data only on the practice’s instructions under our data-processing terms. The practice is responsible for informing its clients. This notice does not govern that processing - see the practice’s own privacy notice and our Data Processing Agreement.

1. Personal data we collect

CategoryDataSource
Website & usageIP address, device/browser type, pages viewed, interactions, cookie identifiersAutomatically, when you visit calceum.com
Enquiries & correspondenceName, email, phone, practice/company name, message contentYou, via contact form, email, phone or social
Practice customer & usersContact details, job role, account login details, billing contact, support correspondenceThe practice, and individuals when they use their account
MarketingContact details and preferencesYou, or the practice contact

We do not collect end clients’ tax data (National Insurance numbers, income, HMRC submissions) as a controller - that data is processed for the practice as processor (see above).

2. How we collect it

  • Directly from you (enquiries, sign-up, correspondence).
  • Automatically (cookies and analytics - see the Cookie Policy).
  • From the accounting practice, to set up and administer its account and users.

3. Purposes and lawful basis

PurposeLawful basis
Operate, secure and improve calceum.comLegitimate interests
Respond to enquiries and take steps before a contractLegitimate interests / pre-contract steps
Provide and administer the service to the practice (accounts, billing, support)Performance of our contract with the practice
Send B2B marketing about our servicesLegitimate interests (with opt-out), in line with PECR
Analytics / non-essential cookiesConsent
Meet legal and regulatory obligations (accounting, tax, AML / financial crime)Legal obligation

4. Marketing and communications

We may send you marketing about our services where we have a lawful basis. For business contacts we rely on legitimate interests (with the ability to opt out at any time); where required we rely on your consent, in line with PECR. We do not sell your data, and we do not share it with third parties for their own marketing.

You can opt out of marketing at any time using the unsubscribe link in any marketing email, or by contacting privacy@calceum.com. Separately, we may send service communications (service updates, security notices, billing). These are not marketing and cannot be opted out of while you hold an account.

5. Cookies

calceum.com uses essential cookies for core functionality, and non-essential analytics cookies (Google Analytics) only with your consent via our cookie banner, in line with PECR. See the Cookie Policy.

6. The Calceum Practice mobile app

Practice staff may use our iOS app. With the participants’ consent, captured in the app before recording starts, the app can record client meetings using the device microphone; recordings and their transcripts are processed for the practice as described above and stored encrypted in our UK hosting (AWS eu-west-2, London). The app’s optional biometric lock (Face ID / Touch ID) is performed on-device by Apple’s operating system - biometric data never leaves the device and is never received by Calceum. The app contains no advertising and no third-party analytics or tracking.

7. Who we share data with

We never sell your personal data. We share it only:

  • with service providers who process it on our instructions to run our business and platform;
  • with integrations you choose to connect;
  • where required by law, or with a regulator or authority; and
  • in connection with a business sale or reorganisation (with notice).

Service providers. We use a set of providers, under written data-protection terms: cloud hosting and infrastructure (in the UK, managed for us by an IT partner under an Article 28 agreement); business email, documents and productivity tools; website analytics (only with your consent); email marketing; scheduling; and payment processing. The current, named list of every provider we use is in our Sub-Processor List.

Integrations you connect. Where you connect a third-party service to Calceum - for example HMRC, Companies House, your accounting software, your email or calendar, or a payment provider - you authorise that connection, and the third party handles your data under its own terms. We facilitate the connection but are not responsible for those services.

8. International transfers

Personal data is hosted in the UK (AWS eu-west-2, London). Where any provider processes personal data outside the UK, we put in place a valid UK transfer mechanism - UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses - with a transfer risk assessment. See the Sub-Processor List for each provider’s safeguards.

9. Data retention

DataRetention
Website analytics / cookiesUp to 14 months
Server / application logs90 days
Enquiries (no contract)Up to 24 months
Practice customer account & contactsDuration of the contract, then up to 7 years for accounting, tax and AML record-keeping
Marketing dataUntil you opt out

Retention of an accounting practice’s client data is set by the practice (controller) and the client contract, not by this notice.

10. Your rights

Under UK GDPR you have the rights to: access; rectification; erasure; restriction; portability; and to object (including to direct marketing at any time). Where processing is based on consent, you may withdraw it at any time.

To exercise a right, contact privacy@calceum.com; we respond within one calendar month. You can also complain to the ICO (ico.org.uk).

11. Automated processing and AI

Calceum uses automation and AI to help deliver and improve its services. We do not make decisions producing legal or similarly significant effects about website visitors or enquirers by solely automated means. Where AI is used within the platform on a practice’s behalf, it operates under the practice’s instructions and human oversight, and is covered by our data-processing terms. Within the platform this includes AI transcription and summarisation of recorded client meetings, performed on the practice’s instructions.

12. Security

Personal data is encrypted at rest (AES-256-GCM, with additional field-level encryption for the most sensitive fields) and in transit (TLS 1.2+). We apply role-based access control, MFA on production systems, and documented security policies. See our Information Security Policy.

13. Children

calceum.com and our services are intended for businesses and are not directed at children.

14. Changes

We may update this notice; material changes will be notified with at least 14 days’ notice, and the current version is always at calceum.com/policies/privacy-policy.

15. Contact

Questions or requests: privacy@calceum.com.