Get in touch

Legal

Privacy Policy

Boa Esperanca Group Ltd  ·  Last updated: April 2026  ·  Effective immediately

Contents
  1. 1. Who we are
  2. 2. Data we collect
  3. 3. EveryPound app — data and storage
  4. 4. How we use your data
  5. 5. Data sharing & service providers
  6. 6. International data transfers
  7. 7. Data retention
  8. 8. Your rights
  9. 9. Children's privacy
  10. 10. Cookies
  11. 11. Security
  12. 12. Contact us

1. Who we are

Boa Esperanca Group Ltd ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. We are a small family-run holding company registered in England and Wales, operating Villa Boa Esperanca (a private holiday rental on Milos, Greece) and publishing EveryPound, an iOS application available on the Apple App Store.

This privacy policy explains how we look after your personal data when you visit our website, contact us directly, book the villa, or use the EveryPound iOS app.

For data protection enquiries, contact us at: enquiries@boaesperancagroup.com

2. Data we collect

We collect only the minimum data necessary to provide our services and operate our business. Depending on how you interact with us, this may include:

  • Contact information: name, email address, and any other details you provide when contacting us directly.
  • Enquiry and correspondence data: the content of messages or emails you send us.
  • Website usage data: anonymised analytics about how visitors use our website. No personally identifiable information is stored.
  • Booking and reservation data: if you book Villa Boa Esperanca, we collect information required to process your reservation. Where bookings are handled via Airbnb or third-party platforms, those providers' separate privacy policies apply.

For data collected specifically through the EveryPound iOS application, see Section 3 below.

3. EveryPound app — data and storage

When you use the EveryPound app, we collect the minimum amount of data necessary to provide the service. As a matter of principle, we do not sell, rent, or trade your personal or financial data to third parties under any circumstances.

Identity and financial data

  • Identity data: your email address, used for sign-in. Authentication is via secure passwordless "Magic Link" or, optionally, email + password.
  • Financial data: user-inputted asset balances, property values, debt records, income entries, and any other financial information you choose to enter into the app. This data is fully controlled by you at all times.
How your data is stored and protected: Your financial data is stored securely using enterprise-grade cloud infrastructure (Supabase, EU region). We employ Row Level Security (RLS) policies to ensure your financial data is strictly siloed and can only be accessed by you or authenticated members of your specific household. No employee of Boa Esperanca Group or any third party has access to your financial records.

The multi-user sync feature allows household members to share a live financial view within the same secured boundary. Only users explicitly linked to your household via the in-app pairing flow can access shared data.

Ask Addy — AI financial coach

EveryPound offers an optional AI-powered financial coach feature called "Ask Addy". When you send a message to Addy, we transmit the following to xAI Corp (United States), the provider of the underlying language model, solely for the purpose of generating a response in real time:

  • A summarised snapshot of your financial position (aggregate net worth figures, account and debt categories, monthly contribution totals)
  • The content of your message

Under our API agreement with xAI, this data is not retained for model training, is not linked to your email address or name, and is discarded by xAI once the response is generated. We do not store Ask Addy conversations on our servers — they exist only in your device's memory during an active session and are discarded when you close the app or end the session. You can use EveryPound's core net worth, monthly Board Meeting, and tax analysis features without ever using the AI coach.

Subscriptions and in-app purchases

EveryPound offers optional paid tiers (Plus and Pro). Subscription billing is handled entirely by Apple through the App Store — we never see, receive, or store your payment card details. To validate active subscriptions and keep premium features unlocked, we use RevenueCat (RevenueCat, Inc., United States). RevenueCat receives only:

  • An anonymous identifier we generate (derived from your Supabase user ID)
  • The App Store receipt provided by Apple

RevenueCat does not receive your email address, your name, or any financial data you enter into the app. Manage or cancel subscriptions at any time in Settings → Apple ID → Subscriptions on your device.

Push notifications

If you enable notifications, the app generates an anonymous Apple Push Notification service (APNs) token. We use this token only to deliver in-app reminders (such as monthly Board Meeting prompts scheduled at the time you chose) and support-message alerts. We do not use push tokens for marketing, advertising, or cross-app tracking.

Diagnostic logs

The app records a small amount of anonymised diagnostic information (screen transitions, non-fatal errors, feature usage counts) to help us identify and fix issues. These logs are tied to your user ID so we can investigate problems you report to us, but they contain no financial data and no free-text content from anything you've typed into the app. Logs are retained for 90 days.

Account deletion: You can permanently delete your EveryPound account at any time from within the app — open the menu (top-right), scroll to the bottom, and tap Delete Account. Deletion is immediate, permanent, and cannot be undone. If you are the sole member of your household, your entire household and all its data is wiped. If other household members remain, only your profile and personal records are removed; the household continues for the other members. You can also request deletion by emailing enquiries@boaesperancagroup.com.

4. How we use your data

We use the data we collect for the following purposes:

  • To respond to your enquiries and communicate with you.
  • To process bookings and reservations for Villa Boa Esperanca.
  • To provide and improve the EveryPound iOS application and its features.
  • To validate in-app purchases and keep paid subscription features unlocked.
  • To deliver reminder and support notifications you have opted into.
  • To send relevant updates or information where you have consented to receive them.
  • To improve our website through anonymised analytics.
  • To comply with our legal and regulatory obligations.

We process your data on the basis of: legitimate interest (responding to enquiries, managing client relationships, diagnosing technical issues), contractual necessity (service delivery, subscription management, and app functionality), and consent where applicable (notifications, optional AI coach).

5. Data sharing & service providers

We do not sell your personal data. We do not share your data with third parties for marketing purposes. We share data only with the following categories of service providers, each under a written data processing agreement that requires them to protect your data to the same standard we do:

  • Supabase (Supabase Inc., United States) — our primary cloud infrastructure provider. Hosts your account record and all financial data you enter into EveryPound, under Row Level Security policies that limit access to you and your household members.
  • RevenueCat (RevenueCat, Inc., United States) — validates in-app purchase receipts and manages subscription entitlements. Receives only an anonymous identifier and your Apple-issued receipt; does not receive your email, name, or financial data.
  • xAI (X.AI Corp, United States) — provides the language model behind the optional Ask Addy coach. Receives only the summarised financial snapshot and message content you send when you use Addy; does not retain this data for training.
  • Apple Push Notification service (Apple Inc., United States) — delivers reminder and support notifications to your device when enabled.

We may also share data in the following limited circumstances:

  • Legal compliance: where required by law, regulation, or court order.
  • Business transfers: in the unlikely event of a sale or restructuring of our business, data may transfer as part of that transaction, subject to the same protections outlined in this policy.

6. International data transfers

Some of the service providers listed in Section 5 (Supabase, RevenueCat, xAI) are based in the United States. Where your personal data is transferred outside the United Kingdom, we rely on one of the following safeguards, as approved by the UK Information Commissioner's Office, to ensure an equivalent level of protection:

  • The UK International Data Transfer Agreement (IDTA), or
  • The EU Standard Contractual Clauses with the UK International Data Transfer Addendum.

You can request a copy of the transfer mechanism in place for any specific provider by emailing enquiries@boaesperancagroup.com.

7. Data retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law.

  • Enquiry and contact data: up to 2 years after last contact, unless an ongoing client relationship exists.
  • EveryPound app data: retained for as long as your account is active. Upon account deletion, all personal and financial data is permanently purged from our servers, typically within 24 hours.
  • Subscription records: minimal purchase validation records held by RevenueCat are retained for the lifetime of the subscription plus any legally-required tax reporting period.
  • Ask Addy conversations: not retained by us. Not retained by xAI for training under our API agreement.
  • Diagnostic logs: 90 days.
  • Booking records: up to 7 years for financial and legal record-keeping obligations.
  • Anonymised analytics: retained indefinitely in aggregated, non-identifiable form only.

8. Your rights

Under UK GDPR and applicable data protection law, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate or incomplete data.
  • Right to erasure: to request deletion of your data. For EveryPound users, this includes complete purging of all financial data from our servers — available directly in-app from the menu.
  • Right to restrict processing: to request we limit how we use your data.
  • Right to data portability: to receive your data in a structured, machine-readable format.
  • Right to object: to object to processing based on legitimate interests.
  • Right to withdraw consent: at any time, where processing is based on your consent.

To exercise any of these rights, contact us at enquiries@boaesperancagroup.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Children's privacy

EveryPound is intended for adults managing household finances and is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at enquiries@boaesperancagroup.com and we will delete the data promptly.

10. Cookies

Our website uses cookies to support basic functionality and anonymised analytics. We do not use cookies for advertising or cross-site tracking purposes.

  • Essential cookies: required for the website to function correctly.
  • Analytics cookies: anonymised data used to understand how the site is used and improve it. No personally identifiable information is stored.

You can control or disable cookies via your browser settings. Disabling essential cookies may affect website functionality. The EveryPound iOS application does not use browser cookies.

11. Security

We take appropriate technical and organisational measures to protect your personal data. These include:

  • HTTPS encryption across all web properties and in transit between the app and our servers.
  • Enterprise-grade cloud infrastructure with Row Level Security (RLS) for all EveryPound financial data.
  • Passwordless "Magic Link" authentication option for EveryPound, eliminating password-related vulnerabilities.
  • Optional device-level Face ID, Touch ID, or passcode lock inside the app for an extra layer of protection.
  • Strict access controls ensuring only authenticated household members can access shared financial data.
  • Written data processing agreements with all third-party service providers.

No method of transmission over the internet is 100% secure. If you have concerns about the security of your data, please contact us immediately at enquiries@boaesperancagroup.com.

12. Contact us

For any questions, concerns, or requests relating to this privacy policy or your personal data:

Boa Esperanca Group Ltd
London, United Kingdom
Email: enquiries@boaesperancagroup.com
Registered in England and Wales

We may update this policy from time to time. The "last updated" date at the top of this page reflects any changes. EveryPound app users will be notified of material changes via the app or the email associated with their account. Continued use of our website or app following an update constitutes acceptance of the revised policy.