TaxBridgeUK
Making Tax Digital
Sign inStart Free

Privacy Policy

Last updated: 15 February 2026

1. Who We Are

TaxBridge UK Ltd ("we", "us") is the data controller for personal data processed through the TaxBridge service. We are registered in England and Wales.

Contact: hello@taxbridge.uk

2. Data We Collect

We collect and process the following personal data:

Account Data

  • Name and email address
  • Hashed password (if using email/password authentication)
  • Google account identifier (if using Google sign-in)

HMRC Connection Data

  • National Insurance Number (encrypted at rest)
  • HMRC OAuth tokens (encrypted at rest)
  • Business details retrieved from HMRC

Financial Data

  • Income and expense figures you submit
  • Uploaded spreadsheets (processed in memory, not stored)
  • Expense records and receipt images
  • Invoice details
  • Mileage logs

Technical Data

  • IP address, browser type, and device information (required by HMRC fraud prevention headers)
  • Usage data and session information

3. How We Use Your Data

  • Service delivery: Submitting quarterly updates to HMRC on your behalf
  • Tax estimates: Calculating estimated tax liability based on your submissions
  • Communications: Deadline reminders, submission confirmations, account notifications
  • Legal compliance: HMRC fraud prevention header requirements
  • Service improvement: Anonymised usage analytics

4. Legal Basis

  • Contract: Processing necessary to provide the Service you signed up for
  • Legal obligation: HMRC fraud prevention header collection
  • Legitimate interest: Service improvement and security
  • Consent: Marketing communications (you can opt out at any time)

5. Data Security

We take the security of your data seriously:

  • HMRC tokens and NINOs are encrypted at rest using AES-256-GCM
  • Passwords are hashed using bcrypt
  • All data is transmitted over HTTPS/TLS
  • Database hosted on encrypted infrastructure in the EU
  • Access controls and audit logging

6. Data Sharing

We share your data only with:

  • HMRC: Quarterly updates and fraud prevention data (as authorised by you)
  • Stripe: Payment processing (they are a PCI-DSS compliant processor)
  • Resend: Transactional email delivery

We never sell your personal data to third parties.

7. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Submission records: Retained for 7 years (HMRC record-keeping requirements)
  • Payment records: Retained for 6 years (UK financial regulations)

8. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data (subject to legal retention requirements)
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — for any consent-based processing

To exercise these rights, contact hello@taxbridge.uk.

9. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for full details.

10. Changes

We may update this Privacy Policy from time to time. We will notify you of material changes via email.

11. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.