Legal
Security
Last updated: January 12, 2026
Security is our primary feature. Because we handle financial data, we design our systems to hold as little sensitive information as possible ("Data Minimization").
1. Infrastructure & Encryption
Our infrastructure is hosted on AWS (London Region) to ensure UK data sovereignty compliance.
- In Transit: All data is encrypted via TLS 1.3 during transmission.
- At Rest: OAuth tokens and user metadata are encrypted using AES-256 before being stored in our database.
2. Minimal Retention Architecture
Unlike traditional accounting software, we do not want to be the "source of truth" for your financial history.
- Files you upload are processed in memory and immediately discarded.
- Parsed transaction rows are stored in a temporary "staging" table.
- The Purge: Upon successful submission to HMRC (or after 24 hours of inactivity), raw transaction data is permanently deleted from our servers.
3. Incident Support
Because we delete your raw data, we cannot "look up" your past transactions to debug issues.
If you need support regarding a submission, you must provide the Receipt ID or Correlation ID provided at the time of submission. This allows us to trace the audit logs without accessing your financial contents.
4. Vulnerability Reporting
If you discover a security vulnerability, please report it to [email protected]. We appreciate your help in keeping the platform safe.