The integrity of Smac is determined by its Security and Privacy policies hence we do not compromise on handling any information that goes through us.


‘Primary User’

is a user who registers (creates primary account) with Smac and creates an ‘organisation’ within their primary account where all the financial information about their business is recorded. For the purpose of this text, we may sometimes call our ‘Primary User’ simply as ‘User’.
When we say ‘you’, ‘your’, ‘yours’, we will be referring to a registered person, primary user and/or additional user.


is a type of sub-account created within a main account to record financial information of a particular business. A primary user can create multiple organisations (sub-accounts) within his primary account.

‘Additional User’

is a user created by a ‘Primary User’ within an ‘Organisation’ who would be able to access and change the information added within that ‘Organisation’ and will have same rights as the ‘Primary User’ in respect of that ‘Organisation’.

‘We’ or ‘Us’ or ‘Our’ or ‘Smac’

is Smac Links Ltd which is registered and operating from the UK.


is any individual or entity that does not fall within the scope aforementioned definitions.


‘Personal Information’
is any information that identifies a Smac user (primary or additional) or by which a user’s identity can be determined reasonably.

Personal information collected at the point of registration includes name, address, postcode, contact number and email address.

Password created by a primary user at the point of registration is encrypted and not shared with anyone else, not even with Smac. In case a user forgets the password, they will request a password renewal via email and a link to update their password will be sent to same email address that is stored in Smac user information.

Once the registration is completed, a user can add ‘organisation’ which will then open up all the features of the software. The information collected at this point includes:

  1. Legal name of the organisation;
  2. Display name of the organisation;
  3. Description of the organisation. this description is written by the organisation creator which may include what type of business is that organisation about;
  4. Financial year End date;
  5. Check box for Accrual basis or Cash basis. This check box just tells us if the organisation is using accrual-based accounting or cash-based accounting.

From this point, once the organisation is created, Smac customer support staff cannot see any financial data related to that organisation being recorded. However, our accounts managers/administrators will monitor usage of the users by collecting the following information;

  1. Number of transactions being recorded in the organisation;
  2. The size of data being uploaded in the organisation.

We may communicate through email with our users from time to time for new updates or respond to queries from user. All email communications will be used for internal monitoring and statistical use. The information shared within the emails will not be shared with a third party without a consent of the user or unless required by law for disclosure.

How we collect your data

Most of the data is shared by yourself through our registration process. Besides that, we can collect personal data from various sources which may include (but not limited to) our website visits, device types, IP addresses, cookies, email communications, telephone calls, social media, and other public or non-publicly available sources.

The data collected from the above sources will only be used:

  • For legal, regulatory or disputed matters, or
  • To provide and enhance our services, or
  • to form a contract, or  
  • where we have your consent.

If you feel that your data has been used by us or any of our subscribers which should not have been used, please contact us straight away and we will try to resolve the matter urgently.

How is your data used?

We use your personal data to operate our business, to provide our services, and to manage our relationship with you. We also use your personal data for other purposes, which may include (but not limited to) internet protection, reviews, feedbacks, surveys, dealing with complaints, technical support, trainings, advertisements and to analyse our business performance.

Unintended personal information received by us

There can be instances where we receive information we did not ask for. In such instances any unsolicited personal information received about our users will be reviewed to determine if that information is reasonably necessary for our operations retain and if we are permitted to hold the information in the same way as other information the user has directly provided to us. If we can we will handle the information in the same way as we do with other information received for a user. If not, the information will be destroyed or de-identified.


The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax related or accounting requirements).

We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with law our data retention policies. Following that period, we’ll make sure it’s deleted or anonymised.


There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:

  • third party service providers and partners
  • regulators, law enforcement bodies, government agencies, courts or other third parties to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
  • an actual or potential buyer (and its agents and advisors) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
  • other people where we have your consent.


Smac is registered in the United Kingdom, however our users can also be based in other countries. Our firm complies with UK GDPR rules which is an assurance in itself, however where we disclose your personal data to a third party within the UK or in any other country where we are managing our operations, we put reasonable safeguards in place to ensure your personal data remains protected.


If a customer wishes to make a complaint about this Policy or our collection, use or disclosure of personal information, they should contact us in the first instance. We will investigate the complaint and try and resolve the complaint directly with our customer.

For the purpose of filing a complaint, please email it to