Privacy Policy — TaxSwipe

Last updated: March 22, 2026

            TaxSwipe helps UK sole traders manage Making Tax Digital compliance. We take the privacy of your financial data seriously. This policy explains exactly what we collect, why, and how it is protected.
        

1. Who We Are

TaxSwipe is developed and operated by FinMedTech. We are the data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Email: hello@finmedtech.co.uk

2. What Data We Collect

2.1 Personal Information

Email address — for account creation and communication
Full name — for profile identification
Business name — for tax records
National Insurance Number — required for HMRC Making Tax Digital submissions
Password — stored as a one-way bcrypt hash; we cannot read your password

2.2 Financial Information

Bank transactions — imported via PDF upload, CSV import, or manual entry
PDF bank statements — uploaded files are processed using dual-engine verification for accuracy and temporarily stored; automatically deleted after parsing
Transaction categorisations — business vs personal, HMRC expense categories
Income and expense data — calculated from transactions
Tax calculations — Income Tax and National Insurance contributions

2.3 HMRC Integration Data

HMRC OAuth tokens — to submit quarterly returns on your behalf (encrypted)
HMRC Business ID — fetched from HMRC Business Details API
Submission records — quarterly MTD submission history and HMRC references

2.4 Technical Data

Authentication tokens — stored securely on your device; cleared on logout
Biometric preference — enabled/disabled flag stored in device secure storage only; we never receive biometric data itself
Device information — operating system and app version
Subscription status — whether you have an active Premium or Pro subscription (for freemium features)

2.5 What We Do Not Collect

We do not collect your location
We do not collect device identifiers or advertising IDs
We do not use analytics or tracking SDKs
We do not store bank login credentials (you upload PDF statements directly)
We do not permanently store PDF files (deleted after parsing)

3. How We Use Your Data

We use the collected data for the following purposes:

Provide and maintain our service — account management, transaction import, categorisation
Process PDF bank statements — extract transactions from uploaded PDFs using dual-engine verification for accuracy
Calculate tax liability — Income Tax and National Insurance calculations based on UK tax rates
Submit to HMRC — quarterly Making Tax Digital submissions on your behalf
AI categorisation — improve expense categorisation accuracy using Anthropic Claude (only transaction descriptions and amounts are sent; no personal identifiers)
Manage subscriptions — process Premium/Pro tier subscriptions and apply usage limits (PDF imports, AI categorizations)
Customer support — respond to your requests and provide assistance
Comply with legal obligations — HMRC reporting requirements, data protection laws

4. Third-Party Services

4.1 PDF Processing

PDF bank statements are processed using dual-engine verification for accuracy
Text extraction and AI visual verification ensure reliable transaction data
Both engines must agree for high-confidence results; discrepancies are flagged for review
PDFs are temporarily stored during processing and automatically deleted after extraction

4.2 HMRC (Tax Submissions)

UK Government tax authority
Receives quarterly MTD submissions on your behalf
We store OAuth tokens to submit on your behalf (encrypted)
You can disconnect from HMRC at any time via Settings
HMRC Personal Information Charter

4.3 Anthropic (AI Categorisation)

Provides Claude AI for expense categorisation suggestions
Only transaction descriptions and amounts are sent (no personal identifiers)
Privacy policy: anthropic.com/privacy

4.4 Supabase (Cloud Infrastructure)

Stores your profile, transactions, and submissions
Manages user authentication
Data encrypted at rest and in transit (HTTPS)
Privacy policy: supabase.com/privacy

4.5 Apple / Google

If you make a purchase through the app, payment is processed entirely by Apple (App Store) or Google (Play Store). We do not receive or store your payment card details. We receive only a confirmation of subscription status.

5. Data Security

Encryption in transit — all data transmitted via HTTPS/TLS
Encryption at rest — database encryption via Supabase
Passwords — stored using industry-standard one-way hashing (we cannot read your password)
Biometric authentication — Face ID/Touch ID for app access
Secure token storage — OAuth tokens encrypted in database
Database isolation — strict access controls ensure users can only access their own data
PDF processing security — uploaded PDFs are processed in isolated Supabase Edge Function environment and automatically deleted after extraction
No credential storage — we do NOT store bank login credentials; you upload PDF statements directly

6. Data Retention

Active accounts — data retained while your account is active
Deleted accounts — all personal data permanently deleted from our servers when you use Settings → Delete Account
HMRC submissions — retained for 6 years to comply with UK tax record-keeping requirements
PDF files — automatically deleted immediately after transaction extraction (not stored permanently)
Subscription data — retained while subscription is active; deleted 30 days after cancellation

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Access — request a copy of all data we hold about you
Rectification — correct any inaccurate data
Erasure — delete your account and all associated data at any time via Settings → Delete Account, or by contacting us
Restriction — request we limit how we process your data
Portability — export your data in a machine-readable format
Objection — object to processing of your personal data
Withdraw consent — disconnect HMRC or cancel subscription at any time

To exercise any right, contact us at hello@finmedtech.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk.

8. Freemium Model & Usage Limits

TaxSwipe offers both free and premium tiers. We track the following to enforce usage limits:

Free tier users — number of PDF imports per month (2 PDFs/month limit) and AI categorizations per month (50/month limit)
Premium/Pro users — subscription status and renewal date

Usage limits reset monthly. We do not sell or share your usage data with third parties.

9. Children

TaxSwipe is not intended for use by individuals under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. International Data Transfers

Your data is primarily stored in the UK/EU via Supabase. Some third-party services (Anthropic) may process data outside the UK/EU with appropriate safeguards in place (Standard Contractual Clauses and adequacy decisions).

11. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you via the app. Continued use of TaxSwipe after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy questions, data requests, or concerns:

Email: hello@finmedtech.co.uk
Company: FinMedTech
Website: finmedtech.co.uk

← Back to TaxSwipe