Privacy Policy and Your Data Rights
Last updated 10th October 2025
This section provides a clear explanation of how My Tax Digital handles your data, focusing on transparency, security, and your legal rights as a user. Our commitment is to provide a free, secure MTD service while strictly adhering to UK tax law and data protection legislation (GDPR).
Your Ownership and Control
- You Own Your Data: You, the user, maintain full ownership and continuous access to all financial records, tax documents, client information, and personal data you enter into My Tax Digital. We simply provide the secure software to manage it.
- Data Export (Portability): You have the right to easily download and export most of your data. Use the Export CSV functions in the Transactions and Contacts sections to create secure backups at any time.
Information We Collect
We only collect information strictly necessary to provide the free MTD service, maintain your account security, and comply with UK tax legislation.
| Data Type | What We Collect | Why We Collect It |
|---|---|---|
| Identity Data | Name, email address, encrypted password, and your chosen Two-Factor Authentication (2FA) method. | Required for registration, maintaining login security, and verifying your identity. |
| Tax & Financial Data | VAT Registration Number (VRN), National Insurance Number (NINO), Unique Taxpayer Reference (UTR), all transaction records, invoice details, and calculated bank account balances. | Required for MTD compliance, accurate record-keeping, and enabling tax submissions to HMRC. We do not store your bank login credentials. |
| HMRC Records | VAT obligations and liabilities, and ITSA quarterly/annual summaries pulled securely from HMRC. | Required for displaying your deadlines, current tax status, and calculating estimated tax liabilities. |
| Usage Data | Activity logs (log-in times, submission records) and Google Analytics data (if consented to). | Required for security auditing, troubleshooting errors, improving app performance, and protecting against fraudulent activity. |
Security Measures and Data Sharing
We implement multiple layers of security to protect your sensitive financial data:
- Encryption: All data exchanged is secured using HTTPS (TLS) encryption. Your stored financial data is also secured with encryption at rest.
- Mandatory 2FA: Two-Factor Authentication is mandatory for all accounts, adding a critical second step to the sign-in process.
- Sharing with HMRC: We only transmit the required summary figures (e.g., VAT boxes, ITSA totals) to HMRC when you explicitly click the 'Submit' button, granting us permission to act on your behalf.
- AIsha Tax Assistant: When you use the AIsha feature, your query is securely processed to generate a tax guidance response. Your input is not retained or used to train the AI model.
- Support Verification: Our support staff will not discuss account-specific data unless you provide a unique, temporary Support Token that you generate while logged into your profile. This is a strict policy implemented for your protection.
Data Retention and Deletion Rights
- Tax Records Retention: We are legally required to retain your core financial transaction data and tax submission history for a minimum of seven (7) years from the end of the last tax period they relate to.
- Dormant Accounts: If your account is inactive for one year (12 consecutive months), we will notify you before deleting all associated data.
- Account Deletion: If you request to close your account, your data is marked for permanent deletion. The data may remain on our secure systems for up to 35 days before it is completely purged.
Cookies
We use small text files called cookies to ensure the website functions correctly:
- Strictly Necessary Cookies: These are essential for core functions, such as maintaining your secure login session.
- Analytics Cookies: Used by Google Analytics to track site usage for improvement purposes. You will be given the option to opt-out of these cookies when you first visit the site.
