Skip to main content

Last updated: 24 March 2026

Privacy Policy

TaxWhizz.ai Ltd ("TaxWhizz.ai", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our AI-powered tax intelligence platform at taxwhizz.ai (the "Platform").

We are registered in England & Wales. This policy is compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

1. Data Controller

The data controller responsible for your personal data is:

TaxWhizz.ai Ltd
Registered in England & Wales
Email: privacy@taxwhizz.ai

As data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that such processing complies with applicable data protection legislation.

2. Information We Collect

We collect and process the following categories of personal data when you use our Platform:

2.1 Account Data

When you register for a TaxWhizz.ai account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form only; we never store plaintext passwords)
  • Google account identifier (if you sign in via Google OAuth)
  • Subscription tier and billing status
  • Account creation date and last login timestamp

2.2 Financial and Tax Data

To provide our tax calculation and intelligence services, we process:

  • Income details (employment income, self-employment income, dividends, rental income, savings interest, capital gains)
  • Tax reference numbers (Unique Taxpayer Reference, National Insurance number) where voluntarily provided
  • Expense records and allowable deductions
  • Property and asset information relevant to tax calculations
  • Pension contributions and relief details
  • Student loan plan information
  • Company financial data (for corporation tax, VAT, and payroll calculations)
  • Historical tax computation results

2.3 Chat and AI Interaction Content

When you interact with our AI-powered tax assistant, we collect:

  • Chat messages and queries you submit
  • AI-generated responses provided to you
  • Session metadata (timestamps, conversation identifiers)
  • Feedback you provide on AI responses

2.4 Uploaded Documents

When you upload documents for analysis, we process:

  • Tax returns, P60s, P45s, and other HMRC correspondence
  • Payslips and employment documents
  • Bank statements and financial records
  • Invoices, receipts, and expense documentation
  • Company accounts and financial statements
  • Any other documents you choose to upload for AI-powered analysis

2.5 Usage Data

We automatically collect technical and usage information, including:

  • IP address and approximate geolocation
  • Browser type, version, and language settings
  • Operating system and device type
  • Pages visited, features used, and navigation patterns
  • Time spent on pages and interaction timestamps
  • Referring website or source
  • Error logs and performance data

2.6 Cookies and Tracking Technologies

We use cookies and similar technologies to collect data about your browsing activity. For comprehensive details, please refer to our Cookie Policy.

3. Lawful Basis for Processing

Under the UK GDPR, we must have a valid lawful basis for processing your personal data. We rely on the following legal bases:

3.1 Performance of a Contract (Article 6(1)(b))

Processing necessary to provide you with our Platform services, including:

  • Creating and managing your account
  • Performing tax calculations and generating reports
  • Processing document uploads and AI-powered analysis
  • Managing your subscription and processing payments
  • Providing customer support

3.2 Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate interests, where those interests are not overridden by your rights, including:

  • Improving and optimising our Platform and services
  • Analysing usage patterns to enhance user experience
  • Detecting and preventing fraud, abuse, and security threats
  • Conducting internal research and development
  • Sending service-related communications (e.g., tax deadline reminders, feature updates)

3.3 Consent (Article 6(1)(a))

Where we rely on your consent, you have the right to withdraw it at any time. We seek consent for:

  • Marketing communications and newsletters
  • Non-essential cookies and analytics tracking
  • Processing special category data where applicable

3.4 Legal Obligation (Article 6(1)(c))

Processing necessary to comply with our legal obligations, including:

  • Tax and financial regulatory requirements
  • Responding to lawful requests from law enforcement or regulatory bodies
  • Maintaining records as required by applicable laws
  • Anti-money laundering (AML) and know-your-customer (KYC) obligations where applicable

4. How We Use Your Data

4.1 Service Provision

We use your data to deliver our core platform services:

  • Performing income tax, capital gains tax, corporation tax, VAT, and other tax calculations using current HMRC rates and thresholds
  • Generating Self Assessment (SA100), Corporation Tax (CT600), and VAT return computations
  • Providing salary vs. dividends optimisation, pension planning, and incorporation analysis
  • Preparing working papers, management accounts, and audit documentation

4.2 AI Processing

Your queries and relevant data are processed by our AI systems to:

  • Provide contextual tax guidance through our AI assistant
  • Analyse uploaded documents and extract relevant financial information
  • Generate personalised tax planning recommendations
  • Decode HMRC correspondence and explain implications

AI processing is carried out using Anthropic's Claude API. Your data is transmitted securely to Anthropic for processing and is subject to Anthropic's data processing agreements. Anthropic does not use your data to train their models.

4.3 Tax Calculations

Financial data you provide is processed to perform accurate tax calculations using 2025/26 HMRC rates and thresholds. Calculation results are stored in your account history for future reference and audit trail purposes.

4.4 HMRC Submissions

Where you use our HMRC submission features, we process your tax data to:

  • Prepare and validate submissions in the required format (XML, iXBRL)
  • Submit returns to HMRC on your behalf via their APIs (only with your explicit authorisation)
  • Store submission confirmations and reference numbers

5. Data Sharing & Third Parties

We do not sell your personal data to third parties. We share your data only with the following categories of recipients, and only to the extent necessary:

5.1 Stripe (Payment Processing)

We use Stripe as our payment processor. When you subscribe to a paid plan, Stripe collects and processes your payment card details, billing address, and transaction information. We do not store your full card details on our servers. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.

5.2 Anthropic (AI Processing)

We use Anthropic's Claude API to power our AI assistant and document analysis features. Your queries, relevant financial context, and document content are transmitted to Anthropic's servers for processing. Anthropic processes this data under a data processing agreement and does not use it for model training. See Anthropic's Privacy Policy.

5.3 Google (Authentication & Analytics)

We use Google OAuth for optional social sign-in and Google Analytics for usage analysis. When you sign in with Google, we receive your name, email address, and profile picture from Google. Google Analytics collects anonymised usage data. See Google's Privacy Policy.

5.4 Hosting and Infrastructure Providers

Our Platform is hosted on secure servers provided by established infrastructure providers. These providers process data on our behalf under data processing agreements and appropriate security measures.

5.5 Professional Advisors and Regulators

We may share data with our legal advisors, auditors, or regulatory bodies where required by law or to protect our legitimate interests.

5.6 HMRC and Government Bodies

Where you authorise us to submit tax returns on your behalf, we transmit the necessary data to HMRC via their official APIs. We will never submit data to HMRC without your explicit prior authorisation.

6. International Data Transfers

Some of our third-party service providers (including Anthropic and Google) are based in the United States. Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including:

  • UK Adequacy Regulations: Transfers to countries with an adequacy decision from the UK Secretary of State
  • Standard Contractual Clauses (SCCs): UK-approved International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs
  • Supplementary measures: Including encryption in transit and at rest, access controls, and contractual commitments from processors

You may request a copy of the safeguards in place by contacting us at privacy@taxwhizz.ai.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

Data CategoryRetention PeriodRationale
Account dataDuration of account + 2 yearsContract performance and legitimate interests
Tax calculation history7 years from date of calculationHMRC record-keeping requirements (6 years + 1 year buffer)
Uploaded documentsUntil deleted by user, or 7 years from uploadUser convenience and regulatory compliance
Chat logs2 years from date of conversationService improvement and dispute resolution
HMRC submission records7 years from date of submissionRegulatory and legal requirements
Payment and billing data7 years from date of transactionFinancial record-keeping obligations
Usage and analytics data26 monthsPlatform improvement and analytics
Cookie dataAs specified in Cookie PolicySee Cookie Policy

When data is no longer required, it is securely deleted or anonymised in accordance with our data disposal procedures.

8. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data. You may exercise any of these rights by contacting us at privacy@taxwhizz.ai.

8.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will respond to your request within one month and provide the data in a commonly used electronic format.

8.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data or completion of incomplete data. You can update most account information directly through your account settings.

8.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data where:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the lawful basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

Please note that we may be unable to delete data where retention is required by law (e.g., tax records for HMRC compliance periods).

8.4 Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing where:

  • You contest the accuracy of the data (restriction applies while we verify)
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing pending verification of our legitimate grounds

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as JSON or CSV), and to transmit that data to another controller where processing is based on consent or contract and carried out by automated means.

8.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing immediately. For other objections, we will cease processing unless we can demonstrate compelling legitimate grounds.

8.7 Rights Related to Automated Decision-Making (Article 22)

Our Platform uses AI-powered automated processing to generate tax calculations and recommendations. You have the right:

  • Not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects
  • To obtain human intervention in respect of automated decisions
  • To express your point of view and contest automated decisions

Our tax calculations are provided as guidance and information tools. They do not constitute binding decisions with legal effects. All HMRC submissions require your explicit review and authorisation before filing.

9. Cookies

We use cookies and similar tracking technologies on our Platform. For full details on the types of cookies we use, their purposes, durations, and how to manage your cookie preferences, please refer to our dedicated Cookie Policy.

10. Children's Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at privacy@taxwhizz.ai and we will take steps to delete such information.

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest: Sensitive data is encrypted at rest using AES-256 encryption
  • Password security: Passwords are hashed using industry-standard bcrypt algorithms and are never stored in plaintext
  • Access controls: Strict role-based access controls limit data access to authorised personnel only
  • Infrastructure security: Our servers are hosted in secure data centres with physical security controls, redundancy, and disaster recovery capabilities
  • Regular security assessments: We conduct periodic vulnerability assessments and penetration testing
  • Incident response: We maintain a data breach response plan and will notify affected individuals and the ICO within 72 hours of becoming aware of a qualifying breach, in accordance with Article 33 of the UK GDPR
  • Staff training: All team members receive data protection training and are bound by confidentiality obligations

12. Data Protection Officer

For all data protection enquiries, requests to exercise your rights, or questions about this Privacy Policy, please contact our Data Protection Officer:

Data Protection Officer
TaxWhizz.ai Ltd
Email: privacy@taxwhizz.ai

We aim to respond to all data protection requests within one month. In exceptional circumstances, we may extend this by a further two months, in which case we will inform you of the extension and the reasons for it.

13. Complaints

If you are dissatisfied with how we handle your personal data or your data protection request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

Telephone: 0303 123 1113
Website: ico.org.uk
Live chat: ico.org.uk/global/contact-us/live-chat

We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first at privacy@taxwhizz.ai.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email or a prominent notice on our Platform
  • Where required by law, seek your consent to the changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

If you have any questions about this Privacy Policy, please contact us at privacy@taxwhizz.ai.