MTD deadline: 0 daysGet Ready Now →
Bank-Grade Security

Your financial data deserves bank-grade protection.

Here's exactly how we deliver it.

HMRC Recognised
🛡️ICO Registered
🇪🇺EU Data Centres Only
🔐

Encryption

AES-256 encryption for all data at rest
TLS 1.3 for all data in transit
Sensitive fields (NI numbers, bank details) protected with separate key management
Database Row Level Security isolates every organisation’s data
🏗️

Infrastructure

EU data centres — your data never leaves Europe
Enterprise-grade database with automated daily backups and point-in-time recovery
DDoS protection and rate limiting on all endpoints
Real-time monitoring and alerting across all services
🔑

Authentication

Enterprise-grade identity management
Multi-factor authentication available on all accounts
15-minute session timeout for bank-grade security
OAuth 2.0 for HMRC — we never see or store your HMRC password
🏦

Open Banking

Read-only access — Accounted cannot move money or make payments
Powered by FCA-regulated Open Banking providers
Revoke access at any time through your bank
No card numbers or bank credentials stored on our servers
🤖

AI & Data Processing

AI built with privacy and safety as core principles
Transaction data used for categorisation only, never for training
No financial data is used to train AI models
All AI processing is GDPR compliant
📋

Compliance

ICO registered
Fully GDPR compliant — data subject rights honoured within 30 days
HMRC-recognised Making Tax Digital software
Regular security audits and penetration testing
Vulnerability disclosure: hello@getaccounted.co.uk

Incident Response

24/7
Real-time error monitoring and alerting across all services
72hrs
Maximum time to notify affected users of a security incident
100%
HMRC and ICO notified where required under GDPR and HMRC guidelines

Messaging Security

Penny communicates via Telegram and web chat for convenience — receipt uploads, reminders, and quick actions. Sensitive operations like HMRC submissions, bank connections, and payment details always happen inside your encrypted dashboard behind two-factor authentication. Penny will never ask for your password, bank details, or full National Insurance number via messaging.

🔍

Responsible Disclosure

Found a vulnerability? We want to hear from you. We believe in working with security researchers to keep Accounted safe for everyone.

Email your findings to hello@getaccounted.co.uk
We acknowledge all reports within 48 hours
We will not take legal action against good-faith security researchers
Please give us reasonable time to fix issues before public disclosure
Report a Vulnerability →

Security is not a feature — it's the foundation.

If you have any security concerns, contact hello@getaccounted.co.uk

Start Free Trial →Read the Blog →

Last updated: March 2026

Security at Accounted — Bank-Grade Data Protection