Privacy Policy

Preduzmi (preduzmi.com) is operated by 4xxi Software Ltd. (“we”, “us”, “our”), a company registered in England and Wales.

Registered address: 23 Leyborne Park, Kew Gardens, TW9 3HB, Richmond, United Kingdom

For the purposes of UK GDPR and the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti), we are the data controller.

Contact: [email protected]

Preduzmi is an accounting and tax compliance tool for Serbian lump-sum entrepreneurs (pausalni preduzetnici). It helps sole proprietors manage invoices, track bank transactions, monitor tax obligations, stay within regulatory revenue limits, and generate the mandatory KPO ledger book.

Important: Preduzmi is not a substitute for professional accounting, tax, or legal advice. It is a record-keeping and compliance tracking tool. Always consult a qualified accountant or tax advisor for decisions affecting your tax obligations.

Account data. When you sign up, we collect your name and email address. If you sign in with Google, we receive your name, email, and profile image from Google.

Business profile. You provide your business details: legal name, short name, address, registration number (matični broj), tax ID (PIB), activity code (šifra delatnosti), date of establishment, bank account number, and IBAN. This data is used to generate your KPO book and payment instructions.

Tax obligations. Monthly tax amounts (income tax, PIO, health insurance, unemployment), treasury account numbers, and payment references (BOP) — entered manually or extracted from uploaded tax resolutions.

Invoices. Invoice details you create or upload: invoice number, dates, amounts, currency, exchange rate, counterparty name and country, description, status, and notes.

Uploaded files. PDF and image files of invoices and tax office resolutions (rešenja) that you upload for AI-assisted data extraction.

Bank transactions. Transaction data imported from bank statement files (XML or CSV): date, amount, currency, payee name, account numbers, payment codes, references, and descriptions.

Session data. IP address, user agent, session tokens, and expiry timestamps — collected automatically for authentication and security purposes.

Strictly necessary cookies. We use only cookies essential for the website to function:

We do not use marketing, advertising, analytics, or third-party tracking cookies.

Marketing attribution. When you arrive at our website via a marketing link (e.g. from an email campaign or advertisement), we store the UTM parameters from the URL (source, medium, campaign, content, and term) along with the referring website address in your browser's localStorage. This data is transferred to your account record when you sign up, and is then removed from localStorage. We use this data solely to understand which marketing channels bring users to our service. It is not shared with third parties and is not used for cross-site tracking.

Voluntary correspondence. If you contact us by email, we process the personal data you provide for the purpose of responding to your enquiry.

We process personal data on the following lawful bases under UK GDPR:

• Contract performance (Article 6(1)(b)): processing your business data to provide the accounting and tax tracking service — invoice management, transaction categorisation, tax compliance monitoring, KPO book generation, and AI-assisted document parsing.
• Legitimate interests (Article 6(1)(f)): session data for website security and error diagnosis; application logs for monitoring service health.
• Consent (Article 6(1)(a)): if you voluntarily contact us, your correspondence is processed on the basis of your consent.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

When you upload invoices or tax office resolutions (rešenja) for automated data extraction, the document content (text and/or images) is sent to third-party AI providers for processing. We currently use:

• OpenAI (US-based) — Large Language Models for document parsing and data extraction.
• OpenRouter (US-based) — API gateway providing access to additional Large Language Models for document parsing.

The data sent to AI providers includes the content of uploaded documents (invoice text/images, tax resolution text/images) and system prompts that guide the extraction. Your name and email address are not sent to AI providers.

Uploaded documents may contain sensitive business information such as your tax ID (PIB), registration number, bank account details, and counterparty information. This data is transmitted to AI providers solely for the purpose of structured data extraction.

We do not use your data to train AI models. Our agreements with AI providers specify that data submitted via their commercial APIs is not used for model training.

We may change AI providers in the future. This Privacy Policy will be updated to reflect any such changes.

Application logs are sent to a self-hosted log aggregation service (Logoverse) operated by us. Logs may include user IDs and error details but are not shared with any third party.

Your data is stored on servers located in Amsterdam, Netherlands (DigitalOcean AMS3), within the European Economic Area. Uploaded files (invoices, tax resolutions) are stored in S3-compatible object storage on the same infrastructure.

All data access is scoped to the authenticated user — you can only see and modify your own data. Sessions are managed via signed cookies. Data is transmitted over TLS (HTTPS).

No method of transmission over the Internet or electronic storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

Your primary data (database, files) is stored in the Netherlands (EU). However, when you use AI-assisted document parsing, document content is transferred to AI providers based in the United States.

These transfers are made under Standard Contractual Clauses (SCCs) or equivalent safeguards approved under UK GDPR. Where providers are certified under the EU-US Data Privacy Framework, that certification may also apply.

Your account data, business profile, invoices, transactions, and tax obligations are retained for as long as your account is active. You can delete individual invoices and transactions at any time through the application.

To request deletion of your entire account and all associated data, contact us at [email protected].

Server logs are retained for up to one year. Uploaded files are retained for the lifetime of the associated invoice or tax obligation record.

Under UK GDPR and the Serbian Law on Personal Data Protection, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate personal data.
• Erase your personal data (“right to be forgotten”).
• Restrict processing of your personal data.
• Object to processing based on legitimate interests.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at [email protected]. We will respond within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with:

• Information Commissioner's Office (ICO) — ico.org.uk (UK supervisory authority)
• Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti — poverenik.rs (Serbian supervisory authority)

Preduzmi is a business tool intended for use by registered entrepreneurs. It is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from anyone under 18.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “last updated” date. Your continued use of the service after any changes constitutes acceptance of the updated policy.

For any privacy-related questions or requests:

Email: [email protected]

4xxi Software Ltd.
23 Leyborne Park, Kew Gardens
TW9 3HB, Richmond, United Kingdom