Alvio Accounting IntelligenceAccounting Intelligence
UnifyAutomateGrowIntegrationsWhy ALVIOAbout
Sign inGet started
Get started
Legal hub

Processor terms

Data Processing & GDPR

How we process personal data on your behalf, in line with GDPR Article 28.

Last updated 23 June 2026

PDF

United Kingdom edition · registered entity

Alvio Group Limited

Companies House (England & Wales) · no. 17075553

Quest Accounting Services Ltd, Suite 106, The Pinnacle, 170 Midsummer Boulevard, Milton Keynes, England, MK9 1BP

Purpose of these terms

When an accounting firm uses Alvio to process personal data about its own clients, the firm is the controller and Alvio Group Limited is the processor. These terms set out how we process that data and form part of our agreement with you. They are designed to meet the requirements of Article 28 of the UK GDPR.

Subject matter and nature of processing

  • Subject matter — processing of personal data contained in the financial and business records you submit to the platform.
  • Duration — for the term of your subscription and any agreed retention period thereafter.
  • Nature and purpose — hosting, organising, analysing and producing deliverables from that data to provide the Service.
  • Categories of data subjects — your clients and their relevant contacts and individuals.
  • Types of personal data — contact details, financial and transactional data, and other data you choose to submit.

Processing only on your instructions

We process personal data only on your documented instructions, including the instructions inherent in your use of the Service, unless required by law to do otherwise (in which case we will inform you where permitted).

Confidentiality

We ensure that personnel authorised to process personal data are bound by appropriate confidentiality obligations and are trained on their responsibilities.

Security measures

We implement appropriate technical and organisational measures to protect personal data, as described in our Security & Trust statement, including encryption in transit and at rest, tenant isolation, least-privilege access control, logging and resilience.

Sub-processors

You authorise us to engage sub-processors to deliver the Service (for hosting, database, AI inference, email, payments, analytics and error monitoring). We impose data-protection obligations on each sub-processor that are no less protective than these terms, and we remain responsible for their performance. We maintain a current list of sub-processors and will give you notice of intended changes so you may object on reasonable data-protection grounds.

Assistance with data-subject rights

Taking into account the nature of the processing, we will assist you with appropriate measures to respond to requests from data subjects exercising their rights, and provide the tools needed to access, correct, export or delete data within the platform.

Personal-data breaches

We will notify you without undue delay after becoming aware of a personal-data breach affecting your data, and provide the information you reasonably need to meet your own notification obligations.

Data-protection impact assessments

We will provide reasonable assistance with data-protection impact assessments and prior consultation with a supervisory authority, where required and taking into account the information available to us.

International transfers

Where processing involves transferring personal data outside the United Kingdom, we put in place an appropriate transfer mechanism such as UK adequacy regulations or the ICO International Data Transfer Agreement / UK Addendum, with additional safeguards where required.

Return and deletion

On termination, and at your choice, we will delete or return the personal data we process on your behalf and delete existing copies, unless we are required by law to retain it.

Audits

We will make available the information reasonably necessary to demonstrate compliance with these terms and allow for and contribute to audits, subject to reasonable confidentiality and security conditions.

Entering into these terms

These terms apply automatically where you use Alvio to process personal data on behalf of your clients. If you require a signed data processing agreement for your records, contact info@alvio.io marked for the attention of the Privacy Team.

Governed by the laws of England and Wales. Switch the toggle above to read the European Union edition, or download either edition. Both editions are kept in step.

More from the legal hub

Company InformationThe registered entities behind the Alvio platform and how to reach us.Privacy PolicyWhat personal data we collect, why, the legal bases we rely on, and your rights.Terms of ServiceThe agreement that governs your use of the Alvio platform.Cookie PolicyThe cookies and similar technologies we use, and how to control them.Security & TrustThe technical and organisational measures that protect your data.AI & Data Usage PolicyHow Alvio uses AI, what happens to your data, and the controls that keep you in command.
Alvio · Accounting Intelligence

The AI-native operating system for accounting firms. Finished work, not another tool to manage.

Product

  • Unify
  • Automate
  • Grow
  • Integrations

Support

  • Support
  • Security
  • Status
  • Contact

Company

  • Why ALVIO
  • About
  • Sign in

Legal

  • Privacy
  • Terms
  • Cookies
  • Legal hub
© 2026 Alvio Labs. All rights reserved.
All systems operational