Last updated: February 2026
Thresholdy ("we", "us", "our") is a UK-based sole trader product operated under the domain thresholdy.co.uk.
We are the data controller for personal data processed through this service.
You can contact us regarding data matters at legal@thresholdy.co.uk.
Data: Email address.
Purpose: To notify you when Thresholdy launches or when your early access is ready.
Legal basis: Consent (Article 6(1)(a) UK GDPR).
Retention: Until you unsubscribe or request deletion, or 24 months from signup if no account is created.
Data: Email address, name (if provided), authentication credentials managed by Clerk.
Purpose: To create and manage your account and authenticate your access to the service.
Legal basis: Contract (Article 6(1)(b) UK GDPR) — necessary to provide the service you signed up for.
Retention: For the lifetime of your account, plus 30 days after deletion to allow recovery.
Data: Your Stripe restricted API key, stored encrypted using AES-256-GCM encryption. The plaintext key is never stored and is only decrypted in server memory when needed to fetch your transaction data.
Purpose: To read your transaction history from Stripe on your behalf and calculate your VAT position.
Legal basis: Contract (Article 6(1)(b) UK GDPR).
Retention: Until you disconnect your Stripe account or delete your Thresholdy account.
Data: Transaction amounts (in GBP), dates, customer country codes, currency, Stripe charge IDs, and transaction descriptions as returned by Stripe.
Purpose: To calculate your rolling 12-month VAT threshold position and provide the dashboard reporting features.
Legal basis: Contract (Article 6(1)(b) UK GDPR).
Retention: Rolling 12-month window, refreshed on each sync. Deleted when your account is deleted.
Data: Name, email address, and message content submitted via the support form.
Purpose: To respond to your support request.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR) — providing customer support.
Retention: 2 years from submission date.
Data: Page views, referring URLs, browser type, country, and device type. No personally identifiable information is collected. No cookies are used for analytics.
Purpose: To understand how the service is used and improve it.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR).
Provider: Vercel Analytics (cookieless, no consent required).
We do not sell your data. We share it only with the following third-party service providers who process it on our behalf:
Authentication and user account management
USA (Standard Contractual Clauses apply) · Privacy policy
Database hosting for transaction data, settings, and support tickets
EU (AWS eu-west-2) · Privacy policy
Hosting, deployment, and cookieless analytics
USA (Standard Contractual Clauses apply) · Privacy policy
Payment processing for your Thresholdy subscription (not your customers' Stripe data)
USA (Standard Contractual Clauses apply) · Privacy policy
Some of our service providers are based outside the UK (primarily the USA). Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) approved by the ICO.
You have the following rights regarding your personal data:
To exercise any of these rights, contact us at legal@thresholdy.co.uk. We will respond within one calendar month.
You also have the right to lodge a complaint with the ICO: ico.org.uk · 0303 123 1113.
We take reasonable technical and organisational measures to protect your data. Stripe API keys are encrypted at rest using AES-256-GCM. All data is transmitted over HTTPS. Access to production databases is restricted to authorised personnel only.
No method of transmission or storage is 100% secure. If you believe your data has been compromised, contact us immediately at legal@thresholdy.co.uk.
Thresholdy uses a small number of strictly necessary cookies set by Clerk to manage your authenticated session. These are essential for the service to function and do not require your consent under UK PECR.
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Our analytics provider (Vercel Analytics) is cookieless.
We may update this policy periodically. Material changes will be notified to registered users by email. The "last updated" date at the top of this page always reflects the most recent version.
For any privacy-related questions or data requests: legal@thresholdy.co.uk