BSB Management – Terms of Service

Effective date: [25 November 2025]

This Terms of Service (the “Terms”) govern how BSB Management Consultancy Limited (“BSB,” “we,” “our,” or “us”) provides accounts receivable follow‑up and related services to a business customer (“Customer,” “you,” or “your”). If we sign an Order Form, Statement of Work (SOW) or Proposal together, that document is incorporated and will prevail over any conflicting text here.

These Terms are written in plain English. Legal capitalised words are defined in Section 1.

1) Definitions

  • AR means accounts receivable activities for Customer’s invoices (e.g., reminder emails, tracking open/overdue invoices and documenting responses).
  • Customer Systems means tools owned or licensed by Customer (e.g., Stripe, Chargebee, QuickBooks, Xero, Upflow, email, Jira, vendor portals like Ariba/Coupa, bank portals), to which BSB is granted access.
  • Services means the services chosen by Customer (see Annex A) and any add‑ons we agree in writing.
  • Confidential Information has its usual meaning and includes Customer data in Customer Systems.
  • Data Protection Laws means UK/EU GDPR and applicable privacy laws.

2) Services and scope

2.1 Service model. BSB plugs into your tools. We act as a coordination and follow‑up layer using your email domain (e.g., ar@yourdomain.com) and limited‑permission accounts in your AR tooling. We never collect funds, hold customer money, or change billing/price settings.

2.2 Plans. The available plans are described in Annex A:

  • Lite AR Essentials – monitoring open/overdue invoices, sending smart reminders from Customer’s domain, tagging reply reasons, and weekly summaries.
  • Managed AR Ops – everything in Lite, plus pushing issues to your internal channel (AR/finance/ops), light coordination with customers (cc your AR inbox), and a playbook for terms/invoicing improvements.
  • AR + Portals & Onboarding – everything in Managed AR Ops, plus vendor portal monitoring (Ariba, Coupa, etc.) if access is provided, customer onboarding/vendor‑form assistance, and exception handling for high‑value invoices.

2.3 Add‑ons. Optional add‑ons appear in Annex A (e.g., operating your AR tool configuration, monthly insights report, one‑off recovery of old invoices).

2.4 Out‑of‑scope. We are not a law firm or debt collector, do not give legal/tax advice, do not accept or process payments, and do not act as your agent to sign contracts or waive rights. See Annex A for typical exclusions.

3) Customer responsibilities

3.1 Access & roles. You will provide BSB with individual, role‑based accounts and permissions in Customer Systems (and revoke them when the engagement ends). Where possible, use SSO and MFA. You remain responsible for tool licences.

3.2 Data & accuracy. You are the system owner and data controller. You decide which invoices are in scope. You remain responsible for invoice content, pricing/terms, and any approvals.

3.3 Email channel. You will provide a mailbox and/or group (e.g., ar@yourdomain.com) and a named user account (e.g., batu@yourdomain.com) for BSB. We keep the AR group cc’d for transparency.

3.4 Vendor portals / onboarding. If you ask BSB to submit information into third‑party portals or vendor onboarding forms, you must supply the information and confirm its accuracy. BSB will not certify, warrant or create records on your behalf without written instructions.

3.5 Cooperation. Timely responses from your team (e.g., about disputes, refunds, PO numbers, tax docs) are needed to keep cadence.

4) Access, security and use of data

4.1 Customer Systems first. Our default operating model is to work inside Customer Systems. We do not export or build a separate database of your customers or invoices.

4.2 Limited local storage. We use Google Workspace (email, Drive, Sheets) to manage the engagement. We do not copy invoice data out of your systems except (a) light working notes, (b) email content, or (c) reports produced for you.

4.3 Security measures. We maintain commercially reasonable technical and organisational measures (see Annex B) including MFA, device encryption, least‑privileged access, and secure password management.

4.4 Customer devices. If you provide a company device, data will remain on that device. Shipping/return costs are covered by you.

4.5 Deletion. On termination, we will (a) return or delete working notes we hold in Google Workspace, and (b) you will disable our access to Customer Systems. We may retain minimal records as required by law or to evidence Services performed.

5) Deliverables, cadence and success

5.1 Cadence. Unless otherwise agreed, we operate business days, UK hours. We keep an agreed reminder cadence and provide a weekly summary to finance.

5.2 No guarantee of collection. We cannot promise payment from Customer’s buyers. Our role is to pursue a structured, customer‑friendly process that accelerates cash without harming relationships.

5.3 Change control. Requests outside the plan (e.g., heavy vendor onboarding, complex dispute packs, extensive portal build‑outs) may require an add‑on or SOW.

6) Fees and payment

6.1 Fees. Fees are set out in the Order Form or Proposal. We typically bill monthly in advance, in GBP (£) unless agreed otherwise.

6.2 Payment terms. Invoices are due net 15 days to the bank account shown on BSB’s invoice. Late amounts may accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law. You are responsible for taxes (excluding BSB’s income taxes).

6.3 Price changes. We may adjust pricing at renewal or for significant scope changes (e.g., sustained invoice volume increases), following written notice.

7) Confidentiality

Each party will protect the other’s Confidential Information and use it only to perform these Terms. This duty survives termination.

8) Data protection (summary)

8.1 Roles. For personal data in Customer Systems, Customer is the data controller and BSB is a data processor acting on documented instructions.

8.2 DPA. The Data Processing Addendum in Annex C applies and is incorporated into these Terms.

8.3 Sub‑processors. BSB uses Google Workspace and other sub‑processors listed in Annex C. We remain responsible for our sub‑processors.

9) Third‑party services

Customer remains the contracting party with Stripe, Upflow and any other tools. Their terms govern those services. We can help configure and operate them under your instructions.

10) Warranties & disclaimers

We will perform the Services with reasonable skill and care. Except as stated, the Services are provided “as is,” and we disclaim implied warranties. We do not provide legal, tax or accounting advice, and do not act as a debt collector or payment processor.

11) Indemnities

11.1 By BSB. We will defend and indemnify you against third‑party claims alleging that our standalone materials (not your data or instructions) infringe IP rights, subject to normal exclusions.

11.2 By Customer. You will defend and indemnify BSB against claims arising from (a) your data or instructions, (b) your failure to comply with law, or (c) disputes with your buyers.

12) Limitation of liability

To the maximum extent permitted by law, neither party will be liable for indirect or consequential damages. Each party’s total liability for all claims is capped at the fees paid or payable to BSB in the 12 months prior to the event.

13) Term and termination

Either party may terminate for convenience with 30 days’ written notice. Either may terminate immediately for material breach if not cured within 14 days. On termination, each party will follow Section 4.5 (Deletion) and any off‑boarding steps we agree.

14) Non‑solicitation

During the engagement and for 12 months after, neither party will solicit the other’s employees who were materially involved, other than by general advertisement.

15) Independent contractor; compliance

We are an independent contractor and not your agent or employee. Neither party may bind the other. Each party will follow applicable laws (including anti‑bribery, sanctions and Data Protection Laws).

16) Miscellaneous

Governing law: England & Wales, courts of London. Notices must be in writing (email is sufficient). Neither party may assign these Terms without consent, except to an affiliate or in a reorganisation. Force majeure applies. If any part is invalid, the rest remains effective. The Order Form/SOW prevails over these Terms in case of conflict.

Annex A – Service description & scope

A1. Plans

Lite AR Essentials (typical scope)

  • Monitor open & overdue invoices
  • Send smart email follow‑ups from Customer’s domain (cadence agreed)
  • Read replies and tag reasons (late / dispute / missing PO, etc.)
  • Weekly summary back to finance

Managed AR Ops (adds to Lite)

  • Push issues to your internal channel (AR/finance/ops)
  • Light customer coordination (cc your AR inbox)
  • Playbook for terms & invoicing improvements

AR + Portals & Onboarding (adds to Managed)

  • Vendor portal monitoring (Ariba, Coupa, etc.) if access provided
  • Customer onboarding / vendor‑form assistance using Customer‑provided information
  • Exception handling for high‑value invoices (as agreed in writing)

Optional add‑ons (as agreed)

  • Operating/configuring your AR tool (e.g., Stripe, Upflow)
  • Monthly AR insights report (trends, cadence, blockers)
  • One‑off recovery of aged invoices

A2. Typical exclusions (apply to all plans)

  • Legal services, formal debt collection, regulatory filings
  • Accepting or processing payments
  • Changing billing/pricing/tax settings in your systems
  • Drafting or agreeing contractual terms with your buyers
  • Procurement/vendor due‑diligence author certifications (beyond filling forms with your data)
  • Building new integrations or custom software (unless agreed in writing)

A3. Collaboration model

  • BSB uses named accounts with MFA and least privilege
  • AR mailbox/group is kept in cc for transparency
  • Cadence and tone are customer‑friendly, brand‑appropriate

Annex B – Security measures (summary)

  • Device encryption, screen‑lock, and up‑to‑date OS/patching
  • MFA for Google Workspace and all Customer Systems where supported
  • Password manager; no plain‑text credential storage
  • Least‑privileged access; role‑based permissions; access reviews
  • Email/data handling: no bulk local exports; minimal working notes in Drive/Sheets
  • Remote‑wipe capability for devices that access Customer data
  • Incident response: notify Customer without undue delay of any confirmed personal‑data breach related to the Services

Annex C – Data Processing Addendum (UK/EU GDPR)

1. Roles & processing. Customer is Controller; BSB is Processor. BSB will process personal data only on documented instructions from Customer, to provide the Services, and as required by law.

2. Types of data; subjects; duration. Typical data: customer contact details (names, business emails, company names), invoice identifiers/amounts/status, message content. Data subjects: Customer’s buyers and staff. Duration: for the term of the Services and deletion per Section 4.5.

3. Processor obligations. BSB will (a) keep data confidential; (b) implement Annex B security; (c) assist Customer with data‑subject requests and DPIAs where reasonable; (d) notify without undue delay of a confirmed personal‑data breach; (e) delete or return personal data at end of Services; and (f) make information available to demonstrate compliance (subject to confidentiality).

4. Sub‑processors. BSB uses sub‑processors to deliver the Services, currently including Google Workspace (Google LLC) for email/Drive/Sheets. We will maintain a list on request and will impose data‑protection terms that are no less protective than this DPA. Customer authorises our use of such sub‑processors.

5. International transfers. Where personal data is transferred outside the UK/EEA, BSB will ensure an appropriate transfer mechanism is in place (e.g., UK International Data Transfer Addendum and/or EU Standard Contractual Clauses) with relevant sub‑processors.

6. Customer obligations. Customer will ensure it has a lawful basis and necessary notices to share personal data with BSB and will configure Customer Systems to limit access on a least‑privilege basis.

7. Audit. Upon reasonable notice, Customer may perform a remote audit of BSB’s compliance once per 12 months (or following a breach) by reviewing policy summaries and discussing controls with BSB. Any on‑site audit requires a separate agreement and cost coverage.

8. Liability. The liability terms in the main body of the Terms apply to this DPA.

End of Terms.

Scroll to Top