§ Data Processing Agreement

Data Processing Agreement

Infinite Accountant technical review trial

Version 2.1. British English. This Agreement is referred to on the secure upload form. Please read it and be satisfied with it before you upload anything.

Parties

This Agreement is between:

(1) The Processor: Jack Ross Limited, a company incorporated in England and Wales (company number 05774612), whose registered office is at Barnfield House, The Approach, Blackfriars Road, Salford, Manchester, M3 7BX, operating the product known as Infinite Accountant (the “Processor“, “Infinite Accountant“, “we” or “us“). The Processor is registered with the Information Commissioner’s Office under registration number ZA057142. That registration is a matter of fact; it is not a representation by, or an endorsement from, the ICO.

(2) The Controller: the accountancy firm that completes and submits the secure upload form for the Trial (the “Controller“, “the Firm” or “you“). The Controller’s legal name, its company or LLP registration number, its registered office and its authorised contact are those the Firm provides on the upload form, which are incorporated into this Agreement when the form is submitted.

each a “party” and together the “parties“. The parties are, and must remain, distinct legal entities, and this Agreement takes effect when the Controller accepts it (see Acceptance).

How this works, in plain English

You have agreed to take part in a confidential, invitation-only trial of an Infinite Accountant product that carries out an AI-assisted technical review of draft UK statutory accounts. To run that review you upload a pack of accounts working papers, which contains personal data about your clients and your staff. This Agreement sets out, in writing, what we may do with that data, how we protect it, and what we must do when the trial ends. It is the data processing agreement required by Article 28 of the UK GDPR. In short:

  • We process your data only to run and evaluate the trial review, and for nothing else.
  • The moment your file reaches our server it is encrypted, and our server cannot read it. It can be opened only on one secured computer controlled by the Trial Principal.
  • The review is AI-assisted. To carry it out, relevant content from your working papers is sent from that secured computer to established commercial AI providers (currently Anthropic, OpenAI and Google, and optionally the OpenRouter routing layer) which act as our sub-processors. Some of that processing takes place outside the United Kingdom, principally in the United States.
  • Under their commercial terms, those providers do not use this content to train their models, and they delete it within defined retention periods. We do not opt in to any feature that would allow training on your content, and we use the shortest retention and the no-logging or zero-retention settings reasonably available.
  • We have written data protection terms in place with each provider, including the standard contractual clauses as adapted for the United Kingdom.
  • We may add other commercial AI providers as sub-processors. If we do, we will tell you in advance so you can object before the change takes effect.
  • We delete or return your data, and the outputs of the review, at the end of the trial, or earlier if you ask us in writing.

The rest of this Agreement says all of that precisely.

Background

A. The Processor operates Infinite Accountant, a product that performs an AI-assisted technical review of draft UK statutory accounts (the “Services“).

B. The Controller wishes to take part in a confidential, invitation-only trial of that product, conducted on a blind basis (the “Trial“). For the Trial the Controller will upload one or more zipped accounts working papers packs (each a “Pack“) to the Processor through the Infinite Accountant secure upload facility, so that the product can carry out, and the parties can evaluate, a technical review of those accounts.

C. The encrypted Pack is decrypted only on the Trial Principal’s secured computer; relevant content from it is then transmitted to the commercial AI providers engaged as sub-processors, which process that content, principally in the United States, to assist the review. The sub-processors, the international transfer and the safeguards relied on are set out in clauses 8 and 9 and in Schedule 3.

D. The Packs contain personal data. The Controller is the controller of that personal data and the Processor processes it on the Controller’s behalf. Where, in respect of some or all of that personal data, the Controller is itself acting as a processor for its own clients, the Processor acts as a sub-processor and this Agreement enables the Controller to meet the obligations it owes those clients (see clause 2).

E. This Agreement is drafted to satisfy Article 28(3) of the UK GDPR. Nothing in it is a representation by, or an endorsement from, the ICO or any other regulatory or professional body.

1. Definitions and interpretation

1.1 In this Agreement:

AI Sub-processors” means the commercial AI providers engaged by the Processor to carry out, or assist with, the AI-assisted technical review, as listed in Schedule 3 (as at the date of this Agreement, Anthropic, OpenAI and Google, and, where used subject to the controls in clause 8.5, the OpenRouter routing layer and any pinned downstream provider).

Approved Routing” means the constraints in clause 8.5 governing any use of a routing or aggregation layer.

Data Protection Law” means all law applicable to the processing of personal data under this Agreement, including the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, in each case as amended or replaced.

UK GDPR” means Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, as amended.

controller“, “processor“, “data subject“, “personal data“, “special category data“, “processing“, “personal data breach” and “supervisory authority” each have the meaning given in the UK GDPR.

ICO” means the Information Commissioner’s Office.

Pack” has the meaning given in Background paragraph B and is further described in Schedule 1.

Standard Contractual Clauses” or “SCCs” means the standard contractual clauses for the transfer of personal data to third countries, as adapted for the United Kingdom by the International Data Transfer Addendum issued by the Information Commissioner under section 119A of the Data Protection Act 2018 (the “UK Addendum“), or the standalone UK International Data Transfer Agreement where used instead.

Sub-processor” means any third party engaged by the Processor to process personal data on the Controller’s behalf under this Agreement, including the upload hosting provider, the AI Sub-processors, and any pinned downstream provider reached through a routing layer.

Transfer Risk Assessment” or “TRA” means the Processor’s documented assessment of the risks of the international transfers described in clause 9 and the supplementary measures relied on.

Trial Data” means the personal data, contained in the Packs uploaded by the Controller, that the Processor processes on the Controller’s behalf under this Agreement, as described in Schedule 1.

Trial Outputs” means the results of the technical review and any data derived from the Trial Data in the course of the Trial, including the review output, any extracts or working notes taken from a Pack, evaluation records, and any analysis, in each case to the extent it contains or is derived from the Trial Data.

Trial Principal” means the role at Infinite Accountant responsible for the single secured computer on which Trial Data may be decrypted. The current holder of the role is recorded in the Contacts section.

1.2 A reference to a statute is to that provision as amended or re-enacted. Headings are for convenience only. “Including” means including without limitation. The Schedules form part of this Agreement.

1.3 Where there is any conflict between this Agreement and Data Protection Law, Data Protection Law prevails. Where there is any conflict between this Agreement and any other data protection agreement between the parties, this Agreement prevails, except that Schedule 2 prevails on the detail of the technical and organisational measures.

2. Status of the parties

2.1 As between the parties, the Controller determines the purposes and means of the processing and the Processor processes the Trial Data only on the Controller’s behalf. For Data Protection Law the Controller is the controller and the Processor is the processor, save where clause 2.2 applies.

2.2 Where the Controller is itself acting as a processor for one or more of its own clients (who are the controllers), the Processor acts as a sub-processor. This Agreement then constitutes the Controller’s onward written instructions, the protections the Processor owes the Controller apply equally for the benefit of that client so that the same protections flow down the chain, and the Controller confirms it has the authority and instructions of the relevant client to engage the Processor for the Trial on these terms.

2.3 Each party will comply with its own obligations under Data Protection Law. Nothing in this Agreement relieves either party of any obligation imposed on it directly by Data Protection Law.

2.4 The Controller’s warranties. The Controller warrants and undertakes that:

(a) it has a lawful basis under Article 6 of the UK GDPR and, for any special category or criminal-offence data, a condition under Article 9 or Article 10 and, where relevant, a condition in section 10 of, and Schedule 1 to, the Data Protection Act 2018, for the processing it instructs;

(b) it has given the data subjects the transparency information required by Articles 13 and 14, covering the processing under this Agreement, including the use of the AI Sub-processors and the transfer of personal data outside the United Kingdom;

(c) the individual accepting this Agreement on the Controller’s behalf has authority to bind the Controller; and

(d) it has the authority and all necessary instructions to provide each Pack and to engage the Processor on these terms, including, where the personal data originates from or belongs to an underlying client controller, the authority of that client.

3. Subject matter, duration, nature and purpose

3.1 The subject matter, duration, nature and purpose of the processing, the types of personal data, and the categories of data subject are set out in Schedule 1, as required by Article 28(3).

3.2 Purpose limitation. The Processor processes the Trial Data and the Trial Outputs solely to run and evaluate the Services for the Trial, and for no other purpose. The Processor will not use the Trial Data or the Trial Outputs to train, tune, benchmark, develop or improve any model, product or service, or for any analytics, profiling, marketing or commercial purpose, except as the Controller expressly authorises in writing.

3.3 No training; minimum retention. The AI-assisted review is carried out using the AI Sub-processors in Schedule 3. The Processor relies on those providers’ commercial terms, under which customer inputs and outputs are not used to train their models by default, and the Processor will not opt in to, or enable, any feature that would permit such training. The Processor applies the no-training defaults and the shortest retention, and the no-logging or zero-retention settings, reasonably available from each provider. The position relied on for each provider is summarised in Schedule 3 as at the date of this Agreement; the binding terms are those in each provider’s then-current data processing addendum, which the Processor re-verifies periodically and on any material change.

4. The Processor’s obligations

These correspond to Article 28(3)(a) to (h).

4.1 Documented instructions. The Processor will process the Trial Data only on the Controller’s documented instructions, including this Agreement and Schedule 1, and including as to transfers, unless required to do otherwise by law to which it is subject; in that case it will inform the Controller before processing, unless the law prohibits this on important grounds of public interest. If, in the Processor’s opinion, an instruction infringes Data Protection Law, it will inform the Controller without delay.

4.2 Confidentiality of authorised persons. The Processor will ensure that the only persons who can decrypt and read the Trial Data are the Trial Principal and any further person the Processor authorises and notifies to the Controller, and that they are bound by an appropriate duty of confidentiality, whether contractual, statutory or professional. Access is strictly need-to-know.

4.3 Security. The Processor will implement and maintain the measures required by Article 32, as set out in clause 6 and Schedule 2.

4.4 Sub-processors. The Processor engages the Sub-processors in Schedule 3, and will not engage any further Sub-processor for the Trial except under clause 8.

4.5 Data subject rights. Taking into account the nature of the processing, the Processor will assist the Controller by appropriate measures, so far as possible, to respond to data subject requests under Chapter III. If the Processor receives such a request directly, it will not respond other than to acknowledge receipt where required, and will forward it to the Controller without undue delay.

4.6 Wider obligations. Taking into account the nature of the processing and the information available to it, the Processor will assist the Controller to comply with Articles 32 to 36 (security, breach notification, data protection impact assessments, and prior consultation with the ICO).

4.7 Return or deletion. The Processor will delete or return the Trial Data and the Trial Outputs at the Controller’s choice in accordance with clause 11.

4.8 Information and audits. The Processor will make available the information necessary to demonstrate compliance with Article 28 and this Agreement, and will allow for and contribute to audits in accordance with clause 12.

5. Confidentiality and personnel

5.1 The Trial is confidential and invitation-only. The Processor will keep confidential the Trial Data, the Trial Outputs, the Packs and their contents, and the fact and detail of the Controller’s participation, and will not disclose them except as necessary to perform this Agreement (including to the Sub-processors in Schedule 3), as required by law or a regulator, or as the Controller authorises in writing.

5.2 The Processor will limit access to the Trial Data to those who need it to run and evaluate the Services, on a need-to-know basis. In readable form, the Trial Data is accessible only to the Trial Principal, and to any further authorised person notified to the Controller, on a single secured computer, as described in Schedule 2.

5.3 Professional confidentiality. The parties acknowledge that the Packs may also be subject to professional confidentiality owed by the Controller under the ICAEW Code of Ethics or an equivalent professional code. Participation in the Trial, and the disclosures it involves, are intended to be consistent with that confidentiality and are covered by the client authority warranted in clause 2.4.

5.4 This clause 5 survives the end of the Trial and termination.

6. Security (Article 32)

6.1 Taking into account the state of the art, the nature, scope, context and purposes of the processing, and the risk to data subjects, the Processor implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk. Those measures are set out in full in Schedule 2 and incorporated here.

6.2 The central measures are these. Every Pack is encrypted at rest on the server the instant it is uploaded, using public-key cryptography. The server holds only a public key and cannot decrypt anything. The Trial Data can be decrypted only on a single secured computer controlled by the Trial Principal. Plaintext is never retained on the server. Transfer is over HTTPS. Where the review requires it, relevant content is transmitted from that secured computer to the AI Sub-processors over encrypted connections, under the terms in Schedule 3. Access is need-to-know.

6.3 Key management and continuity. The secret key is held in hardware-backed secure key storage on the secured computer and is never placed on, or transmitted to, the server. An encrypted backup of the secret key is held under split custody so that the loss or unavailability of the holder of the Trial Principal role does not cause permanent loss of access; the backup is itself protected to the standard in Schedule 2. That backup, held under dual control, is what assures continuity, so the role can be reassigned without any single person being a point of failure. The Processor will keep the Contacts section current on any change of holder.

6.4 The Processor will not materially reduce the protection given by the measures in Schedule 2 during the Trial. It may improve or add to those measures, and will keep them under review.

7. Special category and high-risk data

7.1 The parties do not intend that any Pack should contain special category data within Article 9, or criminal-offence data within Article 10. The Controller will take reasonable steps to minimise its presence, and, so far as practical, to remove or avoid high-risk identifiers such as National Insurance numbers and tax references that are not needed for the review.

7.2 The parties recognise that working papers for statutory accounts may incidentally contain such data, for example a reference to an individual’s health in a director’s loan note, in correspondence, or in free-text background notes, and both parties acknowledge its heightened sensitivity. Where it is, despite clause 7.1, present in a Pack:

(a) the Controller is responsible for ensuring that an appropriate condition under Article 9 or Article 10, and where relevant a condition in section 10 of, and Schedule 1 to, the Data Protection Act 2018, applies to the processing it instructs;

(b) the Processor applies the measures in Schedule 2 to all Trial Data without distinction by category, so that any such data receives the same encryption at rest and the same decrypt-only-locally protection as all other data in the Pack; and

(c) the Processor may decline to transmit to an AI Sub-processor, or may quarantine, any Pack or free-text material that plainly contains special category or criminal-offence data, and will notify the Controller so that the material can be removed or the instruction confirmed in writing.

7.3 The international transfer of any such incidental data to the AI Sub-processors is addressed by the safeguards in clause 9 and the Transfer Risk Assessment.

8. Sub-processors

8.1 The Controller gives the Processor general written authorisation to engage the Sub-processors in Schedule 3 for the Trial. As at the date of this Agreement those are the upload hosting provider (which stores the encrypted Packs and cannot decrypt them) and the AI Sub-processors, each described in Schedule 3.

8.2 The Processor may add or replace a Sub-processor, including by engaging another commercial AI provider. It will give the Controller prior written notice identifying the Sub-processor, its location, the processing it will carry out and the transfer safeguard relied on, so that the Controller has the opportunity to object before the change takes effect.

8.3 The Controller may object to a new or replacement Sub-processor, and may withdraw a previously given authorisation, on reasonable data protection grounds by written notice. If the parties cannot resolve the objection, the Controller may withdraw from the Trial under clause 14 and require deletion or return under clause 11, without penalty.

8.4 Wherever the Processor engages a Sub-processor, it will impose on that Sub-processor, by written contract, data protection obligations no less protective than those in this Agreement, in particular the security measures, the no-training, no-logging and minimum-retention terms in Schedule 3, and the requirement to provide sufficient guarantees to implement appropriate technical and organisational measures. The Processor remains liable to the Controller for the performance of each Sub-processor’s obligations, subject to clause 13.

8.5 Approved Routing (aggregation layers). A routing or aggregation layer (such as OpenRouter) directs a request to one of several downstream model providers, each under its own terms, some of which may log or train on inputs. Where the Processor uses such a layer for Trial Data at all, it will: keep prompt logging and chat logging switched off; pin routing to a closed list of approved downstream providers that offer no-logging or zero-retention terms; treat each such downstream provider as a further Sub-processor recorded in Schedule 3; and execute the layer’s commercial data processing agreement. Where those controls cannot be assured for a given route, the Processor will not send Pack content through the layer and will process it direct with an approved AI Sub-processor instead.

9. Location of processing and international transfers

9.1 The hosting and storage of the encrypted Packs is in the United Kingdom (see Schedule 3). The encrypted Packs are decrypted only on the single secured computer controlled by the Trial Principal, which is located in the United Kingdom. The upload hosting provider stores ciphertext only and cannot decrypt it.

9.2 To carry out the review, relevant content from the Trial Data is transmitted from that secured computer to the AI Sub-processors in Schedule 3. Those providers process that content outside the United Kingdom, principally in the United States. This is a transfer of personal data to a third country within Chapter V of the UK GDPR.

9.3 For those transfers the Processor relies, as the primary safeguard, on each provider’s data processing addendum incorporating the Standard Contractual Clauses as adapted by the UK Addendum (or the standalone UK International Data Transfer Agreement). Where a provider holds a valid certification under the EU-US Data Privacy Framework and its UK Extension, that mechanism may be relied on as an alternative; because the durability of that framework is the subject of live legal challenge, the Processor treats the SCCs as the position it relies on. Schedule 3 records the mechanism for each provider. The Processor maintains a documented Transfer Risk Assessment supporting these transfers and the supplementary measures relied on (including the encryption, minimisation and no-logging or zero-retention controls in this Agreement), and will make it available to the Controller on request.

9.4 The Processor makes no other international transfer of the Trial Data or the Trial Outputs, and will not transfer it to, or access, process or store it from, any further country outside the United Kingdom, or permit any other third party to do so, without the Controller’s prior written authorisation (or its authorisation of a Sub-processor under clause 8) and an appropriate transfer mechanism satisfying Chapter V. Where Approved Routing is used, the location of downstream processing is that of the pinned provider, under that provider’s transfer mechanism.

10. Personal data breach

10.1 The Processor will notify the Controller of any personal data breach affecting the Trial Data or the Trial Outputs without undue delay, and in any event within 24 hours of becoming aware of it. Notification may be given by email in the first instance, to the Controller’s contact named below, followed by written confirmation.

10.2 The notification will, so far as then known, describe: the nature of the breach, including where possible the categories and approximate number of data subjects and of records concerned; the likely consequences; the measures taken or proposed to address it, including measures to mitigate adverse effects; and a point of contact at the Processor.

10.3 Where the information cannot all be provided at once, it may be provided in phases without further undue delay. The Processor will document every breach affecting the Trial Data or the Trial Outputs and make that documentation available to the Controller on request.

10.4 The Processor will co-operate with the Controller and take such reasonable steps as the Controller directs to investigate, mitigate and remediate the breach and to assist the Controller under Articles 33 and 34. The Processor will not notify the ICO, any data subject or any other third party on the Controller’s behalf, or in a way that identifies the Controller, without the Controller’s prior written instruction, unless required by law.

11. Retention, return and deletion

11.1 The Trial ends, for this Agreement, on the earliest of: the date the parties agree in writing that it has concluded; the date the Controller withdraws by written notice; and any termination of this Agreement (the “End of Trial“).

11.2 At the Controller’s choice, the Processor will return to the Controller or securely delete the Trial Data and the Trial Outputs, and will delete all existing copies, at the End of Trial or earlier on the Controller’s written request, unless Data Protection Law requires retention. This covers: the encrypted Packs on the upload server; any decrypted copy, extract or working note on the Trial Principal’s secured computer; the review output, derived data and evaluation records; and any Trial Data or Trial Outputs held by a Sub-processor, which the Processor will procure is deleted or returned, subject to the retention periods in Schedule 3 and any retention required by law. The Processor will give effect to the choice without undue delay and in any event within 30 days, and will tell the Controller of anything it (or a Sub-processor) must retain and why.

11.3 Deletion means the secure and irreversible destruction of the encrypted Packs on the server, of any decrypted copy, extract, working note or evaluation record on the secured computer, and of the secret key where the Controller so requests. Because the server holds only ciphertext, deletion of the encrypted files removes the only stored copy the server holds, and deletion of the secret key renders any remaining encrypted copy permanently unreadable. Content processed by an AI Sub-processor is subject to that provider’s deletion and retention terms in Schedule 3, and the Processor will not opt in to longer retention than necessary for the Trial. On written request, the Processor will certify in writing that it has complied with this clause 11.

12. Information and audit

12.1 The Processor will, on the Controller’s reasonable written request, make available the information necessary to demonstrate compliance with Article 28 and this Agreement, including the data protection and transfer terms in place with each Sub-processor in Schedule 3, and the Transfer Risk Assessment under clause 9.

12.2 The Processor will allow for and contribute to audits, including inspections, by the Controller or an auditor it mandates, on reasonable prior written notice, during normal business hours, no more than once during the Trial unless a personal data breach occurs or a regulator requires otherwise, and conducted so as not to compromise the confidentiality of the Trial, the security of the keying material, or the personal data of any other participant or client. The Processor maintains an append-only manifest recording the receipt of each Pack (the fact of receipt, not the content) and will make that record available to the Controller in respect of its own Packs on request.

13. Liability

13.1 Each party remains liable for its own compliance with Data Protection Law. Nothing in this Agreement limits or excludes either party’s liability to a data subject or to the ICO, or any liability that cannot lawfully be limited or excluded.

13.2 Uncapped matters. Nothing in clause 13.3 limits either party’s liability for: death or personal injury caused by negligence; fraud or fraudulent misrepresentation; the Processor’s breach of clause 3.2 (purpose limitation) or clause 3.3 (no training); a party’s liability to indemnify under clause 13.5; or any liability that cannot lawfully be limited.

13.3 Cap. Subject to clauses 13.1 and 13.2, each party’s total aggregate liability arising out of or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty or otherwise, is limited to £1,000. The parties acknowledge that the Services are provided for the Trial only and for no fee, and that this cap reflects that allocation of risk.

13.4 This Agreement does not create any payment, service-level or warranty obligation between the parties beyond those set out here.

13.5 Controller indemnity. The Controller will indemnify the Processor against losses, fines and reasonable costs arising from: the absence of a lawful basis or, for special category or criminal-offence data, an Article 9 or Article 10 condition for the processing the Controller instructs; the Controller’s failure to provide the transparency information in clause 2.4(b); or the Controller’s lack of authority or client instruction under clause 2.4(d). This indemnity does not apply to the extent the loss is caused by the Processor’s own breach of this Agreement.

14. Term and termination

14.1 This Agreement takes effect on acceptance by the Controller (see Acceptance) and continues until the End of Trial and completion of the Processor’s obligations under clause 11.

14.2 The Controller may terminate, and withdraw from the Trial, at any time on written notice, without giving a reason. Either party may terminate on written notice if the other materially breaches this Agreement and, where the breach is capable of remedy, fails to remedy it within 14 days of written notice requiring it.

14.3 Clauses 5, 10 (for breaches affecting Trial Data or Trial Outputs still held), 11, 13 and 15, together with any provision that by its nature is intended to survive, continue after termination.

15. General

15.1 Entire agreement. This Agreement, with its Schedules and any written participation terms for the Trial, is the entire agreement between the parties on the processing of personal data for the Trial and supersedes any earlier understanding on that subject.

15.2 Variation. Any variation must be in writing and agreed by or on behalf of both parties, save that the Processor may update Schedule 3 to add or replace a Sub-processor under clause 8.

15.3 Severance and waiver. If any provision is held invalid or unenforceable, the remaining provisions continue in force. A failure or delay in exercising a right does not waive it.

15.4 Third parties. A person who is not a party has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term, save that a client on whose behalf the Controller acts (clause 2.2) may rely on the protections in this Agreement to the extent necessary to give effect to its rights under Data Protection Law.

16. Governing law and jurisdiction

This Agreement, and any dispute or claim arising out of or in connection with it or its subject matter, including any non-contractual dispute or claim, is governed by the law of England and Wales, and the parties submit to the exclusive jurisdiction of the courts of England and Wales.

Schedule 1: Details of the processing (Article 28(3))

Subject matter. Personal data contained in zipped accounts working papers Packs uploaded by the Controller for the Trial of the Services.

Duration. From the first upload until the End of Trial (clause 11), followed by deletion or return of the Trial Data and the Trial Outputs.

Nature. Receipt of each Pack over an encrypted connection; immediate encryption at rest on the server; secure storage of the encrypted Pack by the upload hosting provider, which cannot decrypt it; decryption of the Pack, or of relevant extracts, on a single secured computer controlled by the Trial Principal; transmission of relevant content to the AI Sub-processors in Schedule 3, which process it outside the United Kingdom, principally in the United States, for the review; receipt of the review outputs; evaluation of that review; and deletion or return at the End of Trial.

Purpose. Solely to run and evaluate the Services, namely an AI-assisted technical review of draft UK statutory accounts, for the Trial, and for no other purpose (clause 3.2).

The Pack. Each Pack is a zipped archive that may contain: draft statutory accounts; draft corporation tax computations; the latest engagement letter; a draft letter to the client; last year’s final signed accounts and corporation tax computation; the closing trial balance; the full working papers; free-text background notes; and the names of the Controller’s Preparer and Partner.

Types of personal data. Within those documents the Trial Data may include: identifying and contact details of individuals named in the records, including names, addresses, dates of birth and contact details; financial and tax information relating to identifiable individuals, including income, drawings, dividends, directors’ loan and current account balances, remuneration, and tax references and computations; the names of the Controller’s staff, including the Preparer and Partner, and other individuals named in the working papers or background notes; and, incidentally only, potentially special category data (clause 7).

Categories of data subject. The Controller’s clients who are individuals, including sole traders, partners, company directors, shareholders and other individuals named in the financial records; where the Controller’s client is an entity, the individuals connected with it whose personal data appears in the records; and the Controller’s own staff, including the named Preparer and Partner and any other staff or contacts in the Pack.

Schedule 2: Technical and organisational measures (Article 32)

The Processor implements and maintains the following measures for the Trial. Measures 1 to 5 describe the encryption-at-rest and decrypt-only-locally model that is the central measure under Article 32 for the upload and storage step.

  1. Encryption at rest, on upload. Each Pack is encrypted at rest on the server the instant it is received. Encryption is part of receipt, not a later step, and each encrypted Pack is written as a single encrypted file.
  2. Public-key cryptography. The scheme uses public-key cryptography, implemented with the libsodium cryptographic library. For each Pack a fresh random content key is sealed to the recipient’s X25519 public key, and the contents are encrypted as an authenticated stream under that content key using XChaCha20-Poly1305, processed in fixed-size 64 KiB chunks so that an arbitrarily large Pack is encrypted without holding the whole file in memory.
  3. The server cannot decrypt. The server holds only the X25519 public key, which can seal data but cannot open it. The matching secret key is never placed on the server, never transmitted to it, and never stored in the website or hosting control panel in any form. The server, the upload hosting provider, and any person with access to the server therefore cannot decrypt any Pack.
  4. Decryption only on one hardened computer. The Trial Data can be returned to readable form only on the single secured computer that holds the secret key, controlled by the Trial Principal, using a standalone local decryption tool. Decryption never takes place on the server. That computer is protected by full-disk encryption, operating-system hardening, and an automatic screen lock; the secret key is held in hardware-backed secure key storage and is not shared. Access is restricted to the Trial Principal and to any further authorised person notified to the Controller.
  5. No plaintext retained on the server (fail-safe). The uploaded plaintext is consumed during encryption and the original is removed, so no readable copy is left in the public web directories. The system fails safe: if encryption cannot complete, the upload is quarantined to a deny-all directory and marked as failed, or, if even that is unavailable, deleted, and an urgent alert is raised. In no case is readable client data left at a publicly reachable address.
  6. Storage protection. Encrypted Packs are stored in a directory protected by a deny-all rule; a direct web request for an encrypted file returns 403 Forbidden; and the files carry non-guessable identifiers.
  7. Integrity and tamper-evidence. The XChaCha20-Poly1305 construction authenticates every chunk. Any alteration, truncation or corruption of an encrypted file, or use of the wrong key, causes decryption to abort with a clear error and produce no output, rather than yield altered or partial data.
  8. Transport security. All transfer of a Pack to the server is over HTTPS (TLS). The Controller is asked to protect each Pack with a password and to share that password by a separate channel, never within the upload form.
  9. Transmission to the AI Sub-processors. Relevant content is transmitted from the secured computer to the AI Sub-processors over encrypted connections (TLS). The AI Sub-processors are engaged under written terms covering encryption in transit, the no-training position, defined retention with deletion, and the international transfer safeguards, all as recorded in Schedule 3. The Processor sends only the content necessary for the review, keeps prompt and chat logging off where a routing layer is used, and does not enable any feature that would permit the providers to train on the content.
  10. Key management and continuity. The secret key is hardware-backed and held only on the secured computer. An encrypted backup is held under split custody, protected to the same standard, so that loss or unavailability of the holder of the Trial Principal role does not cause permanent loss of access and the role can be reassigned without any single person being a point of failure.
  11. Access control, need-to-know. Retrieval of an encrypted Pack through the administrative interface requires an authenticated administrator account and a per-action security token. Return to readable form requires the secret key on the secured computer. Access to readable data is restricted to the Trial Principal, and to any further authorised person notified to the Controller, on a need-to-know basis.
  12. Personnel and confidentiality. The Trial Principal and any other authorised person are bound by an appropriate duty of confidentiality, whether contractual, statutory or professional, and are instructed to process the Trial Data only on the Controller’s documented instructions.
  13. Logging. The Processor maintains an append-only manifest recording the receipt of each Pack (the fact of receipt, not the content), with a guard against formula injection.
  14. Data location and minimisation. The upload server, the storage of the encrypted Packs, and the secured computer are all in the United Kingdom. The review involves processing by the AI Sub-processors outside the United Kingdom, principally in the United States, under the safeguards in Schedule 3 and clause 9. The Trial Data is processed, and content is sent to the AI Sub-processors, only to the extent necessary for the Trial.
  15. Deletion. Deletion of a Pack is the secure deletion of the encrypted file (the only stored copy the server holds), together with deletion or return of the Trial Outputs and of any content held by a Sub-processor, in accordance with clause 11 and the retention terms in Schedule 3.
  16. Review of measures. The Processor reviews these measures periodically and on any material change to the Trial, and will not materially reduce the protection they give during the Trial.

Schedule 3: Sub-processors

The Processor engages the following Sub-processors for the Trial. The Controller’s authorisation is given in clause 8.1. The statements below describe each provider’s published position as at the date of this Agreement; the binding terms are those in each provider’s then-current data processing addendum, which the Processor re-verifies periodically and on any material change. The Processor will keep this Schedule up to date and will notify the Controller in advance of any intended addition or replacement under clauses 8.2 and 8.3.

1. Upload hosting provider

  • Sub-processor: Hostinger.
  • Role: hosting and storage of the encrypted Packs (ciphertext only).
  • Location: pinned United Kingdom data centre.
  • Processing and access: stores each encrypted Pack at rest only. The provider holds no secret key, cannot decrypt any Pack, and has no access to readable client content. Because it only ever holds ciphertext, its location is not determinative of confidentiality; the region is nonetheless pinned, and the provider’s own sub-processors are covered by its terms.
  • International transfer: none required for readable content; the hosting and storage are in the United Kingdom and the stored data is ciphertext the provider cannot read.

2. AI Sub-processor: Anthropic (Claude)

  • Role: AI-assisted technical review of relevant content transmitted to the Claude API under Anthropic’s Commercial Terms.
  • Location: primarily the United States; limited regional data-residency options exist but are not the default.
  • Training: under the Commercial Terms, inputs and outputs are not used to train Anthropic’s models unless the customer affirmatively opts in (for example by joining the Development Partner Program or submitting feedback). The Processor does not opt in and will not enable any such feature. These commitments sit under the Commercial Terms and are not affected by Anthropic’s consumer-product settings.
  • Retention: standard commercial back-end retention is short (30 days as at the date of this Agreement), after which inputs and outputs are deleted, save that content flagged for a Usage Policy review may be retained for up to around two years, and safety-classifier results may be retained to enforce the Usage Policy. Zero Data Retention is available on approval for eligible API use; certain models carry their own mandatory retention and are not ZDR-eligible. The Processor uses the no-training defaults and the shortest retention reasonably available.
  • Contractual safeguards: Anthropic’s Data Processing Addendum, incorporating the SCCs as adapted by the UK Addendum, applies under the Commercial Terms; a counter-signed copy is obtainable on request.
  • Transfer mechanism: SCCs as adapted by the UK Addendum.

3. AI Sub-processor: OpenAI

  • Contracting and importer: for United Kingdom and EEA personal data, OpenAI Ireland Limited is the contracting party that processes the data under OpenAI’s Data Processing Addendum, with onward transfers to the United States under the SCCs as adapted by the UK Addendum.
  • Role: AI-assisted technical review of relevant content transmitted to the OpenAI API.
  • Location: primarily the United States; at-rest data residency (including the United Kingdom) is available for eligible API use, but default inference processing is United States based.
  • Training: API inputs and outputs are not used to train OpenAI’s models by default. The Processor does not opt in, and avoids feedback mechanisms that could opt content into training.
  • Retention: API inputs and outputs may be retained for up to 30 days for abuse and misuse monitoring, then deleted unless OpenAI is legally required to retain them. Zero Data Retention and Modified Abuse Monitoring are available on approval for eligible use. The Processor uses the shortest retention reasonably available.
  • Security: SOC 2 Type 2 and ISO 27001; encryption at rest (AES-256) and in transit (TLS).
  • Sub-processing: OpenAI relies on Microsoft (Azure) for infrastructure, which forms a further link in the chain.
  • Contractual safeguards: OpenAI’s Data Processing Addendum covering the API, executable online.
  • Transfer mechanism: SCCs as adapted by the UK Addendum (primary). The EU-US Data Privacy Framework and its UK Extension may be relied on as an alternative where OpenAI holds a valid certification; given the live challenge to that framework, the SCCs are the position relied on.

4. AI Sub-processor: Google (Gemini Enterprise / Google Cloud)

  • Contracting entity (United Kingdom): Google Cloud EMEA Limited, Ireland.
  • Role: AI-assisted technical review of relevant content transmitted to Gemini (Gemini Enterprise Business Edition or a Google Cloud / Vertex AI configuration).
  • Training: under Google’s Service Specific Terms (Training Restriction), Google does not use customer content to train or fine-tune its models without the customer’s permission or instruction. The Processor gives no such permission.
  • Processing terms: customer content is processed under the Google Cloud Data Processing Addendum (CDPA).
  • Location and residency: processing may occur on Google’s global infrastructure by default. Data-residency and region pinning are available and are stronger on the Standard, Plus and Vertex AI tiers than on the Business Edition, where the global location is the default. For Packs the Processor pins processing to the EU or UK, or uses a Vertex AI configuration. Abuse-monitoring logging may apply to certain advanced features and can limit zero retention.
  • Retention: short, per the CDPA and service terms; zero-retention-equivalent terms are available for eligible enterprise use through the Google account team.
  • Security and certifications: SOC 1/2/3, ISO 27001, 27017, 27018, 27701 and 42001; FedRAMP.
  • Transfer mechanism: SCCs as adapted by the UK Addendum, via the CDPA. The Irish contracting entity sits in the EEA, which is an adequate jurisdiction for UK transfers; onward transfers outside adequate countries rely on the CDPA’s SCCs.

5. Routing layer (optional): OpenRouter

Used, if at all, only under the Approved Routing controls in clause 8.5.

  • Role: a routing layer providing access to multiple commercial models. A request may be served by one of several downstream providers, each under its own model terms.
  • Risk: some downstream providers may log or train on inputs by default; the actual processor of a given request depends on routing.
  • Controls applied by the Processor: prompt logging and chat logging are kept off; routing is pinned to a closed list of approved downstream providers offering no-logging or zero-retention terms; each pinned downstream provider is treated as a further Sub-processor and recorded in this Schedule; OpenRouter’s commercial Data Processing Agreement is executed. Where these controls cannot be assured for a route, Pack content is not sent through OpenRouter and is processed direct with an approved AI Sub-processor instead.
  • Location: OpenRouter operates from the United States; downstream processing occurs wherever the pinned provider operates, under that provider’s safeguards.
  • Transfer mechanism: OpenRouter’s Data Processing Agreement (SCCs / UK Addendum), together with the pinned downstream provider’s own mechanism.
  • Note: OpenRouter’s general terms cap its liability and apply New York law and arbitration as between OpenRouter and its customer. That does not affect the Processor’s responsibility to the Controller for its Sub-processors under clause 8.4, as limited by clause 13.

Other commercial AI providers

The Processor may engage other commercial AI providers as Sub-processors for the Trial. It will notify the Controller in advance, identifying the provider, its location, the processing it will carry out and the transfer safeguard relied on, and giving the Controller the opportunity to object before the change takes effect, under clause 8. The Controller’s written authorisation, objection or withdrawal will be retained with this Agreement.

Contacts

Notices under this Agreement must be in writing and sent to the contacts below (or to such other contact as a party notifies in writing).

For the Controller: the authorised contact the Firm provides on the upload form.

For the Processor: Umar Memon, Trial Principal, Infinite Accountant, Jack Ross Limited, Barnfield House, The Approach, Blackfriars Road, Salford, Manchester, M3 7BX, umar@jackross.co.uk.

Acceptance

By ticking the consent box on the secure upload form and submitting the form, the Firm confirms that it is authorised to share the data for the Trial and accepts this Agreement on behalf of the Controller. Acceptance takes effect on submission, and this Agreement then governs the processing of every Pack the Firm uploads for the Trial. No separate signature is required. A countersigned copy is available on request before you upload anything.