Your data, your control.

1) Who we are + contact

NippyAgent is a product operated by Nippy Agent Ltd (Company No. 16963969), registered in England and Wales at Suite 1-125, 39 Ludgate Hill, London EC4M 7JN. "NippyAgent" is a trading name. We are registered with the Information Commissioner’s Office (ICO) under registration number ZC091228.

Website: nippyagent.co.uk

Contact email: support@nippyagent.co.uk

Data protection contact: For any data protection queries, email support@nippyagent.co.uk. Nippy Agent Ltd is not required to appoint a Data Protection Officer under UK GDPR Article 37, as we do not carry out large-scale systematic monitoring or process special category data on a large scale.

2) What the product does

NippyAgent helps self-employed trades create quotes and invoices via WhatsApp and generates PDF documents based on the information you provide. Tradespeople may also generate payment links that allow their customers to view document details and confirm payment via a web portal.

3) Data we collect

We collect the following categories of information when you use NippyAgent:

A. WhatsApp account and messaging data

• Your WhatsApp phone number / WhatsApp ID (sender ID).
• Message content you send to us (commands, customer details, invoice/quote lines, totals).
• Message metadata such as timestamps and WhatsApp message IDs (used for deduplication and reliability).
• Delivery status data: we do not intentionally store WhatsApp delivery status beyond what is necessary to operate the service.

B. Business profile data

• Business name and address.
• Business phone number and email address (if provided).
• VAT settings (VAT enabled, VAT rate) and VAT number (optional).
• Bank transfer details if you choose bank transfer (bank name, account name, sort code, account number).

C. Customer records entered by you

• Customer name.
• Customer postcode.
• Optional customer address and phone number (only if you enter it).

D. Document data

• Quotes/invoices you create: line items, quantities, pricing, totals, VAT rate, discounts/deposits (where applicable).
• Generated PDFs and related metadata (for example file paths or hashes where applicable).

E. Voice and audio data

• If you send a voice note, it is temporarily processed to extract document details (job descriptions, prices, customer names).
• Voice notes are transcribed and structured by AI service providers operating under zero-retention API policies (data is not stored or used to train their models).
• We do not permanently store audio files. Once the document is created, the original voice data is discarded.

F. Billing data

• Subscription status (free/active), plan name, and usage counters.
• Stripe identifiers (customer/subscription IDs) used to manage billing.
• We do not store full card details. Payment card data is handled by Stripe.

G. Operational and security data

• Operational logs (errors, troubleshooting signals) to keep the service reliable.
• Abuse prevention signals such as rate limiting and deduplication records.
• IP address information may be processed by our hosting providers for website delivery and security.

4) Why we collect it and how we use it

• Provide the service: create quotes/invoices and generate PDFs.
• Store customer details inside each document you create (so the PDF contains the required information) and keep document history so you can resend documents.
• Manage billing and account status (subscriptions, usage).
• Prevent fraud and abuse (rate limiting, spam/abuse detection, security monitoring).
• Support and troubleshooting (support tickets and operator replies).

5) Legal basis (UK GDPR)

We process personal data under the following lawful bases (as applicable):

• Performance of a contract: to provide NippyAgent features you request.
• Legitimate interests: to keep the service secure, prevent fraud/abuse, and maintain reliability.
• Consent: for optional marketing communications. We ask for your consent during the WhatsApp onboarding process. If you are an active paid subscriber, we may also rely on the “soft opt-in” exception under PECR Regulation 22(3) to send you messages about similar products and services. You can withdraw consent at any time by replying STOP — see Section 13 below.

Providing your data is a contractual necessity. We cannot create your quotes and invoices without the information you provide (WhatsApp number, customer details, document content). If you do not provide it, we cannot deliver the service. Providing data is not a statutory obligation.

6) Who we share data with (sub-processors)

We use third-party providers to operate NippyAgent. Each operates under a Data Processing Agreement (DPA) or equivalent contractual safeguards.

• WhatsApp / Meta Platforms — message transport.
• Stripe — payments and billing.
• AI service providers — voice transcription and structured extraction (zero-retention API policies).
• Cloud database and storage providers — account, customer and document data (EU-hosted).
• Application and website hosting providers — EU-based.
• Operational caching and cookieless website analytics providers.

A current list of named sub-processors is available on request — email support@nippyagent.co.uk. We will not engage new sub-processors without updating that list. If a change materially affects how your data is processed, we will notify you via WhatsApp with at least 30 days’ notice.

7) Data retention

• Business profile, customers, and documents: retained while your account is active. After account closure or deletion, retained for up to 30 days for support and recovery, then permanently deleted.
• Billing and subscription records: retained for 7 years after your last payment to meet HMRC and Companies Act obligations.
• Consent records: retained for 7 years after consent is withdrawn (ICO accountability requirement).
• Session state: active session data is retained while in use. Idle sessions are automatically purged after 90 days.
• Application logs: retained for 30 days, extended to 90 days for security investigations.
• Conversation log (chat history): retained for 30 days then permanently deleted.
• Bug reports: retained for 90 days then permanently deleted.
• Automation logs: retained for 90 days for operational monitoring.
• Deletion audit records: a minimal record confirming deletion occurred is retained for 7 years for legal compliance.

You can request deletion at any time. See Data deletion instructions.

8) Deletion, subscription cancellation and refunds

If you request account deletion, we cancel any active subscription immediately and access ends immediately.

Deleting your data does not automatically issue a refund. If you believe you're eligible for a refund, we recommend submitting a refund request before deleting your data.

After deletion, we may retain a minimal billing ledger and a minimal account-deletion audit record to meet legal obligations and to resolve disputes, fraud investigations, and support requests.

9) Security measures

• TLS/HTTPS in transit.
• Access controls and least-privilege access for operational accounts.
• Encryption at rest where provided by our vendors.
• Security monitoring and logging for operational reliability.
• Payment card details are handled by Stripe and are not stored by us.

10) International transfers

Some of our service providers process data outside the UK:

• EU-based providers (covered by the UK adequacy decision for the EU).
• US-based providers (covered by the UK-US Data Bridge under the UK Extension to the EU-US Data Privacy Framework).

11) Your rights and how to exercise them

Under UK GDPR you have the right to:

• Access the personal data we hold about you (Art. 15).
• Rectify inaccurate data (Art. 16).
• Erase your data (Art. 17) -- see our Data deletion page.
• Restrict processing (Art. 18).
• Data portability (Art. 20).
• Object to processing based on legitimate interests (Art. 21).
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To make a request, email support@nippyagent.co.uk or follow the steps on our Data deletion instructions page. We aim to respond within 30 days.

12) Automated decision-making and profiling

We use automated tools to send you helpful messages based on your account activity (such as usage levels, onboarding progress and engagement patterns). This is profiling under UK GDPR, processed under the lawful basis of legitimate interests.

No automated decision is made that produces a “legal or similarly significant effect” on you, as described in UK GDPR Article 22(1). Specifically:

• We do not use profiling to decide whether to give you access to the service, set your pricing, or alter your contractual terms.
• We do not use profiling for credit decisions or creditworthiness assessment.
• We do not share profiling data with third parties for their own decision-making.
• The only outcome is that you may receive automated WhatsApp messages (tips, nudges, reminders, or check-ins). You can opt out at any time — see Section 13.

Safeguards

• Quiet hours: No automated messages are sent between 9 PM and 7 AM UK time.
• Daily limits: No account receives more than two automated messages per day.
• Opt-out respected: Every automated message respects your opt-out preference.

13) Your right to object to profiling

You have the right to object to profiling at any time, and we make it straightforward.

How to opt out

• Reply STOP to any automated message from NippyAgent. This immediately opts you out of all marketing and nudge messages.
• Send “STOP” as a regular message to NippyAgent on WhatsApp at any time — you don’t need to wait for an automated message first.
• Email us at support@nippyagent.co.uk and ask to be opted out.

What happens when you opt out

• You’ll stop receiving upgrade nudges, check-in messages, re-engagement reminders, streak notifications, and all other marketing-style automated messages.
• You will still receive essential service messages necessary to operate your account — for example, invoice payment reminders you’ve asked us to send on your behalf, subscription renewal notices, and payment failure alerts. These are part of the service, not marketing.
• Your profiling data is not deleted when you opt out — it simply isn’t used to send you messages. To delete your data entirely, see our Data deletion page.

How to opt back in

Reply START to NippyAgent on WhatsApp at any time. Your preference is updated immediately.

Further rights

Under UK GDPR Article 21, you have the right to object to any processing we carry out under legitimate interests. If you object and we cannot demonstrate compelling legitimate grounds that override your interests, we will stop the processing. To exercise this right, email support@nippyagent.co.uk.

If you’re unhappy with how we handle your request, you can lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

14) Children

NippyAgent is not intended for children under 16.

15) Updates to this policy

We may update this Privacy Policy from time to time. We will update the date at the top of this page and, where appropriate, provide notice through our website or WhatsApp.

16) Making Tax Digital (MTD) records

NippyAgent generates income records you can give to your accountant or import into MTD-compatible software. NippyAgent does not file with HMRC on your behalf. You remain responsible for ensuring quarterly updates are submitted to HMRC.

17) Use of AI

NippyAgent uses AI to transcribe voice notes and extract document details such as customer names, job descriptions and prices. AI processing is performed by service providers operating under zero-retention API policies (data is not stored or used to train their models). Your voice notes and extracted data are processed for the sole purpose of generating your documents.

Under the EU AI Act risk framework, this use does not fall into the high-risk or prohibited categories. The AI assists with structured data extraction from your own input. It is not used for biometric identification, credit scoring, employment decisions, or any other high-risk category. No automated decision is made that has a legal or similarly significant effect on you, your business or your customers (see Section 12).

You can opt out of AI-assisted voice processing at any time by typing your documents instead of sending voice notes. The typed flow uses no AI transcription.