Privacy Policy for Web Cashflow Forecast
Last updated: March 2026
This Privacy Policy explains how Christopher J Bell (“I”, “me”, “my”) collects, uses, stores, and protects your personal data when you use the Web Cashflow Forecasting web application (“the Service”).
I am committed to ensuring that your privacy is protected and that your personal information is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
Christopher J Bell
Yew Tree Barn,
Chilson, Chipping Norton,
OX7 3HU
2. Personal Data I Collect
2.1 Account Information
- Email address (provided through Azure Entra External ID authentication)
- Azure Entra External ID unique identifier (used as your account identifier)
2.1.1 Azure Entra External ID Authentication
Web Cashflow Forecast uses Azure Entra External ID to manage user authentication. This means that your login credentials and identity details are handled directly by Microsoft, and not stored by Web Cashflow Forecast itself. When you sign in, Microsoft provides a secure unique identifier and your email address so that I can create and maintain your user account. If you choose to close your Web Cashflow Forecast account, I delete all data associated with your Azure Entra ID within the 30–60 day retention window described in this policy. However, your Azure Entra ID remains part of Microsoft’s identity platform and is governed by Microsoft’s own terms and privacy policy. If you wish to delete or manage your Azure Entra ID, you must do so through your own Microsoft account settings, as Web Cashflow Forecast does not control the lifecycle of your Microsoft identity.
2.2 User-Entered Financial Data
- Financial information that you enter into the Service (e.g., income, expenditure, scenarios, forecasts).
This data is only linked to your Azure Entra External ID and email address. You choose what data to enter.
2.3 No Additional Personal Information
I do not collect names, addresses, phone numbers, demographic information, or any unnecessary personal data.
3. How Your Data Is Used
I use your data only for the following lawful purposes:
3.1 To Provide the Service
- Creating and managing your user account
- Allowing you to access, store, and manage financial information within the app
Lawful basis: Performance of contract
3.2 To Communicate With You
Only functional (non‑marketing) messages:
- Welcome messages
- Account/security notifications
- Subscription renewal reminders
- Important service updates
Lawful basis: Legitimate interests and/or Performance of contract
3.3 Payments
Payments are processed by Stripe.
- I do not receive or store any payment card information.
- Stripe may collect billing details directly from you.
Lawful basis: Performance of contract
3.4 Security and Fraud Prevention
Azure Entra External ID authentication ensures secure access control.
Lawful basis: Legitimate interests
4. Cookies and Tracking Technologies
The Service uses only essential cookies required for:
- Secure login
- Maintaining your session
- Protecting access to your account
I do not use:
- Marketing cookies
- Tracking cookies
- Analytics cookies that identify users
A simple Cookie Policy will be provided explaining that only essential cookies are used.
5. Data Storage Location
Your data is stored on Microsoft Azure in the following regions:
- UK South / UK West
No data is stored outside the UK unless explicitly migrated by Azure under UK‑GDPR‑approved safeguards (e.g., Standard Contractual Clauses).
6. How Your Data Is Protected
I use industry‑standard technical measures, including:
- Azure Entra External ID for secure authentication
- Encrypted storage for financial data
- HTTPS for all data transfers
- Microsoft Azure’s security infrastructure
Only minimal personal data is stored.
7. Payments via Stripe
Stripe acts as a separate Data Processor for handling your subscription payments.
I do not store:
- Credit/debit card details
- Billing addresses
- Payment tokens
Stripe may store these according to its own Privacy Policy.
Your Web Cashflow Forecast account stores only a reference that a subscription exists.
8. Retention Policy
8.1 Data You Enter Into the Service
- You may delete all your financial data yourself before closing your account.
- After account closure, all remaining financial data will be automatically deleted within 30 to 60 days.
8.2 Account Information (Email + Entra ID)
Azure Entra External ID accounts are managed through Microsoft.
Your identifier may persist within Azure’s identity system, but:
- Once your Web Cashflow Forecast account is deleted, your Entra ID is no longer linked to any financial data.
- Your email is removed from Web Cashflow Forecast’s records during the 30–60 day deletion window.
I do not control or delete your Entra ID itself — it remains part of Azure’s identity platform unless you remove or update it in your own Microsoft account settings.
8.3 Payment Records
I maintain minimal Stripe subscription metadata solely for:
- Accounting obligations
- Fraud prevention
- Legal compliance
These records do not include payment card details.
9. Your Rights
Under UK GDPR, you have the right to:
- Access your data
- Correct inaccurate data
- Request deletion (“right to erasure”)
- Object to processing
- Request data portability
- Lodge a complaint with the ICO
To exercise any rights, contact:
contact@webcashflow.co.uk
10. Third-Party Service Providers
Your data may be processed by:
- Microsoft Azure (hosting + authentication)
- Stripe (payments)
All providers are contractually bound to comply with UK GDPR requirements. No other third parties receive your data
11. Changes to This Policy
If this Privacy Policy changes, I will update the date at the top of this page.
Important changes will be communicated via email or an in‑app notification.
12. Contact
If you have questions about privacy or data protection, please send a message via our Contact page.
Christopher J Bell
Yew Tree Barn, Chilson, Chipping Norton, OX7 3HU