Kwilo
Open app
Back to trust centre

Privacy policy

Privacy policy

This page explains what data Kwilo may collect through the site and app, why we use it, and what rights people have under UK data protection law.

Last reviewed 14 April 2026

Kwilo is business software for trades and the people they work with. In this policy, "we", "us" and "our" mean Kwilo. This policy covers the public website at hellokwilo.com, the product at app.hellokwilo.com, and related support or service communications.

What data we may collect

  • Account and identity data, such as name, email address, sign-in details and business role.
  • Business data you create in the service, such as customer details, job records, quotes, invoices, notes, documents and communication history.
  • Technical and usage data, such as device information, browser data, timestamps, IP-related security information and service logs.
  • Support and trust-centre data, such as enquiries, feedback, issue reports and communications with us.
  • AI feature inputs and outputs where AI-assisted features are used to help draft, summarise or transcribe content.

How we use personal data

  • To provide and secure access to Kwilo.
  • To let users manage jobs, quotes, variations, invoices, tax-related workflow and customer communication.
  • To operate, support, troubleshoot and improve the service.
  • To meet legal, regulatory, tax, accounting and fraud-prevention obligations.
  • To send important service messages, policy updates, support responses and account notices.
  • To provide AI-assisted features where enabled, subject to human review and appropriate safeguards.

The main legal bases we rely on

  • Contract: where processing is needed to provide the service a user or business has asked for.
  • Legal obligation: where we must keep records, respond to lawful requests, or comply with tax, accounting or regulatory duties.
  • Legitimate interests: where we need to run, secure, support and improve Kwilo in a reasonable way.
  • Consent: where consent is the appropriate basis, for example for non-essential cookies or certain optional communications.

Who we may share data with

We may share data with trusted service providers who help us host, secure, support or run Kwilo. We may also share data where the law requires it, for example because of a court order or a lawful request from an authority. If AI features are used, prompts and outputs may be processed by approved model providers working on our behalf.

International transfers

Some suppliers may process data outside the UK. When that happens, we expect the right safeguards to be in place, such as adequacy decisions or suitable contractual protections.

Retention

We keep personal data for as long as we reasonably need it to provide the service, run the relationship, deal with disputes, keep the service secure and meet legal duties. Financial and tax-related records may need to be kept for longer, including at least 6 years where that is relevant.

AI-assisted features

If AI features are used, they are there to help users work faster, for example by drafting or transcribing content. AI output can be wrong or incomplete, so important content still needs checking before it is sent to customers or relied on for business or tax purposes.

Your rights

Depending on the circumstances, UK data protection law may give people rights including:

  • access to their personal data;
  • correction of inaccurate data;
  • erasure in some cases;
  • restriction or objection in some cases;
  • data portability in some cases; and
  • the right to complain to the Information Commissioner's Office.

Cookies and similar technologies

We use cookies and similar technologies in the ways described in our cookie notice. Non-essential cookies should not be used on the public site unless proper consent has been given first.

Security

We take reasonable technical and organisational steps to protect data against unauthorised access, loss, misuse and disclosure. No online service can promise perfect security, so users should also use strong passwords, manage access properly and think about what they store in the product.

Changes to this policy

We may update this policy from time to time. If the change is important, we should update the date on this page and let people know before any new use of personal data starts where the law requires that.