Is MagicBill free for UK freelancers?

Yes. MagicBill offers a free plan for UK freelancers that includes invoice generation, PDF downloads, and client management — no credit card required. Paid plans unlock unlimited invoices, custom branding, expense tracking, and team collaboration.

Is MagicBill HMRC compliant?

Yes. MagicBill generates HMRC-compliant invoices with all required fields including VAT registration numbers, tax breakdowns, and itemised line items — meeting UK invoicing requirements for sole traders and VAT-registered businesses.

Does MagicBill support VAT invoices?

Yes. MagicBill automatically generates VAT-compliant invoices that meet UK HMRC requirements, including VAT number display, per-line tax calculations, and full tax breakdowns on every PDF.

Can I track expenses with MagicBill?

Yes. MagicBill includes built-in expense tracking on the Business plan, allowing you to log expenses, attach receipts, and link costs to specific invoices — keeping all your business finances in one place.

Can my team use MagicBill together?

Yes. MagicBill's Business plan includes team collaboration features allowing up to 3 sub-users to manage invoices, expenses, and clients from a shared workspace.

Does MagicBill support multiple currencies?

Yes. MagicBill supports GBP, USD, EUR, JPY, PLN, BRL, TRY, CNY, NOK, and SAR — with correct currency symbols and decimal formatting for each locale.

How quickly can I create an invoice with MagicBill?

Most users create and send their first invoice in under 2 minutes. Fill in your client details, add line items, choose a template, and send the PDF directly from the app — no downloads or installs needed.

Privacy Policy | MagicBill

1. Who We Are

MagicBill is an online invoice generation and management platform operated at www.magicbill.co.uk. For the purposes of UK data protection law, MagicBill is the data controller responsible for your personal data.

If you have any questions about this policy or how we handle your data, please contact us at: privacy@magicbill.co.uk

2. What Data We Collect

We collect the following categories of personal data:

Data Type	Examples	Why We Collect It
Account data	Email address, full name, password (hashed)	To create and manage your account
Invoice data	Your business name, address, client names, line items, amounts	Core service functionality
Client/customer data	Names, email addresses, postal addresses you enter	To populate your invoices
Expense data	Descriptions, amounts, categories, receipt images	Business-tier expense tracking
Payment data	Billing interval, subscription plan, Stripe customer ID	To manage your subscription
Usage data	Pages visited, features used, timestamps	Service improvement and security
Technical data	IP address, browser type, device type	Security and fraud prevention
Communications	Emails you send us, support messages	Customer support

We never store your card details. All payment card processing is handled exclusively by Stripe. MagicBill only holds a Stripe customer reference ID.

3. Lawful Basis for Processing

Under UK GDPR Article 6, we rely on the following lawful bases for processing your personal data:

Contract (Art. 6(1)(b)) — Processing your account data, invoice data, and payment information is necessary to provide the MagicBill service you have signed up for.
Legal obligation (Art. 6(1)(c)) — We are required to retain certain financial records (invoices, transaction logs) for a minimum of 6 years to comply with UK tax law and the Companies Act.
Legitimate interests (Art. 6(1)(f)) — We process technical and usage data for security monitoring, fraud prevention, and service improvement. We have assessed that these interests do not override your rights.
Consent (Art. 6(1)(a)) — We will ask for your explicit consent before sending you marketing emails. You can withdraw consent at any time by clicking "unsubscribe" in any email.

4. How We Use Your Data

Providing, operating, and maintaining your MagicBill account
Generating, storing, and sending invoices on your behalf
Processing subscription payments via Stripe
Sending transactional emails (invoice delivery, account notifications)
Providing customer support
Detecting and preventing fraud and abuse
Improving and developing the service
Complying with legal obligations

5. Data Processors & Third Parties

We share your data only with trusted processors who are contractually bound to protect it. We have Data Processing Agreements in place with each of the following:

Processor	Purpose	Location	Safeguards
Supabase	Database, authentication, file storage	European Union	UK GDPR-compliant DPA, Standard Contractual Clauses
Stripe	Payment processing, subscription management	United States	UK extension to EU-U.S. Data Privacy Framework, Stripe DPA
Resend	Transactional email delivery	United States	Standard Contractual Clauses, Resend DPA

We do not sell your data. We do not share your data with advertisers or data brokers.

6. International Data Transfers

Your data is primarily stored in the European Union via Supabase. Some processors (Stripe, Resend) are based in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the ICO
Transfers under the UK-U.S. Data Bridge (where applicable)
Processor-specific adequacy mechanisms documented in their DPAs

7. Data Retention

Data Type	Retention Period	Reason
Account data (name, email)	Duration of account + 30 days after deletion	Contract necessity
Invoices & receipts	6 years + current year minimum	UK tax law / Companies Act
Payment records (Stripe refs)	6 years	Financial regulations
Usage & technical logs	13 months	Security / legitimate interest
Support communications	2 years after closure	Business records
Marketing consent logs	Until consent withdrawn or 5 years	PECR compliance

When you delete your account, we will remove your personal data within 30 days. Invoice and financial records subject to the 6-year legal hold will be retained in a restricted state and deleted once that obligation expires.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access (Art. 15) — Request a copy of the personal data we hold about you.
Right to rectification (Art. 16) — Ask us to correct inaccurate or incomplete data.
Right to erasure (Art. 17) — Request deletion of your personal data, subject to legal retention obligations.
Right to restrict processing (Art. 18) — Ask us to limit how we use your data.
Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format.
Right to object (Art. 21) — Object to processing based on legitimate interests.
Rights related to automated decisions (Art. 22) — MagicBill does not make automated decisions with significant legal effects.

To exercise any of these rights, contact us at privacy@magicbill.co.uk. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Cookies

MagicBill uses the following types of cookies:

Cookie Type	Purpose	Consent Required?
Strictly necessary	Authentication session, security tokens, CSRF protection	No
Functional	Your preferences (theme, language)	No
Analytics	Understanding how pages are used (Vercel Analytics)	No — aggregated, non-identifying
Marketing	We do not currently use marketing or advertising cookies	N/A

We do not use tracking pixels or third-party advertising cookies. Our analytics are privacy-friendly and do not identify individual users.

10. Data Security

We protect your data using the following measures:

All data is encrypted in transit using TLS (HTTPS)
Data at rest is encrypted by Supabase in the EU
Row-Level Security (RLS) is enforced at the database level — users can only access their own data
Passwords are never stored in plain text (handled by Supabase Auth)
Payment card data is never stored by MagicBill (handled exclusively by Stripe)
Access to production systems is restricted to authorised personnel only

In the event of a personal data breach that is likely to result in a risk to your rights, we will notify the ICO within 72 hours and affected users without undue delay.

11. Children's Data

MagicBill is intended for use by businesses and individuals aged 18 or over. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@magicbill.co.uk and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by displaying a prominent notice on the site at least 14 days before the changes take effect. The date at the top of this page reflects when it was last updated. Continued use of MagicBill after that date constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related queries, data subject requests, or complaints:

Email: privacy@magicbill.co.uk
Website: www.magicbill.co.uk

You also have the right to contact the UK supervisory authority: the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 | ico.org.uk