Privacy Policy

Last updated: 13 January 2026

This Privacy Policy explains how Dulwich Wood Technologies Ltd. (trading as "Savin Hood," "we," "our," or "us") collects, uses, and shares information across our websites and services:

  • savinhood.com (marketing site)
  • app.savinhood.com (web application)
  • api.savinhood.com (application programming interface powering the web app and any programmatic clients)

By using these services, you agree to the practices described below. If you do not agree, please discontinue use.

1. Who we are and scope

Dulwich Wood Technologies Ltd. is a company established in the United Kingdom. Dulwich Wood Technologies Ltd. is the data controller for the personal data described in this Privacy Policy.

Registered office:
Dulwich Wood Technologies Ltd., registered office as listed on the UK Companies House register, United Kingdom

Savin Hood is designed for individuals subject to United Kingdom taxation. While the service may be accessed from outside the UK, all calculations, projections, and assumptions are based solely on UK tax law and may not be accurate or appropriate for users subject to other tax regimes.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data minimisation and purpose limitation

Savin Hood is designed to minimise the personal data it processes. We collect and process only the information that is necessary to provide and operate the service, comply with our legal obligations, and protect the security and integrity of our systems.

Where possible, we avoid collecting or retaining identifying information that is not required for salary and tax-related calculations. Personal data is processed only for the specific purposes described in this Privacy Policy and is not reused for incompatible purposes.

3. Information we collect

Account and authentication data

  • Email address used for account creation and login.
  • Passwordless login codes or magic-link tokens, including expiration and usage metadata.
  • IP address associated with authentication requests, used for security, rate limiting, and auditability.

Payslip and financial data

  • Payslip files you upload (PDFs or images).
  • Financial data extracted from payslips, such as gross salary, tax, National Insurance, pension or charity contributions, and taxable benefits.
  • Financial data you manually enter if you choose not to upload a payslip.

We do not intentionally retain names, postal addresses, or employer details from payslips. Only compensation-related values are stored in your account.

Where special category data is incidentally included in uploaded payslips, it is processed solely for the purpose of extracting relevant financial values and not for any other purpose.

Service metadata

  • Session and CSRF cookies required for secure operation.
  • Error and performance telemetry used to diagnose issues and maintain service reliability.
  • Anonymous traffic and performance metrics (e.g., page views, Core Web Vitals) collected without marketing cookies.

4. How we use your information

We use personal data to:

  • Provide secure, passwordless authentication and manage sessions.
  • Process financial inputs and generate calculations and projections.
  • Send service-related communications such as login links or operational notices.
  • Maintain security, prevent abuse, and debug errors.

5. Legal bases for processing (UK GDPR)

We process personal data on the following legal bases:

  • Performance of a contract – to provide the Savin Hood service you request.
  • Legitimate interests – to secure the service, prevent misuse, and ensure reliability.
  • Consent – where you voluntarily choose optional actions, such as uploading a payslip.

Where processing is based on consent, you may withdraw that consent at any time without affecting your ability to use the core service.

6. When we share information

We do not sell personal data. We share data only with service providers that help us operate the service:

Hosting:

Vercel hosts the marketing site and web application and serves traffic over HTTPS. The API is hosted separately and communicates with these frontends over encrypted connections.

Email delivery:

Authentication emails are sent from noreply@mail.savinhood.com via our email delivery provider.

Payslip processing:

When you upload a payslip, the file is sent to OpenAI for OCR and structured extraction. This processing is performed solely to provide the service and uploaded files are not used to train models. We discard identifying information from the extracted output and retain only compensation-related values.

Observability:

We use privacy-first analytics (Vercel Analytics) and performance monitoring (Vercel Speed Insights) to understand page views, referrers, devices, and site speed without marketing cookies or cross-site tracking. Sentry is used for error and performance monitoring in production environments. These tools help us keep the service reliable; data is not shared for advertising.

Each provider processes data only as necessary to deliver its services to us and under appropriate contractual safeguards.

7. Your choices and controls

  • You may provide financial information by manual entry rather than uploading a payslip.
  • You may use an alias or private email address to access the service.
  • Session and CSRF cookies are required for authenticated use; blocking them will prevent the service from functioning correctly.

8. Your data protection rights

Subject to applicable law, you have the right to:

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data.
  • Request a copy of your data in a portable format.
  • Object to or restrict certain processing.

You also have the right to lodge a complaint with the Information Commissioner's Office.

9. Data retention

  • Authentication codes and magic-link tokens expire after 15 minutes and are invalidated once used.
  • Uploaded payslip files are retained only for the time required to complete processing.
  • Structured financial records remain in your account until you delete them or your account is removed.
  • Logs and monitoring data (including analytics and performance telemetry) are retained in accordance with operational retention policies and rotated periodically.
  • Backups, where present, are retained for limited periods and protected by the same security controls.

10. Security

We implement technical and organisational measures to protect personal data, including encrypted connections, short-lived authentication credentials, and restricted access to production systems.

No system is completely secure, but we take reasonable steps to protect your information.

11. International transfers

Our service providers may process data outside the UK. Where required, we rely on appropriate safeguards such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses or other approved mechanisms.

12. Children's data

Savin Hood is not intended for individuals under 18. We do not knowingly collect personal data from children and will delete such data if discovered.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date and, where appropriate, notifying users through the service.

14. Contact us

If you have questions or requests regarding this Privacy Policy or your personal data, contact us at:

Email: privacy@savinhood.com