MTD mandatory · April 2026
TapTax
Skip to main content
TapTax

Legal

Privacy Policy

Last updated: February 2026

1. Who we are

TapTax ("we", "us", "our") is a UK-based software service for sole traders and landlords. We are the data controller for personal data processed through taptax.co.uk and our mobile application. You can contact us at [email protected].

2. Data we collect

We collect only what we need to provide the service:

  • Account data — name, email address, and password (hashed) when you register.
  • Financial data — income, expense, and transaction records you enter or import via Open Banking.
  • Tax data — quarterly submission figures and HMRC filing history.
  • Device and usage data — IP address, browser type, app version, and pages visited, collected automatically via server logs and analytics.
  • Payment data — subscription status and billing history. Card details are handled entirely by our payment processor (Stripe) and never stored by TapTax.
  • Open Banking data — read-only access to bank transaction data via a regulated Open Banking provider. We never store your banking credentials.

3. How we use your data

  • To provide, operate, and improve the TapTax service.
  • To submit quarterly MTD updates to HMRC on your behalf when you instruct us to.
  • To calculate and display your estimated tax liability.
  • To process your subscription payments.
  • To send transactional emails (receipts, submission confirmations, account alerts).
  • To detect fraud, abuse, and security incidents.
  • To improve the service through aggregated, anonymised usage analytics — you will never be individually identifiable in analytics data.

4. Legal basis (UK GDPR)

  • Contract — processing necessary to deliver the service you signed up for (Art. 6(1)(b)).
  • Legal obligation — retaining financial records as required by UK law (Art. 6(1)(c)).
  • Legitimate interests — security monitoring, fraud prevention, and service improvement (Art. 6(1)(f)).
  • Consent — marketing emails, if you opt in. You can withdraw consent at any time.

5. Data sharing

We do not sell your data. We share data only with:

  • HMRC — quarterly MTD updates submitted at your instruction via HMRC's official APIs.
  • Stripe — for payment processing. Subject to their own privacy policy.
  • Open Banking provider — to retrieve your read-only bank transaction data.
  • Infrastructure providers — cloud hosting and database services, operating under data processing agreements with us.
  • Accountants — only if you explicitly grant them access via the Pro plan accountant access feature.

6. Data retention

We keep your account and financial data for as long as your account is active and for six years after closure, as required by HMRC record-keeping rules. You may request deletion of data not required for legal compliance by contacting us.

7. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion where no legal obligation to retain applies.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Restriction — limit how we use your data in certain circumstances.

To exercise any right, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.

8. Cookies

We use strictly necessary cookies for authentication and session management, and optional analytics cookies to understand how the service is used. You can manage cookie preferences via your browser settings. We do not use advertising or tracking cookies.

9. Security

We use industry-standard encryption (TLS in transit, AES-256 at rest) and enforce access controls to protect your data. We will notify you and the ICO of any data breach within 72 hours where required.

10. Changes to this policy

We may update this policy from time to time. We will notify you by email of material changes before they take effect. The latest version is always available at taptax.co.uk/privacy.

11. Contact

Questions about this policy? Email us at [email protected].