Privacy Policy

TaxStats Ltd ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our TaxStats Source platform.

We are registered in England and Wales and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Personal Information

• Name and contact details (email address, phone number)
• Account credentials
• National Insurance number (for HMRC submissions)
• Unique Taxpayer Reference (UTR)
• Business information

Financial Information

• Income and expense records
• Bank transaction data (when connected)
• Receipts and invoices you upload
• Tax calculation data

Technical Information

• IP address and device information
• Browser type and version
• Usage data and analytics
• Cookies and similar technologies

We use your information to:

• Provide and maintain our tax filing services
• Process your quarterly and annual tax submissions to HMRC
• Automatically categorise your receipts and expenses using AI
• Calculate your tax obligations accurately
• Connect with HMRC on your behalf via their APIs
• Send you important updates about deadlines and submissions
• Improve our services and develop new features
• Comply with legal obligations

We process your personal data based on:

• Contract: To provide the services you've signed up for
• Legal obligation: To comply with tax and accounting regulations
• Legitimate interests: To improve our services and prevent fraud
• Consent: For marketing communications (which you can withdraw anytime)

We may share your information with:

• HMRC: For tax submissions as authorised by you
• Service providers: Cloud hosting, payment processing, and AI services
• Professional advisers: Lawyers, accountants, and auditors
• Regulatory authorities: When required by law

We do not sell your personal data to third parties.

We implement robust security measures including:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication
• Regular security audits and penetration testing
• SOC 2 Type II compliant infrastructure
• Employee security training and access controls

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Tax records are typically retained for 7 years in accordance with HMRC requirements.

You can request deletion of your account and data at any time, subject to our legal retention obligations.

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data
• Portability: Receive your data in a portable format
• Restriction: Limit how we use your data
• Objection: Object to certain processing activities
• Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@taxstatsai.com

Your data is primarily stored and processed within the UK and European Economic Area. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK ICO.

For privacy-related enquiries:

• Email: privacy@taxstatsai.com
• Data Protection Officer: dpo@taxstatsai.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.