MTD deadline: 0 daysGet Ready Now →
Legal

Privacy Policy

We take your privacy seriously. Here's exactly what data we collect, why we collect it, and how we protect it.

Last updated: March 2026 | Effective: 1 March 2026

1. Who We Are

Accounted is a trading name of SaltCore Group Limited, a company registered in England and Wales. We provide cloud-based bookkeeping and tax compliance software for UK sole traders, landlords, contractors, freelancers, and small businesses.

  • Data Controller: SaltCore Group Limited
  • Contact: hello@getaccounted.co.uk
  • Website: getaccounted.co.uk
  • ICO Registration: Registered with the Information Commissioner's Office under UK GDPR.

2. What Data We Collect

Personal identification data

  • Full name
  • Email address
  • Phone number (if provided)
  • Business name and type
  • National Insurance number (for HMRC submissions only)
  • UTR (Unique Taxpayer Reference)
  • VAT registration number (if applicable)

Financial data

  • Bank transaction data (via Open Banking, read-only)
  • Invoice and receipt data you upload or create
  • Business income and expenses
  • VAT and tax return data

Technical data

  • IP address
  • Browser type and version
  • Device type
  • Pages visited and time spent
  • Referral source
  • Error logs

Communication data

  • Messages sent via Penny (Telegram, SMS, etc.)
  • Support tickets and emails
  • Contact form submissions

3. How We Use Your Data

We use your data to:

  • Provide the Accounted service
  • Submit returns to HMRC on your behalf (with consent)
  • Connect your bank account via Open Banking
  • Send you tax deadline reminders
  • Process your subscription payment
  • Provide customer support
  • Improve our AI categorisation (aggregated, anonymised only — your individual data is never used to train AI models)
  • Send product updates and feature announcements (you can unsubscribe)
  • Comply with legal obligations
  • Prevent fraud and abuse

Legal basis under UK GDPR:

  • Contract performance: delivering the service you signed up for
  • Legal obligation: HMRC compliance and reporting
  • Legitimate interests: security, fraud prevention, service improvement
  • Consent: marketing communications (opt-in only)

4. HMRC Data

When you connect Accounted to HMRC:

  • You authorise us via OAuth 2.0 — we never see or store your HMRC password
  • We store encrypted OAuth tokens to submit returns on your behalf
  • We submit data to HMRC only when you explicitly instruct us to
  • You can revoke HMRC access at any time from your dashboard
  • We include HMRC-required fraud prevention headers with all submissions

5. Open Banking

When you connect your bank:

  • Access is read-only — we cannot move money or make payments
  • We connect via FCA-regulated Open Banking providers
  • No bank passwords or card numbers are stored on our servers
  • You can revoke bank access at any time through your bank or dashboard

6. Who We Share Data With

We share your data only with essential third-party providers:

  • HMRC — for tax submissions you authorise
  • Payment processor — for subscription billing
  • Open Banking provider — for bank account connections (FCA-regulated)
  • AI services — for transaction categorisation (anonymised transaction data only, not your personal details)
  • Email service — for sending transactional emails
  • Messaging services — for AI assistant communications
  • Database and file storage providers — infrastructure only (EU data centres)

We do not sell your data.

We do not share your data with advertisers.

We do not use your financial data to train AI models.

7. Data Retention

  • Account data: duration of subscription plus 7 years (UK tax record keeping)
  • Financial records: 7 years from the end of the tax year they relate to (HMRC requirement)
  • Support communications: 3 years
  • Marketing preferences: until you withdraw consent

When you close your account, we will delete or anonymise your personal data within 30 days, except where required by law.

8. Your Rights Under UK GDPR

  • Access your personal data (Subject Access Request)
  • Correct inaccurate data
  • Delete your data (“right to be forgotten”)
  • Restrict processing
  • Data portability (export in machine-readable format)
  • Object to processing
  • Withdraw consent at any time

To exercise any right, email hello@getaccounted.co.uk. We will respond within 30 days.

To complain: ico.org.uk

9. Cookies

We use cookies as described in our Cookie Policy at /cookies.

10. Security

AES-256 encryption at rest. TLS 1.3 in transit. Row-level database security. Regular security audits. Staff access controls and audit logs. See full details at /security.

11. Children

Accounted is not directed at children under 18. We do not knowingly collect data from anyone under 18.

12. Changes to This Policy

We will notify you by email of any material changes at least 14 days before they take effect.

13. Contact

  • Email: hello@getaccounted.co.uk
  • Subject line: “Privacy Request”
  • SaltCore Group Limited
  • Registered in England and Wales
  • getaccounted.co.uk

Questions about your data?

Email us at hello@getaccounted.co.uk — we respond within 2 hours on business days.

Contact Us →
Privacy Policy — Accounted