Security & data protection

How we handle your company and personal data.

Encryption at rest

Personal and financial identifiers (UTR, registered office, director name) are encrypted in the database, and the documents we generate (CT600 XML, iXBRL accounts and computations, submission envelopes) are encrypted on disk. Credentials are redacted before any envelope is stored.

Encryption in transit

All traffic is served over TLS. Sessions are encrypted, and production enforces HTTPS.

Least-privilege secrets

API keys and gateway credentials are never stored in the codebase — they are read from the environment / a secrets store. The app defaults to HMRC test endpoints; live submission is double-gated behind explicit configuration.

Audit trail

Key actions are recorded in an append-only audit log. We never log credentials or full PII — only the action, the affected record and a hashed IP.

Your GDPR rights

You can export everything we hold about you as a JSON file, and permanently delete your account and all associated data and documents, from your account at any time.

Standards we build around

HMRC's GovTalk / Transaction Engine submission protocol, the FRC inline-XBRL (iXBRL) taxonomies for FRS 105 / FRS 102, and the CT600 schema. These are subject to specialist sign-off before live filing.

For operators / due diligence: before going live, the operator must complete ICO registration, a data-protection impact assessment, UK data-residency decisions (if hosted offshore), and obtain professional indemnity cover. These items are tracked in the project's NOTES.md and data-protection record.

See also our Privacy policy and Cookie notice.