Effective Date: January 1, 2025

Last Updated: February 11, 2026

This Privacy Policy explains how All Too Busy Solutions Limited ("AllTooBusy," "we," "us," or "our")collects, uses, shares, and protects your personal information when you use our document andcontract management platform.We take privacy seriously and aim to comply with applicable data protection laws (including UKGDPR and EU GDPR where they apply).

Contact

Privacy Requests: support@alltoobusy.io (Subject: Privacy Request)

Support: support@alltoobusy.io

0. Scope (Global)

AllTooBusy is intended for global use. Some features (including which offer/deal partners areavailable) may vary by country/region. This Privacy Policy applies to all users of the app.

1. Overview of Our Service

AllTooBusy helps you organize household and business documents, track contract expiry dates, and (optionally) see curated partner offers. Our service includes:

• Document Management: AI-powered categorization and organization
• Contract Tracking: Automated reminders for renewals and expiries
• Partner Marketplace: Curated deals from insurance, utility, and financial service providers
• AI Processing: Document summarization and intelligent metadata extraction

Revenue Model: We offer a free service supported by affiliate partnerships with vetted financial service providers.

2. Information We Collect

We collect only what we need to provide the Service.

2.1 Account Information

What we collect:

• Email address (required for account creation and 2-factor authentication)
• Biometric authentication data (Face ID, Touch ID - processed and stored locally on your device
• Account preferences and settings

Why we use it (legal basis): To provide the Service (contract performance)

How we use it: Account creation, authentication, security, and service delivery only)

Note: Biometric data never leaves your device and is managed by iOS/Android security frameworks.

We do not require a phone number to create an account.

2.2 Document Content and Metadata

What we collect:

• Documents you upload (photos, PDFs, images)
• AI-extracted metadata that may include (depending on the document you upload):
  • Document type and category
  • Contract dates and expiry information
  • Account numbers and reference codes
  • Financial amounts and terms
  • Physical addresses (from utility bills, insurance policies)
  • Date of birth (from passports, driving licences/licenses, insurance documents)
  • Dependent information (names, ages from family insurance policies)
  • Other document-specific information

Legal basis:

• Contract performance for core functionality
• Where required by law, explicit consent for special category data (for example, if you upload

‍Purpose: Purpose: Document organization, AI categorization, contract tracking, expiry reminders, family

Note: We do not set browser cookies within the native app experience. If you choose to open third-party websites (for example via offers/deals), those websites may use cookies or similar technologies under their own policies. All data is stored securely via encrypted app storage and cloud services.

2.2.1 Mobile Document Capture, Device Permissions, and Examples

When you use the AllTooBusy mobile app, you may choose to provide documents in several ways. We only access protected resources when you take an explicit action (for example, tapping "Camera" "Scan" , , or "Photo Library").

Photo Library (Choose existing images):

• How we use it: To let you select specific existing photos/images for upload.
• Example: Selecting a saved receipt image from Photos to store in Documents.
• What we do not do: We do not scan your entire photo library; we only receive the items you select.

Photo Library (Add/Save to Photos):

• How we use it: If you choose to export/save an image from the app, we may request permission to save that image to your Photos library.
• Example: Saving a scanned document image to Photos.

Microphone & Speech Recognition (Voice input - if you use it):

• How we use it: To convert your voice to text for in-app voice input features.
• Example: Dictating a reminder title or note instead of typing.
• What we do not do: We do not use your microphone in the background. If you deny this permission, you can still type normally.

2.3 Usage and Analytics Data

What we collect:

• App interaction patterns (features used, time spent)
• Document processing performance statistics (e.g., processing time and error rates) for service improvement

• Device information (device type, OS version, app version)
• Performance data (crash reports, loading times)

Why we use it (legal basis): To improve and protect the Service (legitimate interests)

How we use it: App optimization, performance monitoring, and technical support

2.4 Identifiers

What we collect:

• User ID (internal account identifier)
• Device ID (for analytics and technical purposes)

Why we use it (legal basis): To run the Service (legitimate interests / contract performance depending on the context)

How we use it: Account management, multi-device sync, and technical analytics

3. How We Use Your Information

3.1 Core Service Delivery

• Document Processing: AI categorization, summarization, and organization
• Contract Management: Tracking expiry dates and renewal reminders
• Search and Retrieval: Enabling you to find documents quickly
• Account Management: Secure access and data synchronization

3.2 Document Processing and Analytics

• Metadata Extraction: We use AI services to extract information from your documents (dates, amounts, document type, etc.)
• Feature Development: Analyzing usage patterns to improve functionality
• Technical Optimization: Performance monitoring and service improvements

All metadata extraction is performed via secure API calls. Your documents remain encrypted within our AWS infrastructure. Third-party AI services process documents via API only and do not store or use your data for their own purposes.

3.3 Partner Deal Matching

• Relevant Offers: Matching expiring contracts with appropriate partner deals
• Category-Based Recommendations: Showing relevant insurance, utility, and financial offers based on broad categories (not personalized profiling)
• Affiliate Revenue: Earning commission when you choose partner services (disclosed)

3.4 Communications

• Service Updates: Important app changes and security notifications (mandatory)
• Contract Reminders: Notifications about upcoming renewals and expiries (core functionality)
• Partner Promotions: Optional marketing communications (GDPR-compliant opt-in required)

Marketing Opt-In Policy (GDPR Compliant):

• Separate opt-in checkbox during signup (default: unchecked)
• Granular options: product updates vs. partner deals
• One-click unsubscribe in every marketing email
• You must actively consent - pre-ticked boxes are never used

4. Information Sharing and Disclosure

We do not sell your personal information. Limited sharing occurs for:

4.1 Service Providers

• AWS (Amazon Web Services): Secure cloud storage and processing
• AI Processing Partners: Document analysis (under strict data processing agreements)
• Analytics & Diagnostics Providers: Google Firebase Analytics (usage analytics) and Google Firebase Crashlytics (crash and performance diagnostics)

4.2 Affiliate Partners

• Deal Referrals: When you click partner links, the link includes a pseudonymous referral click identifier (for example, clickref or subid) so that affiliate networks can attribute referrals.

• Commission Tracking: Affiliate networks may report aggregated or pseudonymous conversion information for revenue attribution.

• Minimal data in the link: We do not include your name, email address, document contents, or other document metadata in the partner link URL.

What we do not include in the partner link URL:

• Your name, email, address, or phone number
• Specific contract details (expiry date, current provider, premium amount)
• Extracted document metadata or document content
• After you click through, partners may ask YOU directly to fill out their form - they collect data from you, not from us

Important clarification about third-party websites:

When you tap an offer/deal and open a partner website (for example, a comparison service or provider site), you are leaving our app. Any personal data you enter on those sites (such as name, address, or quote details) is collected by the third party under their own privacy policy. We do not send your document contents or account details to partners.

Offer partners vary by country/region and are shown in the app at the time you tap an offer (for example, Confused.com and uSwitch in the UK).

Like most websites, partner sites may also collect standard technical information when you visit them (for example, your IP address and browser/device information) under their privacy policy.

4.2.1 Affiliate Click Tracking (User Transparency)

What we track when you click or share affiliate offers:

• Which offer you clicked or shared (e.g., "Car Insurance Comparison")
• When you clicked or shared it (date and time)
• Action type (whether you clicked "View Deal" or shared the link)
• Device information (iOS/Android, app version)
• Your home country (from your account settings)
• Pseudonymous tracking reference (clickref)
• Your account ID (so you can view your click history and request export or deletion)

Legal Basis:

• Legitimate interests: Commission reconciliation and fraud prevention
• Contract performance: Showing you your activity and providing affiliate offers as part of our free service

Purpose:

1. Commission tracking: Reconciling clicks with affiliate network reports (Awin, Rakuten)
2. User transparency: Enabling you to view your own click history in the app
3. Service improvement: Understanding which offers are most relevant to users
4. Fraud prevention: Detecting and preventing click fraud or abuse

Who can access this data:

• You: View your own click history in Settings → My Affiliate Activity
• Us: For commission reconciliation and aggregate analytics only
• Affiliate networks: Receive the click identifier in the link (for example, clickref or subid). We do not send your identity (such as name or email) as part of this identifier.
• Third parties: Never - your individual click history is not sold or shared

Retention:

• We keep click history while your account is active to (1) show you your activity and (2) support commission reconciliation and fraud prevention.
• You can request deletion of your click history at any time. In some cases, we may need to retain limited records to comply with legal obligations or to resolve disputes.

Your rights regarding click data:

• Access: View your complete click history in the app‍
• Delete: Delete via in-app controls where available, or contact support@alltoobusy.io (Subject: Privacy Request)‍
• Export: Request a copy via support@alltoobusy.io (Subject: Privacy Request)‍

• Opt-out: Stop using affiliate features - no clicks will be tracked

Important: Affiliate networks (Awin, Rakuten) may set their own cookies when you visit partner websites. Review their privacy policies for details.

4.3 Legal Requirements

• Law Enforcement: When required by law or court order
• Regulatory Authority Requests: When requested by statutory bodies under applicable law (for example, data protection regulators such as the ICO in the UK)‍
• Public Interest Tasks: When permitted under GDPR for tasks performed in the public interest‍
• Safety Protection: To protect our users, service, or public safety (GDPR legitimate interests)‍
• Business Transfers: In case of merger, acquisition, or asset sale (with advance notice and ability to erase your data prior to transfer)‍
• Data Breach Incidents: Where required, we report certain incidents to relevant regulators and notify affected individuals in line with applicable law

5. Data Security

We implement comprehensive security measures:

5.1 Technical Safeguards

• Encryption: Encryption is used for data in transit (TLS) and at rest using industry-standard mechanisms provided by our cloud providers.
• Access Controls: Role-based permissions and email-based 2-factor authentication
• AWS Infrastructure: Cloud infrastructure providers maintain security certifications (for example, ISO 27001) and provide protective controls such as WAF (Web Application Firewall).
• AWS Control Tower: Multi-account governance with centralized security policies and guardrails
• Data Residency: We primarily store data in AWS Ireland (EU). Some processing may occur outside this region via vetted service providers under appropriate safeguards.
• Monitoring: Continuous security monitoring and incident response via AWS CloudWatch and Security Hub

5.2 Organizational Measures

• Staff Training: Regular privacy and security training‍
• Data Minimization: Collecting only necessary information‍
• Audit Procedures: Regular security assessments and improvements‍
• Incident Response: 72-hour breach notification procedures (GDPR compliant)

Security Assurance and Roadmap:

• We continuously review and improve our security controls as the product grows.
• We rely on mature security capabilities from our cloud providers (for example, encryption, monitoring, and access controls).
• Independent security assessments and additional certifications may be pursued as the Service expands.

6. Data Storage and Location

We primarily store your data in the European Union (Ireland). In some cases, data may be processed outside this region by vetted service providers (for example, for analytics, crash diagnostics, or AI processing) under appropriate safeguards and contractual protections.

• Storage Regions: AWS data centers in Ireland (EU) (primary)
• Processing: Document processing and metadata extraction is performed via secure services under strict data processing agreements‍
• International Processing: Where cross-border processing occurs, we apply appropriate safeguards (for example, encryption, access controls, contractual protections, and where applicable standard contractual clauses)‍

• Compliance: We aim to comply with applicable data protection laws (including UK GDPR and EU GDPR where they apply) and implement controls designed to protect your information.

7. Data Retention

We retain information only as long as necessary to provide the Service, meet legal obligations, resolve disputes, and prevent fraud/abuse. Retention can vary depending on the type of data and your requests (for example, deleting a document or requesting account deletion).

7.1 Retention Periods

• Account data: Kept while your account is active. If you request account deletion, we delete your account data subject to any required retention for legal, security, or fraud-prevention reasons.
• Documents and extracted metadata: Kept until you delete them or request account deletion, subject to backup retention and any required legal/security retention.
• Affiliate click history: Kept while your account is active (see Section 4.2.1). You can request deletion via support email.
• Analytics and diagnostics: We may keep aggregated or de-identified analytics longer to improve and protect the Service.
• Support communications: Kept as needed to respond to you and maintain support records.

7.2 Backup Retention Policy

• Why we keep backups: We may keep encrypted backups for a limited period for disaster recovery and service continuity.
• After deletion requests: When you delete content or request account deletion, deleted data may remain in backups for a limited period until backups cycle out.
• How to delete your account: You can delete documents in-app. If you want us to delete your account (and associated data) and you cannot do so in-app, contact us at support@alltoobusy.io (Subject: Privacy Request).

7.3 Dormant Account Policy

• Inactivity: If your account is inactive for a long period, we may contact you to confirm whether you want to keep using the Service.
• Future automation: If we introduce automated dormant-account deletion in the future, we will update this Privacy Policy and provide notice where required.

7.4 Deletion Process

• In-app deletion: You can delete documents and other content within the app. Some deletions (such as account deletion) may require additional verification.
• Account deletion support: If you want us to delete your account (and associated data) and you cannot do so in-app, contact support@alltoobusy.io (Subject: Privacy Request). We may need to verify your identity before processing the request.
• Secure disposal: We use secure deletion practices appropriate to the storage systems in use. Some data may persist for a limited time in backups (see Section 7.2).

8. Your Privacy Rights

8.1 GDPR Rights (EEA/UK Users)

• Access: Request copies of your personal data
• Rectification: Correct inaccurate information
• Erasure: Delete your data ("right to be forgotten")
• Restriction: Limit processing in certain circumstances
• Portability: Receive data in machine-readable format
• Objection: Opt out of certain processing activities

8.2 Exercising Rights

• Contact: support@alltoobusy.io (Subject: Privacy Request)
• Response Time: Within 1 month of request
• Identity Verification: Required for security
• Free Service: No charge unless requests are excessive

8.3 Complaints

• UK Users: Information Commissioner's Office (ICO)
• EU Users: Your local supervisory authority
• Other regions: You may have rights under your local privacy laws. Contact us and we will respond in line with applicable requirements.
• Our Commitment: Work with authorities to resolve concerns

9. Special Considerations

9.1 Sensitive Information in Documents You Upload

• Some documents you upload may contain sensitive personal information (for example, identity details, financial account references, or health-related information).
• We process this information only to provide the Service you request (document storage/organization and related features).
• Where special category data is involved (for example health information), we apply additional safeguards and, where required, rely on explicit consent.

9.2 Age Restrictions

• Age Suitability: Designed primarily for adults managing household paperwork and renewals
• Child Data: Immediate deletion if discovered

9.3 Affiliate Relationships

• Transparency: Clear disclosure of partner relationships
• User Choice: No obligation to use partner services
• Commission Tracking: Anonymous revenue attribution
• Quality Standards: Partners selected for user benefit and service quality

10. Updates and Changes

10.1 Policy Updates

• Notification: Email notice for material changes
• Advance Notice: 30 days for significant modifications
• Continued Use: Acceptance of updated terms
• Version History: Available upon request

10.2 Service Changes

• Feature Updates: Regular improvements and new capabilities
• Partner Changes: Additions or removals from partner network
• Data Practices: Any changes clearly communicated

11. Contact Information

11.1 Privacy Questions

• Email: support@alltoobusy.io (Subject: Privacy Request)
• Mail: Privacy Team, All Too Busy Solutions Limited, 30/34 North Street, Hailsham, East Sussex, BN27 1DW, United Kingdom

11.2 Data Protection Contact

• Email: support@alltoobusy.io (Subject: Privacy Request)
• Role: Privacy contact for data protection and account-related privacy requests
• Availability: Monday-Friday, 9 AM - 5 PM GMT

11.3 General Support

• Email: support@alltoobusy.io
• Response Time: Within 24 hours for privacy-related inquiries

12. Legal Framework (How This Policy Fits With the Law)

This Privacy Policy is intended to help meet our obligations under applicable privacy laws, including:

• UK GDPR for UK users
• EU GDPR for EEA users
• Other local privacy laws that may apply depending on where you live

All Too Busy Solutions Limited

30/34 North Street, Hailsham, East Sussex

United Kingdom, BN27 1DW