Privacy Policy

Privacy Note


This privacy notice explains how Geode Software Ltd ("we") processes your personal data. It explains what data we collect, how we use it, who we share it with and how long we keep it for. Please read it carefully, as it specifies which rights you have and how you can exercise your rights.


There are two software applications which you can use with the service, Easy Books and Easy Invoice. We refer to them here as "the app".


We take data protection and your privacy very seriously. So, we've decided to make a promise about what we'll use the information you give us for. You consent to us processing the types of personal data set out in our privacy notice so that we can provide the app to you.


We will only process your personal information for the purposes set out in our privacy notice, should this change we will ask your consent for any additional processing we need to.


We think the term process is a little misleading for what we're doing, but the term is widely used in the EU's General Data Protection Regulation (GDPR). In plain English, we collect and store your email address so we can identify you as an account holder. If you forget your password, we can email you with a link to reset it. We will also email you about your account from time to time, for example if there's a problem with your account.


When you use our online backup and sync service ("Online Syncing"), your role as a Data Controller means you should ensure you have consent from your customers and suppliers to store their personal information. Our role as a Data Processor is limited to storing your bookkeeping database; we do not access the information you store unless you want us to, and we would never extract information about your customers and suppliers.


If at any time you do not want us to "process" this personal data, you can contact us via the support link on the website. You should be aware that we will not be able to provide the app to you without your permission to store your email address. You can also delete your account if you want to (see later).


Running the app


When you run the app, the following statistical data is collected to help us monitor what kind of devices are running the app. This is used to decide when the app should take advantage of new features of new operating systems and when to discontinue development on older platforms.


Hardware Model and OS (iPhone, iPad, iMac, MacBook Air and so on)


Version of the app


Easy Books Online Account


To use the app, you will need to register an account using your email address. We collect the following additional information:

  • Your email address
  • IP Address

By supplying your email address, you give us consent to store this personal information for the purposes of providing the app to you.


Our servers will send out email reminders when your service period is coming to an end so that you can continue the service if you want to. We won't keep all your details though, a short time after your account expires we will automatically delete your business data (if you have chosen to upload it). We will retain your account email address and information about your past purchases with us.




Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognize a particular device or browser.


We use the following cookies;



Cookie Name













2 Years

24 Hours

These cookies are set by google analytics.

More about google analytics is available here.


365 days

Using the HotJar API we use this to map and enhance the user experience on the website, informing site additions/changes. More information can be found here.









_ga (Provided by Google Analytics)

2 years

Used to distinguish users.


2 years

Used to distinguish users.


1 minute

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

__hs*, hubspotutk, hsPagesViewedThisSession, hsfirstvisit


Decided by HubSpot



13 months

The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).


13 months

This cookie is used to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.


We use the following Third-Party cookies;





We integrate with Twitter’s api so that you can easily follow our tweets. More information about Twitter’s use of cookies is available here


We integrate with HubSpot’s API to progress and store your information in order to deliver a targeted and tailored online experience. More information can be found here


We use Facebook’s API to deliver targeted advertisements regarding the Easy Books software including promotional periods and special events. More information can be found here.

Google AdWords

We use Facebook’s API to deliver targeted advertisements regarding the Easy Books software including promotional periods and special events. More information can be found here.

Google Analytics

Using the Google Analytics’ API in order to benchmark and analyse your on-site behaviour & engagement. We use this to troubleshoot and benchmark the online experience. More information can be found here.


Using the HotJar API we use this to map and enhance the user experience on the website, informing site additions/changes. More information can be found here.


Signing in from a Device


When you open the app and sign in, we collect additional information which may contain your personal information.


Your device's name (e.g. Fred's iPhone)


The device's name is used to help tell it apart from other devices linked to your account.




If you purchase a subscription via Apple's in-app purchase system we collect an anonymous receipt from Apple. To link the purchase to your Easy Books Online Account, you will need to have registered and signed in. This process usually happens when you first run the app, but you can register at any time, including after you have made a purchase.


If you purchase directly from us by entering your contact and credit card details we will store additional information about the sale, linking it to your license file(s):

  • Your name
  • Your company name

We do not store your credit card information, this is stored by our trusted payment company.


Contacting You


We will use your information to contact you if it affects your service from us. For example, if we need to upgrade the service and it's not possible to do this in the normal period overnight we might consider it important enough to let you know.


We may also use your contact details to email you about changes we've made to the app. You can unsubscribe from our emails by clicking a link at the bottom, or from your account page. If you unsubscribe, we will still send account related information such as password reset emails (if you ask for them). If you want to delete your account, see later.


Lawful Basis for Data Processing


We process your personal data for purposes of entering into and providing the services under our contract. We also process some of your personal information with your consent. Where we use consent, this will be explicitly given and can be removed at any time. We may need to process some of your personal information to also protect our legitimate interest.




We use a third party called Tender to manage our support system. If you request support, your email address and anything you write will be stored in their system. By default, all support requests are private. But if we think others would benefit from your support request, we'll ask to make it public. Your email address always remains private, but you can decide if you want to make the text public.




We use a well-known and respected payment gateway called FastSpring to handle payments. We don't receive credit card information ourselves. We can sign in to the payment company to view your payment history and manage your subscription.


Retention of Data


If you stop using the app on a device, some information, which contains your device name and unique login token is retained for a period of 90 days, after which it is deleted.


If you delete a business from your account page, the data is deleted immediately from our server. This data is also deleted if your account lapses without payment. Any devices connected will receive a popup message saying the business is no longer available, and they stop syncing the business.


If you have uploaded attachments, these are archived into a single file. You will receive an email with details about how you can obtain your archive. This is stored on our servers for a period of 90 days and then deleted. If you want to keep a copy of the files you attached to your accounts, you should download the archive within this period as we cannot retrieve your data afterwards.


We store backup copies of the sync database for disaster recovery purposes. Old copies of the data are deleted as soon as a new one is available. We keep the backups for a week, so if you delete a business, there may be small fragments of your data in our backup for up to a week after you delete it. After that, your business data is no longer retained anywhere.


Deleting Your Account


If you have no purchase history with us, you can delete your account completely from the Settings tab on your account page. Sign in at


If you have made purchases, FastSpring will retain information about your purchases. You can still delete your account from our system, but this is handled differently to preserve some purchase information.


If you delete your account, we remove your account information, for example, your IP address, email, name, business and device information. Purchase history information is retained.


Your Rights


In this section we have summarised the individuals rights under GDPR. Some of the rights are complex, and not all the details have been included. You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.


Your rights under GDPR are;


Right to Access


You have the right to confirm if we do or do not process your personal data, where we do this, access to the data.


Right to Rectification


You have the right to have your data modified/ changed to ensure the data being processed is kept up to date.


Right to Erasure


You have the right to be forgotten/ erasure, which allows you as a data subject to inform us that you no longer want us to store or process your data.


This request may be declined for a number of reasons, which are not limited to; having a lawful basis to process your information, o us needing the information for compliance with legal or contractual obligations.


Right to Restrict Processing


You have the right to stop processing of your personal information. Please be aware you must provide us with a legitimate reason for us to stop processing your information. Any request made that doesn’t conform to the GDPR will be rejected.


Right to Object


On occasions we may send you marketing emails to make you aware on new products that we believe can benefit you, the data subject. As you have the right to object, you can click the unsubscribe link on all of our emails to inform us that you no longer want to receive marketing emails from us.


Right to Data Portability


The right to data portability will allow you as the data subject to have your personal information securely transferred to another organisation for processing. We place this reasonability on you that data subject. When you make this request, we will export all information about you and securely transfer it to you. You, the data subject will be able to give this information to your chosen organisation.


Right to not be subject to Profiling and Automated decision making


Where decisions are made through automated means, or a profile is created using data collected about you, you have the right to request human intervention.

Right to Complain


As a data subject you have the right to complain to the supervisory authority regarding the processing of your personal data.

If you would like to exercise one of these rights or have any questions regarding how we process your data, please contact CEO, Mark Lisburn,


Data Security


You authorise the engagement of Amazon Web Services, Inc. ("Infrastructure Provider") to provide underlying infrastructure services in the provision of the software. Infrastructure Provider’s role includes storage of Customer Personal Data.


Data you enter into the software, such as your customer and supplier names and addresses are stored in a separate database per user. This database is stored by Infrastructure Provider and encrypted while at rest. Decryption keys are managed by Infrastructure Provider and stored in a different location. You acknowledge your role as Data Controller, and ours as Data Processor.


Servers are housed in Amazon's secure data centres in the United States of America and are managed by us. We secure all communications to and from the app using TLS 1.2, and we reject any connections that are not encrypted. This keeps your information confidential between your device and our servers and ensures that the data is safe from eavesdropping while on the Internet.


We will implement and maintain technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of our systems.


We will take appropriate steps to ensure compliance with the Security Measures by our employees and contractors to the extent applicable to their scope of access, including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality. Our staff connect to the servers for monitoring and maintenance. While connected, we also use encrypted connections. In addition, all our computers have encrypted hard drives and complex passwords to prevent unauthorised access, in case they are stolen.


For information about Amazon's GDPR Data Processing Addendum, please click here.


Payment Processing


To process credit card and PayPal payments, we use Fastspring, a well known and respected payment gateway. All data passed between your computer and Fastspring is encrypted too, so your credit card details are safe. We don't store any information about the method of payment you use.


When you make a payment to us for your use of the service, Fastspring store Personal Data such as your name, address, phone number and credit card number. This information will be retained for Fastspring and our legal obligations.


Third Parties


We will never pass on your details to anyone else without your permission. In addition, we have not been required by any court order to reveal any user information we have stored or to keep any secrets about doing so.


We do transfer personal information to third parties outside of the European Economic Area (EEA). We take steps to ensure that where your information is transferred outside of the EEA by our service providers and hosting providers, appropriate measures and controls are in place to protect information in accordance with applicable data protection laws and regulations.


For example, we may share information with affiliates based outside the EEA for the purposes foreseen by this Privacy Notice. We carry out due diligence to ensure these organisations are subject to data protection policies designed to protect data in accordance with EU data protection laws. In each case, such transfers are made in accordance with the requirements of Regulations (EU) 2016/679 (the General Data Protection Regulations or “GDPR”) and may be based on the use of the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA


All Information that is being transferred within the EEA will follow our strict Information Transfer Policy.


We utilise the following third-parties;




Amazon Web Services

Cloud Computing Services

Application data stored here.


Payment Service

Purchase history.

Digital 22


Cookie data.


Application Support

Support data.






Review of This Policy

We keep this Policy under regular review. This Policy was last updated on. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.