Terms of Service

Last updated: April 2026

Part A below governs your subscription to the TransactionX SaaS. Part B sets out the separate engagement terms that apply only when you instruct Wealth Recovery Solicitors Limited (“WRS”) to provide legal services to you. Schedule 1 is the Data Processing Addendum that forms part of Part A.

About us

• Operating company: Wealth Recovery Solicitors Limited (“WRS”, “we”, “us”)
• Registered in England and Wales, Company Number 11325165
• Registered office: Floor 6, 3 Hardman Street, Manchester, M3 3HF
• VAT number: 322119739
• Authorised and regulated by the Solicitors Regulation Authority, SRA ID 8000728
• General contact: info@wealthrecovery.co.uk
• Data protection: dpo@wealthrecovery.co.uk
• TransactionX support: Liam.benari@wealthrecovery.co.uk

Part A – TransactionX SaaS subscription terms

A1. The service

TransactionX is an online tool that ingests bank statements (in CSV or PDF) supplied by the customer and applies a combination of rule-based pattern matching and AI classification to help identify potentially crypto-related transactions and produce summary reports.

Outputs are indicative only. They may include false positives or false negatives and must be reviewed by a suitably qualified professional before being relied on for any legal, regulatory, tax, evidential or financial purpose. TransactionX does not provide investment, tax, accounting or legal advice. Use of the SaaS does not constitute the provision of legal services by WRS to you.

A2. Eligibility and account

• You must be at least 18 and able to enter into a binding contract.
• You must keep your account credentials confidential and notify us promptly of any actual or suspected unauthorised access.
• You are responsible for all activity carried out through your account.

A3. Subscription, billing and VAT

• The subscription fee is the price displayed at checkout (currently £145 per month for the Pro plan), exclusive of VAT. UK VAT is added at the prevailing rate where it applies.
• Your subscription begins when payment is first taken and renews automatically each month on the same calendar day until cancelled.
• Payments are processed by Stripe. By subscribing you authorise us to charge your nominated payment method for each renewal.
• If a payment fails, we may retry the payment, suspend access, and (after reasonable notice) terminate the subscription.
• We may change pricing on at least 30 days’ notice by email; changes take effect on your next renewal and you may cancel before then to avoid the new price.

A4. Cancellation, refunds and consumer cooling-off

You can cancel your TransactionX Pro subscription at any time. Full procedural detail (how to cancel from the dashboard, by email, what happens on cancellation, refund eligibility and consumer cooling-off rights) is set out in our Cancellation & Refund Policy, which is incorporated into these terms.

Headlines:

• How to cancel. From your account dashboard (Cancel subscription button) or by emailing Liam.benari@wealthrecovery.co.uk.
• When cancellation takes effect. At the end of the then-current monthly billing period; you keep access until that date.
• Refunds. Except where required by law, monthly fees are non-refundable and we do not pro-rate partial months.
• Consumer cooling-off (CCRs 2013). If you are an individual consumer, you have a 14-day right to cancel from subscribing. By starting to use the service in that period (e.g. uploading a statement) you expressly request immediate performance and acknowledge that, on completion of that performance, you lose your right to cancel under the Regulations. If you cancel within 14 days before any use, we refund the subscription fee in full.

A5. Customer warranties on uploads

You warrant and undertake that, in respect of each bank statement and any other personal data you upload:

• you have a lawful basis under the UK GDPR (and any other applicable law) to upload, process and have us process that data, including in respect of any individual other than yourself whose data appears in the statement;
• where required by Articles 13 or 14 UK GDPR, you have provided (or arranged for the provision of) appropriate privacy information to the relevant data subjects;
• you have any consents, authorisations or instructions necessary from your client or principal to use a third-party tool to process the data;
• you will not upload data subject to legal professional privilege belonging to a third party without authority, special-category data not necessary for the service, or content that is unlawful, defamatory or infringing; and
• you will keep your account credentials secure and notify us promptly of any actual or suspected unauthorised access.

A6. Acceptable use

You must not, and must not permit any user of your account to:

• use the service to process data in violation of any law or third-party right;
• upload material containing malware or attempt to circumvent the service’s security;
• reverse-engineer, scrape or extract the service other than as expressly permitted;
• resell, sublicense or provide the service to third parties as a service bureau without our written consent;
• use outputs as the sole basis for any decision that has legal or similarly significant effects on a person, without independent professional review.

We may suspend or terminate access for material breach (or without notice if necessary to protect the service or other users).

A7. Service levels and security

We will use commercially reasonable efforts to keep TransactionX available and to apply appropriate technical and organisational measures (including encryption in transit and at rest, role-based access controls, audit logging and row-level security on multi-tenant data stores). The service is provided on a reasonable-endeavours basis and we do not warrant that it will be uninterrupted, error-free, or that outputs will be complete or accurate. Maintenance windows and incidents may temporarily affect availability. Our published security posture is summarised on our Trust & security page.

A8. Data protection

For account, billing and marketing data we collect from you directly, we act as controller. For personal data contained in bank statements you upload in connection with your professional engagement with another person (your client or the subject of your investigation), you are the controller and we act as your processor on the documented instructions set out in our Privacy Policy, these terms and the Data Processing Addendum at Schedule 1. Our current sub-processors are listed at /legal/sub-processors.

A9. Intellectual property

We and our licensors retain all intellectual-property rights in TransactionX, including the underlying software, models, rule sets, dashboards and documentation. You retain all rights in the bank statements and other content you upload and in any reports generated for your matter, subject to a limited licence to us to host, process and display that content for the purposes of providing the service.

A10. Limitation of liability (SaaS)

Subject to the carve-outs below, our total aggregate liability arising out of or in connection with the TransactionX SaaS in any 12-month period is limited to the greater of (a) £5,000 and (b) the subscription fees you paid to us in the 12 months immediately preceding the event giving rise to liability. We are not liable for indirect or consequential loss, loss of profit, loss of business or loss of data (other than our obligation to maintain backups in line with our Privacy Policy). Nothing in these terms limits liability that cannot lawfully be limited (including for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or under section 2(3) of the Consumer Rights Act 2015 where you contract as a consumer).

A11. Term and termination of the SaaS

Either party may end the subscription at the end of any monthly billing period in accordance with section A4. We may terminate immediately on written notice if you materially breach these terms and (where capable of remedy) fail to remedy within 14 days. On termination, your access ends and the data-deletion timetable in our Privacy Policy applies.

A12. Changes to these terms

We may update these terms from time to time. Material changes will be notified by email and/or in-product notice at least 30 days before they take effect for existing subscribers; continued use after the effective date constitutes acceptance.

A13. Governing law and jurisdiction

Part A is governed by the law of England and Wales. The courts of England and Wales have exclusive jurisdiction, except that consumers may bring proceedings in the courts of the part of the UK in which they are domiciled.

Part B – Engagement terms for WRS legal services

B1. General

These terms set out the basis upon which our legal services will be provided and are to be read in conjunction with our Engagement Letter.

B2. People responsible for your work

The Engagement Letter notifies you of the person who will have day-to-day responsibility for your matter, the supervising person, and any others assisting. We may appoint suitably qualified replacements on notice.

B3. Scope of work

The Engagement Letter summarises your instructions and the work we will undertake. We are not responsible for matters outside that scope unless agreed in writing. We do not give tax advice unless specifically agreed.

B4. Service standards

We will keep you updated by telephone or email at appropriate intervals (the Law Society suggests no less than every six weeks), communicate in plain language, and update you on cost, risk and timescales as your matter progresses.

B5. Charges and expenses

Unless our charges are fixed by a Damages-Based Agreement (DBA), they are calculated mainly by reference to time spent (recorded in 1/10th-hour units) at the hourly rates set out in your Engagement Letter. Rates are reviewed at least annually. Disbursements (third-party fees and expenses) will be charged in addition. Estimates are guides only.

B6. Payment arrangements

We may request payment on account and may render interim invoices monthly or as agreed. Payment is due on presentation. We may charge interest at 8% on overdue invoices and recover costs of collection. We may suspend work and exercise a lien over papers and money on account if invoices are unpaid.

B7. Right to costs assessment

Under the Solicitors Act 1974 you have the right to a costs assessment. You may become liable for the costs of that assessment by Court Order.

B8. Your responsibilities

You must give clear, timely and consistent instructions, respond to requests promptly, and notify us if any information you have given is or becomes inaccurate, or if your circumstances change so you may be unable to pay our fees.

B9. Outsourcing

We may outsource typing or other work to third parties under confidentiality. Tell us if you object.

B10. Liability for charges

You remain primarily liable for our charges even if a third party has agreed to pay. Joint clients are jointly and severally liable.

B11. Confidentiality and conflicts

Information about you is confidential and will only be disclosed as required by law, with your authority, or to our auditors/insurers under appropriate safeguards. We will tell you if a conflict arises and may have to cease acting.

B12. Anti-money laundering

We are required to verify your identity and the source of your funds and may have to make money-laundering disclosures without notifying you. We do not accept cash. We will charge for AML work.

B13. Data protection

Personal data we process to provide legal services to you is processed in accordance with our Privacy Policy. The Data Protection Compliance Officer can be contacted at dpo@wealthrecovery.co.uk.

B14. Storage of papers

We may keep your file (paper or electronic) for up to six years after the final bill, after which we may destroy it. Original deeds are returned unless held in safe custody.

B15. Termination

You may terminate your instructions in writing at any time; we may stop acting on reasonable grounds and reasonable notice. On termination you remain liable for fees and expenses to the date of termination. Consumers contracting at distance have the cooling-off rights under the CCRs 2013.

B16. Limitation of liability (legal services)

Our total aggregate liability for the legal services in connection with any one matter is limited to £3,000,000. Liability for fraud, death/personal injury caused by negligence, or any other liability that cannot be limited by law, is unlimited. Claims must be commenced within six years of the cause of action.

B17. Other engagement terms

Additional standard terms (copyright in our work product, third-party referrals, third-party rights, cloud storage, scam-avoidance, communications, financial-services scope under the Law Society’s designated-professional-body status, equality & diversity, and Provision of Services Regulations 2009 disclosure) form part of our engagement terms and are available on request from info@wealthrecovery.co.uk or in the appendix to your Engagement Letter.

B18. Governing law

The legal-services engagement is governed by the law of England and Wales, with exclusive jurisdiction of the English and Welsh courts.

Schedule 1 – Data Processing Addendum (DPA)

This DPA forms part of Part A and applies whenever we process personal data on your behalf as a processor under UK GDPR Article 28. Capitalised terms have the meanings given in the UK GDPR.

1. Roles and scope

You (the Customer) are the Controller of personal data contained in the bank statements you upload and any related material you process through TransactionX in connection with your professional engagement with the data subject. WRS is the Processor for that data. WRS is the Controller for your account, billing and direct marketing data, which is governed by our Privacy Policy.

2. Subject-matter, duration, nature and purpose

• Subject-matter: hosted detection and reporting of potentially crypto-related transactions in bank statements.
• Duration: for the term of the subscription plus the deletion timelines in our Privacy Policy.
• Nature and purpose: ingestion, parsing, classification, generation of reports and audit trail, retention and deletion as instructed.
• Types of data: identification data of the account holder named on the statement (name, account number, sort code where present), transaction data (date, amount, currency, narrative/counterparty), derived classifications and metadata, and any other personal data the Customer chooses to upload.
• Categories of data subject: the Customer’s clients, the subjects of the Customer’s investigation, and any third parties named in the statements.

3. Customer instructions

We process Personal Data only on the Customer’s documented instructions, which are: (i) to provide and operate TransactionX as described in these terms and our Privacy Policy; (ii) to comply with our legal obligations; and (iii) to defend legal claims. Any other processing requires the Customer’s written instruction.

4. Confidentiality and personnel

Personnel authorised to process Personal Data are bound by confidentiality and trained in data-protection.

5. Security (Article 32)

Technical and organisational measures implemented include:

• encryption in transit (TLS 1.2+) and at rest;
• row-level security on the multi-tenant database so that one customer cannot read another’s data;
• role-based access control with least-privilege; admin actions audit-logged;
• secure software development practices (code review, dependency scanning, SAST);
• backups with documented restore procedures and a 35-day rolling retention window;
• logging and alerting on authentication, billing and admin events.

A summary is published on our Trust & security page; the underlying TOMs Evidence Pack is available under NDA.

6. Sub-processors (Article 28(2)–(4))

The Customer gives general written authorisation for the engagement of sub-processors. The current list is published at /legal/sub-processors. We will give at least 30 days’ notice of any addition or replacement and the Customer may object on reasonable data-protection grounds. We remain liable to the Customer for the acts and omissions of our sub-processors.

7. Data-subject rights assistance (Article 28(3)(e))

We will, taking into account the nature of the processing, assist the Customer by appropriate technical and organisational measures, insofar as is possible, to fulfil the Customer’s obligation to respond to data-subject requests under Chapter III UK GDPR. Where a data subject contacts us directly we will refer them to the Customer.

8. Assistance with security, breach notification and DPIAs (Article 28(3)(f))

We will assist the Customer in ensuring compliance with Articles 32–36 (security, breach notification, DPIAs and prior consultation), taking into account the nature of the processing and information available to us. We will notify the Customer without undue delay (and in any event within 72 hours of becoming aware) of any Personal Data Breach affecting the Customer’s data, with the information required by Article 33(3) so far as it is then available.

9. Deletion or return at end of services (Article 28(3)(g))

On termination of the subscription, at the Customer’s choice we will delete or return all Personal Data processed on the Customer’s behalf, and delete existing copies, in accordance with the deletion timetable in our Privacy Policy, unless retention is required by law.

10. Audits (Article 28(3)(h))

We will make available to the Customer all information necessary to demonstrate compliance with Article 28 and allow for and contribute to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer, on reasonable prior written notice and subject to confidentiality. To minimise disruption, the Customer will accept up-to-date third-party certifications, our most recent SOC-equivalent or ISO-aligned reports, and written responses to security questionnaires in lieu of on-site audit where these reasonably address the Customer’s concerns.

11. International transfers

Where Personal Data is transferred outside the UK to a country without an adequacy decision, the parties rely on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (or the IDTA), and we will implement supplementary measures where required by our Transfer Risk Assessment. Sub-processor locations and transfer mechanisms are listed at /legal/sub-processors.

12. Liability

The liability provisions in section A10 apply to this DPA.

Questions about Part A, Part B or this DPA: contact dpo@wealthrecovery.co.uk (data protection) or info@wealthrecovery.co.uk (general).