Account data: Name, email address, selected platforms, income range, subscription tier.
Financial data: Uploaded income statements (CSV/PDF/image), expenses, mileage records, bank statements, weekly reports.
Usage data: Pages visited, features used, AI assistant interactions, device information, approximate location (city/country level only — we never store raw IP addresses).
Payment data: Processed securely by Stripe. We do not store card numbers.
Contract performance: Processing your tax data to provide the Service.
Legitimate interest: Analytics, service improvement, fraud prevention.
Consent: Marketing communications, cookie tracking (see Cookie Policy).
We use your data to: provide tax calculations and guidance, generate reports, process AI assistant queries, send transactional emails (receipts, deadline reminders), improve our service through aggregated analytics, and detect fraud or misuse.
We share data only with: Stripe (payment processing), Google Gemini (AI document processing and chat — your data is processed but not stored by Google for training), and email service providers for transactional emails. We never sell your data.
Account and financial data: retained while your account is active, plus 7 years after account deletion (HMRC record-keeping requirement). Usage analytics: 2 years. Session recordings: 30 days. Marketing consent records: indefinitely as proof of consent.
You have the right to: access your data, request correction, request deletion (subject to legal retention requirements), data portability (export in machine-readable format), restrict processing, and withdraw consent for marketing at any time.
To exercise these rights, email privacy@taxtango.co.uk or use the data request feature in your account settings.
We use encryption in transit (TLS 1.3) and at rest, httpOnly secure cookies for authentication, rate limiting, and regular security audits. All infrastructure is hosted in UK/EU data centres.
Data Controller: TaxTango Ltd, United Kingdom. Email: privacy@taxtango.co.uk
You may also contact the ICO (Information Commissioner’s Office) if you believe we have not handled your data correctly.