ERPLY BOOKS PRIVACY POLICY

Effective Date: 05.06.2025
 Version: 2.0

INTRODUCTION

Margn OÜ (registry code: 12141533, “ERPLY Books”, “we”, “us”, or “our”) values the privacy and security of your personal and business data. This Privacy Policy outlines in detail how we collect, process, use, disclose, store, and safeguard your data when you use our software, applications, websites, or related services. This policy is specifically designed to align with the General Data Protection Regulation (EU 2016/679 – GDPR) and relevant data protection laws in the European Union.

We are committed to transparency and ensuring that your rights are respected. By using our Services, you agree to the practices described in this Privacy Policy. If you disagree with any part of this document, you should refrain from using our Services.

APPLICABILITY

This Privacy Policy applies to all platforms and services operated by ERPLY Books, including:

  • The ERPLY Books accounting and financial platform;

  • The Purchase Inbox module used for automated document processing;

  • Our primary domain erplybooks.com and all its subdomains;

  • Any downloadable software, mobile apps, or desktop applications developed by us;

  • All ERPLY Books APIs, plug-ins, or embedded third-party integrations;

  • Webinars, user onboarding portals, and training environments provided directly by ERPLY Books.

It is important to note that this Privacy Policy does not govern third-party websites, tools, or services that may connect with ERPLY Books. Users are encouraged to review those third parties’ privacy policies independently.

DATA CONTROLLER AND PROCESSOR ROLES

Under GDPR, there is a legal distinction between a “Data Controller” (who decides why and how data is processed) and a “Data Processor” (who processes data on behalf of the Controller). ERPLY Books generally acts as:

  • Data Processor: when processing Customer Data—meaning data input, uploaded, or managed through the platform by our customers.

  • Data Controller: when processing account data for purposes such as billing, authentication, support, marketing (if opted in), and system administration.

 

DATA WE COLLECT

CUSTOMER DATA (Controlled by the Customer)

This refers to all information uploaded, entered, or synchronized by the user or organization using our Services. It includes:

  • Identity Information: such as user names, email addresses, and organization names;

  • Financial Data: such as bank statements, invoices, journals, accounting entries, and reports stored or generated through the platform;

  • HR or Client Records: including payroll data, personal identifiers of employees or clients, and sensitive internal company documents;

  • Uploaded Content: any documents, scanned files, contracts, or media you choose to store on our platform.

OTHER INFORMATION (Collected Automatically by ERPLY Books)

This includes information gathered from usage of the platform:

  • Log and Usage Data: e.g., IP addresses, login times, types of actions performed (e.g., invoice creation);

  • Technical Metadata: such as device type, operating system, browser type, screen resolution, and language settings;

  • User Preferences and Profiles: including saved settings, feature usage frequency, and feedback provided;

  • Cookies and Trackers: which collect behavioral data as explained further in Section 13.

DATA USE AND SYSTEM LEARNING NOTICE

In order to deliver better functionality, performance, and personalization, ERPLY Books may use certain types of collected information to enhance and evolve its platform through machine learning and system intelligence.

The following types of data may be used in our internal learning processes:

  • User Input Data: For example, categorization of transactions or how users structure their reports may be analyzed to improve automatic suggestion features.

  • Behavioral Metadata: e.g., how often users access certain features or how documents are edited can be used to identify inefficiencies or pain points in the system.

  • Structured Financial Patterns: e.g., tax rates used, invoice formats, or common accounting codes may help the system better support automation.

  • Knowledge Base Contributions: Aggregated user behavior and anonymized content may be used to create general advice, error prevention, and improved onboarding guidance for all users.

All processing is conducted under our legitimate interest in improving our Services (GDPR Art. 6(1)(f)).

We ensure that:

  • No personally identifiable information (PII) is included in learning sets without explicit consent;

  • All data used for this purpose is anonymized and/or aggregated;

  • The information is never shared externally or sold;

  • Processing is solely for product improvement and user benefit, not profiling or automated decision-making with significant legal effects.

If users have concerns or objections, they may contact info@erplybooks.com.

PURPOSES OF DATA PROCESSING

We process your data for the following detailed reasons:

  • To provide the contracted Services to you (including logins, access management, and storage);

  • To manage financial transactions, billing, subscriptions, and account history;

  • To respond to customer support inquiries and technical issues;

  • To ensure compliance with applicable tax, accounting, and legal regulations;

  • To develop and test new features, tools, or service modules based on anonymized usage data;

  • To detect unauthorized access, ensure secure environments, and prevent fraud;

  • To fulfill legal requests, court orders, or regulatory obligations where necessary.

LEGAL BASIS FOR PROCESSING

We rely on the following legal bases from the GDPR for data processing:

  • Performance of a contract (Art. 6(1)(b)) — to deliver and manage the service you subscribed to;

  • Compliance with legal obligations (Art. 6(1)(c)) — e.g., retaining financial records for audits;

  • Legitimate interest (Art. 6(1)(f)) — for product development, system security, and support;

  • Consent (Art. 6(1)(a)) — where applicable, such as for marketing communications.

DATA SHARING AND DISCLOSURE

We do not sell your data. We only share it under the following conditions:

  • Internally with your organization’s authorized users (e.g., administrators);

  • With subprocessors (e.g., hosting providers, payment processors) under strict data agreements;

  • With third-party tools you explicitly authorize (e.g., banks, analytics tools);

  • With auditors, regulators, or tax authorities when legally required;

  • During a merger, acquisition, or internal restructuring, with proper confidentiality protections;

  • With consent, or under lawful basis, when disclosure is necessary to protect rights or comply with legal processes.

DATA RETENTION

  • Your Customer Data is retained as long as you have an active agreement or subscription. Upon termination, it is deleted unless retention is required by law.

  • System metadata and logs are retained as needed to audit service performance, prevent abuse, and support dispute resolution.

  • Aggregated or anonymized insights (e.g., usage statistics) may be retained indefinitely for analytical and benchmarking purposes.

INTERNATIONAL DATA TRANSFERS

If we transfer your data outside of the EU/EEA, it is protected through:

  • Standard Contractual Clauses;

  • Transfers to countries with adequate protection decisions by the EU;

  • Binding agreements and verification of equivalent protections.

SECURITY MEASURES

To protect your data, we apply a layered security model including:

  • Encrypted data transfers via SSL/TLS protocols;

  • Multi-factor authentication and strict access control policies;

  • Physical security at data centers;

  • Regular penetration testing and monitoring;

  • Frequent backups and disaster recovery procedures.

YOUR RIGHTS UNDER GDPR

You have rights regarding your personal data:

  • Access: Request a copy of your stored data;

  • Rectification: Correct any inaccuracies;

  • Erasure: Request deletion where applicable (Right to be Forgotten);

  • Restriction: Limit processing in specific scenarios;

  • Portability: Receive your data in a transferable format;

  • Objection: Opt out from certain processing operations (e.g., marketing);

  • Lodge complaints: With your national Data Protection Authority.

Contact: info@erplybooks.com

 

COOKIES AND TRACKING

We use cookies and similar tools to:

  • Remember your login and settings;

  • Provide secure session functionality;

  • Track usage for improvement;

  • Enable optional integrations.

You can control cookies via your browser. Details are in our separate Cookie Policy.

 

THIRD-PARTY INTEGRATIONS

When you connect a third-party tool (e.g., Google Drive, bank API), you are agreeing to that provider’s privacy terms. ERPLY Books is not liable for their data use. Always review their privacy policies before enabling any integration.

DATA EXPORT AND DELETION

Upon your written request, we provide:

  • A structured export of your data (CSV, Excel, or other supported formats);

  • Secure deletion of your account data, unless otherwise required for legal reasons.

Data will be permanently deleted 40 days after subscription expiry or service cancellation, unless an extended retention is requested by law.

CHANGES TO THIS POLICY

We may update this policy to reflect legal, technical, or operational changes. When updates are significant, we will notify you via email, dashboard notifications, or banners.

Continued use of our Services after updates signifies acceptance of the revised Privacy Policy.

CONTACT


Margn OÜ
 Email: info@erplybooks.com
Address: Salu tee 2/10-2, Lohkva küla Luunja vald Tartumaa 62207