Sorted mascotSorted

Privacy Policy

Last updated: 20 March 2026

MySorted Ltd (“we”, “us”, “our”) operates the Sorted mobile application. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. What We Collect

We collect the following personal data when you use Sorted:

  • Account information: Name, email address
  • Business details: Business name, address, UTR number, VAT number
  • Receipt data: Images of receipts you scan, extracted merchant name, amount, date, and category
  • Invoice data: Client details, line items, amounts, payment status
  • Expense records: Categorised expense entries and mileage logs
  • Usage data: App interactions, device type, and crash reports

2. How We Use Your Data

We use your data to:

  • Provide and improve the Sorted app and its features
  • Process receipt images using AI to extract expense data
  • Generate invoices and send them to your clients
  • Calculate estimated tax liabilities
  • Send you HMRC deadline reminders and service notifications
  • Manage your subscription and process payments

Our lawful bases for processing are: performance of our contract with you (Article 6(1)(b)), our legitimate interests in improving the service (Article 6(1)(f)), and your consent where required (Article 6(1)(a)).

3. Third-Party Services

We use the following third-party services to operate Sorted:

  • Supabase: Database hosting, user authentication, and file storage (receipt images). Data is stored in EU-region servers.
  • Anthropic (Claude API): Receipt images are sent to the Claude Vision API for OCR processing to extract receipt details. Images are processed in accordance with Anthropic's data processing terms and are not used to train AI models.
  • Resend: Email delivery service used to send invoices to your clients on your behalf.
  • RevenueCat: Subscription management and payment processing coordination.
  • Apple App Store / Google Play Store: In-app purchase processing and subscription billing.

4. Data Storage and Security

Your data is stored securely in Supabase's EU-region servers. We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest
  • Row-level security policies ensuring you can only access your own data
  • Secure authentication via Supabase Auth
  • Regular security reviews of our infrastructure

5. Your Rights (UK GDPR)

Under the UK GDPR, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Data portability: Export your data in a machine-readable format
  • Restriction: Request we limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

You can export all your data and delete your account directly from the Settings screen in the Sorted app. For any other requests, contact us at support@mysorted.app.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete all associated personal data within 30 days, except where we are required by law to retain certain records (e.g., for tax or legal compliance purposes, up to 7 years).

7. Data Sharing

We do not sell your personal data to any third party. We only share your data with the third-party service providers listed above, solely for the purpose of operating the Sorted app.

8. Children's Privacy

Sorted is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from someone under 18, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via the app or email. Continued use of Sorted after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

MySorted Ltd
Email: support@mysorted.app

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.