Terms & Conditions / DPA
Spread Terms and Conditions
Last updated: 3 July 2025
​
1. About Us
1.1 These terms and conditions (“Terms”) govern your access to and use of the software-as-a-service provided by Spread Software Limited (company number 16564312, registered in England & Wales), whose registered office is at: The Coach House, 5 West Street, Leighton Buzzard, LU7 1DA (“Spread”, “we”, “us”, “our”).
1.2 By accessing or using the Spread service (“Service”), you enter into an agreement with us and accept these Terms. If you do not agree, you must not use the Service.
​
2. Definitions
For these Terms:
· “Customer” means the legal entity or individual that subscribes to use the Service.
· “User” means any individual authorised by the Customer to use the Service.
· “Subscription” means the plan selected by Customer under which the Service is provided.
· “Documentation” means any published user guides, help files or online materials associated with the Service.
​
3. Service Provision & Access
3.1 We provide the Service to you in accordance with these Terms and the Subscription selected.
3.2 You shall:
(a) ensure that all Users comply with these Terms;
(b) be responsible for all activity under your account;
(c) provide us with accurate and complete registration information and update it as necessary.
3.3 We may modify, suspend or discontinue the Service (or any part) at any time with reasonable notice (where practicable) for maintenance, upgrades or security.
3.4 You acknowledge that the Service may require integration with third-party platforms (such as accounting software). You are responsible for maintaining any such third-party account and the connectivity.
​
4. Subscription, Fees & Payment
4.1 Subscription fees (“Fees”) are as set out in the order or plan selected, payable in advance monthly (or as specified).
4.2 Fees exclude VAT or other taxes unless otherwise stated.
4.3 Unless cancelled earlier in accordance with clause 5, the Subscription automatically renews for successive periods until terminated.
4.4 If any payment is overdue, we may suspend access to the Service without liability until payment is made.
​
5. Cancellation & Termination
5.1 You may cancel the Subscription at any time (via your account, accounting system subscription or our support) and your access will continue until the end of the then-current billing period.
5.2 We may terminate or suspend your access immediately if you breach these Terms or the Customer’s account is inactive for a prolonged period.
5.3 On termination or expiry:
(a) you must cease all use of the Service;
(b) you may request data export within 7 days; after which we may delete or archive your data.
​
6. Intellectual Property Rights
6.1 All rights, title and interest in and to the Service (including code, Documentation, graphics, underlying technology) remain with Spread or its licensors.
6.2 You retain ownership of your data (input or uploaded by you). We grant you a non-exclusive licence to use any output in connection with your internal business purposes.
​
7. Data Protection & Privacy
7.1 You remain the “Controller” for any personal data you submit. We act as a “Processor” (as defined under the UK GDPR and Data Protection Act 2018).
7.2 Our data processing activities are governed by the Data Processing Addendum (DPA) which forms part of these Terms.
7.3 You warrant that you have lawful basis for the processing of personal data and that any data you upload is processed in accordance with applicable data protection laws.
​
8. Service Level (availability, support)
8.1 We aim to provide the Service with 99.8% uptime (excluding scheduled maintenance and third-party outages).
8.2 Support is provided during our standard hours, Monday to Friday, 9am to 5pm (excluding public holidays). We do not guarantee support outside these hours. Requests received outside these hours will be handled on the next business day.
8.3 We are not liable for downtime or performance failures caused by third-party systems or internet connectivity outside our control.
​
9. Limitation of Liability
9.1 Nothing in these Terms shall limit liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability which cannot be excluded by law.
9.2 Subject to clause 9.1, our total aggregate liability to you under or in connection with these Terms shall not exceed the Fees paid by you in the preceding 12 months.
9.3 We shall not be liable for any indirect, incidental, consequential or special damages, including loss of profits, loss of business, loss of data or business interruption.
9.4 We are not liable for delays, failures or losses arising from third-party systems, including Xero or your internet service provider.
9.5 Any uptime figures or service level targets are aims only and are not guarantees.
​
10. Warranties & Disclaimers
10.1 We warrant that the Service will materially conform to the Documentation.
10.2 Except as expressly stated, the Service is provided “as is” and we disclaim all other warranties, whether express or implied (including fitness for a particular purpose, non-infringement, accuracy).
​
11. Confidentiality
Each party shall treat the other’s Confidential Information as strictly confidential, use it solely to perform its obligations, and not disclose it except to employees/agents subject to confidentiality obligations or to the extent required by law.
​
12. Governing Law & Jurisdiction
These Terms shall be governed by and construed in accordance with the laws of England and Wales and each party submits to the exclusive jurisdiction of the English courts.
​
13. Miscellaneous
13.1 We may update these Terms from time to time; updates will be notified and you may be given the right to terminate if you do not agree.
13.2 If any provision is found void or unenforceable, it will be severed and the remaining terms remain in force.
13.3 You may not assign your rights under these Terms without our prior written consent; we may assign our rights freely.
13.4 No third party has the right to enforce these Terms under the Contracts (Rights of Third Parties) Act 1999.
​
​
Spread Data Processing Addendum
Last updated: 3rd July 2025
Parties:
-
Controller: The Customer, as defined in the Subscription Agreement.
-
Processor: Spread Software Limited (“Processor”), registered in England & Wales (Company No. 16564312).
1. Subject-Matter & Duration
1.1 Subject-Matter of Processing: The Processor will process personal data that you upload or process through the Service for the purposes of providing the Service (automated accounting workflows, integrations, data storage, etc).
1.2 Duration: The duration of the processing is limited to the term of the Subscription and any retention period thereafter as specified in the Privacy Policy.
​
2. Nature & Purpose of Processing
The Processor shall process personal data on behalf of the Controller, acting only on documented instructions (including those in the Subscription Agreement and this DPA). The purpose is to enable the Controller to use the Service (including capture, storage, retrieval, processing and export of accounting data) and to maintain and support the Service.
​
3. Type of Personal Data & Categories of Data Subjects
3.1 Types of Personal Data: names, email addresses, business identifiers, accounting transaction details, usage metadata and other categories submitted by the Controller or Users.
3.2 Categories of Data Subjects: individuals whose personal data is included in the accounting/financial records uploaded or processed by the Controller, and Users of the Service.
​
4. Processor Obligations
4.1 Processor shall implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. This includes encryption, access controls, logging, incident response, vulnerability management and regular audits.
4.2 Processor shall ensure that persons authorised to process the personal data have committed themselves to confidentiality and are subject to binding obligations.
4.3 Processor shall only process personal data on documented instructions from the Controller (which include these DPA terms and the Subscription Agreement).
4.4 Processor will assist the Controller in responding to data subject requests (access, erasure, etc) insofar as is reasonably feasible.
4.5 Processor shall notify the Controller without undue delay and in any event within [Insert, e.g., 72 hours] of becoming aware of a personal data breach affecting the Controller’s data.
4.6 On termination of the processing, the Processor shall, at the choice of the Controller, return or delete all personal data processed on behalf of the Controller and certify to the Controller that it has done so, unless applicable law requires retention.
​
5. Sub-Processors
5.1 Controller authorises the Processor to engage sub-processors (e.g., hosting, infrastructure) subject to the same obligations for protection of personal data. Processor shall maintain a list of current sub-processors and provide to Controller on request.
5.2 Where Processor engages a sub-processor, it shall ensure that the contract with each sub-processor imposes the same data protection obligations as set out in this DPA.
​
6. Audit & Inspection
The Controller may, on reasonable notice, audit or request evidence of the Processor’s compliance with this DPA (e.g., security certification, penetration testing summary, audit reports) subject to confidentiality obligations.
​
7. International Transfers
Where personal data is transferred outside the UK/EEA, the Processor shall ensure adequate safeguards (such as standard contractual clauses, binding corporate rules, or approved codes) are in place to protect the transferred data in accordance with UK GDPR.
​
8. Governing Law & Jurisdiction
This DPA is governed by and construed in accordance with the laws of England and Wales.
​