Legal
Privacy Policy
Last updated: 13 April 2026
1. Who we are
Finantr Ltd ("Finantr", "we", "us", "our") is a company registered in England and Wales (Company No. 17154089), with a registered address at Portland House, Durham DH1 1TW.
We operate the Finantr platform, a Making Tax Digital (MTD) service that connects your UK bank account and HMRC account to automate quarterly tax submissions. We are the data controller for the personal data described in this policy.
We are registered with the Information Commissioner's Office. Our ICO registration number will be published here upon confirmation.
For data protection queries, contact us at: privacy@finantr.com
2. What data we collect
We collect the following categories of personal data:
| Category | Examples | How collected |
|---|---|---|
| Identity & contact | Name, email address | You provide at registration |
| Tax identity | National Insurance Number (NI Number), HMRC business ID | You provide during onboarding |
| Financial transactions | Bank transactions, amounts, descriptions, merchant names | Read-only from your bank via Open Banking (TrueLayer) |
| Tax data | Tax year, income, expenses, quarterly obligations, submission records | Calculated by us; retrieved from HMRC |
| Authentication tokens | HMRC OAuth 2.0 access and refresh tokens, Open Banking tokens | Issued by HMRC and TrueLayer during their authorisation flows |
| Billing | Revolut customer ID, subscription status, payment history | Revolut; we do not store full card numbers |
| Usage & technical | IP address, browser/device type, log data, error traces | Automatically when you use the service |
3. How we use your data
We use your personal data for the following purposes:
- Providing the service — reading your bank transactions, calculating your UK tax liability, and submitting quarterly MTD returns to HMRC on your behalf.
- Account management — creating and maintaining your account, authenticating you, and sending service notifications.
- Billing — processing subscription payments via Revolut and managing your plan.
- Legal compliance — meeting our obligations under UK tax law, the UK GDPR, and FCA-regulated Open Banking rules.
- Security & fraud prevention — detecting unauthorized access, fulfilling HMRC Fraud Prevention header requirements, and protecting your account.
- Service improvement — aggregated, anonymised analysis to improve reliability and accuracy.
4. Legal basis for processing
We process your personal data under the following UK GDPR lawful bases:
- Contract (Art. 6(1)(b)) — processing necessary to deliver the Finantr service you have subscribed to, including syncing transactions, calculating tax, and filing submissions.
- Legal obligation (Art. 6(1)(c)) — HMRC Fraud Prevention header requirements and UK financial record-keeping laws.
- Legitimate interests (Art. 6(1)(f)) — security monitoring, fraud detection, and service improvement, where these do not override your rights.
- Consent (Art. 6(1)(a)) — marketing communications, where applicable. You can withdraw consent at any time.
5. Who we share your data with
We do not sell your personal data. We share it only with the following third parties as required to operate the service:
| Third party | Purpose | Location |
|---|---|---|
| HMRC | Filing MTD quarterly returns and retrieving your tax obligations | UK |
| TrueLayer | FCA-regulated Open Banking provider; read-only bank transaction access | UK / EEA |
| Revolut Ltd | Payment processing and subscription management | UK (FCA regulated) |
| Hosting provider (Plesk / Ubuntu) | Secure server infrastructure for storing and processing your data | UK |
All third parties are subject to data processing agreements and are required to handle your data in accordance with UK GDPR.
6. How we protect your data
- HMRC tokens, Open Banking tokens, and your National Insurance Number are encrypted at rest using AES-256 encryption.
- All data in transit is protected with TLS 1.2+.
- Open Banking access is read-only — we can never initiate payments or access money in your account.
- Transaction records are append-only — they are never modified or deleted in the normal course of service.
- We maintain application-level access logs and monitor for unusual activity.
7. How long we keep your data
We retain your personal data for as long as your account is active and for 7 years after account closure, in line with HMRC record-keeping requirements for tax purposes.
If you request deletion of your account (right to erasure), we will:
- Soft-delete your user record immediately (removing access).
- Hard-delete all associated financial data (transactions, tax estimates, submissions, bank connections) within 30 days.
- Retain only data we are legally required to keep (e.g. billing records for 6 years under the Companies Act 2006).
8. Your rights
Under the UK GDPR, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — request deletion of your account and associated data.
- Portability — receive your data in a structured, machine-readable format.
- Object — to processing based on legitimate interests.
- Restrict — ask us to pause processing in certain circumstances.
- Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, email privacy@finantr.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
9. Cookies
We use only the cookies necessary to operate the service:
- Session cookie — keeps you logged in during your browser session.
- CSRF token — protects against cross-site request forgery.
We do not use advertising cookies or third-party tracking cookies.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date above. Continued use of Finantr after the effective date of changes constitutes acceptance of the updated policy.
11. Contact
For any questions about this Privacy Policy or how we handle your data:
Finantr Ltd
Portland House, Durham DH1 1TW
Company No. 17154089