Freelax.

Trust & security

Your data is safe with us.

Freelax by Britnova protects your financial information with the same standards used by banks and enterprise SaaS — strong encryption, audited infrastructure, and strict access controls.

Last updated 22 April 2026

AES-256 at rest

All data encrypted with industry-standard keys

TLS 1.2+ in transit

Every request secured end-to-end

SOC 2 Type II

Infrastructure via Supabase, independently audited

UK & EEA only

Data stored in European data centres

Data encryption

Every byte you send to Freelax by Britnova is encrypted in transit using TLS 1.2 or higher. Once it reaches our infrastructure, it is encrypted at rest with AES-256 — the same algorithm trusted by governments and the financial industry.

Database backups, file uploads (receipts, logos), and payment-related metadata inherit the same encryption. Encryption keys are managed and rotated by our hosting provider.

Infrastructure

Freelax by Britnova is hosted on Supabase (database and auth) and Vercel (application layer). Both providers are SOC 2 Type II certified and maintain transparent, independently audited security controls.

Payment processing is handled exclusively by Stripe, which is PCI-DSS Level 1 compliant — the highest tier of payment-card data security. Freelax by Britnova never stores your card details on our servers.

Access controls

Every row of your data is protected by database-level Row Level Security (RLS). Another user cannot read, modify, or even detect your records — the database physically refuses to return them.

Internal access is limited to engineering staff on a strict need-to-know basis. All administrative actions are logged, reviewed, and require multi-factor authentication.

UK GDPR & compliance

Freelax by Britnova is built for UK users and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Your data is processed lawfully, stored only as long as necessary, and never sold or shared with advertisers.

Under UK GDPR you have the right to access, correct, port, restrict, and delete your personal data. See the Privacy Policy for full details on your rights.

Data location

Your data is stored in data centres within the European Economic Area. Freelax by Britnova does not transfer personal data outside the UK or EEA without appropriate safeguards — such as Standard Contractual Clauses and adequacy decisions — where such transfers are strictly necessary.

Export & deletion

You can export your full data at any time from Settings, or request a machine-readable copy by emailing support@freelax.co.uk.

Account deletion is a self-service action in Settings → Danger Zone. Deleted accounts and all associated personal data are erased within 30 days, aligned with UK GDPR requirements.

Bank details

Any bank details you add are used solely for display on invoice PDFs you send to clients. Freelax by Britnova does not access your bank account, does not initiate payments, and does not share your banking information with any third party.

Incident response

In the unlikely event of a security incident affecting your personal data, we will notify you and the Information Commissioner’s Office (ICO) without undue delay and within 72 hours, as required by UK GDPR. Our engineering team monitors infrastructure 24/7 and follows a documented incident-response playbook.

Contact

Questions about security, compliance, or data protection? Email security@freelax.co.uk. We aim to respond within two business days.

Built in the UK · Your data is encrypted and never sold.

SecurityPrivacyTermsContact