Privacy Policy

TradeTally is operated by TradeTally Ltd (“we”, “us”, “our”), a company registered in England and Wales. Our registered address and contact details are available at privacy@tradetally.co.uk.

We are the data controller for the personal data we collect through this website and application.

• Account data: name, email address, and hashed password (using bcrypt) when you register.
• Business data: business name, trade type, VAT number, and company type you provide during onboarding.
• Financial data: invoices, expenses, jobs, and customer records you create inside the application. This data belongs to you.
• Billing data: subscription status and billing dates. Payment card details are processed directly by Stripe and are never stored on our servers.
• HMRC connection data: if you connect your HMRC account via Making Tax Digital (MTD), we store your OAuth access and refresh tokens in encrypted form. We do not store your HMRC Government Gateway credentials.
• Usage data: server logs including IP address, browser type, pages visited, and timestamps, for security and service improvement purposes.

• Contract performance (Article 6(1)(b) UK GDPR): to provide the TradeTally service you have signed up for.
• Legitimate interests (Article 6(1)(f)): to maintain the security of our systems and prevent fraud.
• Consent (Article 6(1)(a)): for optional marketing emails, which you may withdraw at any time.
• Legal obligation (Article 6(1)(c)): where required by UK law (e.g., HMRC data retention requirements).

• To operate and improve the TradeTally platform.
• To process payments and manage your subscription via Stripe.
• To submit VAT returns and MTD obligations to HMRC on your behalf (when authorised).
• To send transactional emails (invoices, password resets, billing notifications).
• To respond to support requests.
• To comply with legal and regulatory obligations.

All data is stored on servers located in the United Kingdom. We use industry-standard security measures including:

• TLS encryption for all data in transit.
• Encryption at rest for sensitive tokens (HMRC OAuth tokens are AES-256 encrypted).
• Bcrypt password hashing — we cannot retrieve your password.
• Access controls limiting who can access production data.

We do not sell your personal data. We share data only with:

• Stripe — payment processing (their privacy policy applies to card data).
• HMRC — only the tax data you explicitly authorise us to submit on your behalf.
• Infrastructure providers — our hosting provider processes data under a data processing agreement.
• Legal authorities — where required by law or court order.

We retain your data for as long as your account is active. If you cancel your account we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal or regulatory reasons (e.g., HMRC records must be kept for a minimum of 6 years under UK tax law).

You have the right to:

• Access your personal data (Subject Access Request).
• Rectify inaccurate data.
• Eraseyour data (“right to be forgotten”), subject to legal retention obligations.
• Restrict or object to processing.
• Data portability — export your data in a machine-readable format from within the app.
• Withdraw consent at any time for consent-based processing.

To exercise any of these rights, contact us at privacy@tradetally.co.uk. We will respond within one calendar month.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data lawfully.

We use session cookies required for authentication. We do not use tracking, advertising, or analytics cookies. No third-party cookies are set by TradeTally. For full details, see our Cookie Policy.

We may update this Privacy Policy from time to time. We will notify registered users by email of material changes. The “last updated” date at the top reflects the most recent revision.

For any privacy-related queries, contact us at privacy@tradetally.co.uk.