HMRClever

Last updated: February 2026

Privacy Policy

At HMRClever, we take your privacy seriously. This policy explains how we collect, use, store, and protect your personal information in compliance with UK GDPR.

1. Who We Are

HMRClever is a UK-based personal finance and tax estimation application. We help individuals track their finances and understand their tax position throughout the year. Our service is provided as a Software-as-a-Service (SaaS) platform accessible via web browser.

For data protection queries, please contact us at: privacy@hmrclever.com

2. What Data We Collect

2.1 Account Information

  • Email address (used for authentication and service communications)
  • Name (optional, for personalisation)
  • Password (stored as a secure hash, never in plain text)
  • Account creation date and login timestamps

2.2 Financial Data

  • Income records (employment, self-employment, dividends, property, pensions)
  • Expense and deduction records (business expenses, pension contributions, charitable donations)
  • Account balances and transaction history
  • Tax year and residency information
  • Household structure (for multi-earner households)

Important: All financial data you enter is voluntary. You control what information you provide. We do not automatically pull data from your bank accounts or HMRC unless you explicitly authorise third-party integrations.

2.3 Usage Analytics

  • Pages visited and features used within the application
  • Device type, browser type, and operating system
  • IP address (for security and fraud prevention)
  • Session duration and interaction patterns

2.4 Payment Information

  • Subscription status and billing history
  • Payment method details (stored securely by our payment processor, Stripe)

Note: We do not store full credit card numbers. Payment card details are handled entirely by Stripe, our PCI DSS-compliant payment processor.

3. Why We Collect This Data

3.1 To Provide the Service

  • Calculate tax estimates based on your financial inputs
  • Store and retrieve your financial records securely
  • Generate reports and insights about your tax position
  • Maintain your account and authenticate your access

3.2 To Improve User Experience

  • Analyse usage patterns to identify areas for improvement
  • Troubleshoot technical issues and bugs
  • Develop new features based on user needs

3.3 To Communicate with You

  • Send service-related notifications (e.g., subscription renewals, payment failures)
  • Respond to support requests and inquiries
  • Notify you of important changes to the service or terms

3.4 To Process Payments

  • Manage your subscription and billing
  • Process refunds if applicable

5. How Long We Keep Your Data

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:

  • Active accounts: Data retained for the duration of your subscription
  • Closed accounts: Personal and financial data deleted within 30 days of account closure, except where we have a legal obligation to retain it (e.g., financial records for tax purposes may be retained for up to 7 years)
  • Backup data: May persist in encrypted backups for up to 90 days before permanent deletion
  • Anonymised analytics: May be retained indefinitely as they cannot identify you

You can request deletion of your account and data at any time by contacting support@hmrclever.com.

6. Who We Share Your Data With

We do not sell, rent, or trade your personal data to third parties. We only share data with trusted service providers who help us operate the platform:

6.1 Supabase (Database Hosting)

  • Purpose: Secure hosting of your account and financial data
  • Location: EU region (eu-west-1, Dublin, Ireland)
  • Safeguards: Supabase is GDPR-compliant with enterprise-grade security measures

6.2 Stripe (Payment Processing)

  • Purpose: Processing subscription payments and managing billing
  • Location: Global infrastructure with EU data residency options
  • Safeguards: PCI DSS Level 1 certified, GDPR-compliant

6.3 No Other Third Parties

Currently, we do not use third-party analytics services (e.g., Google Analytics), advertising networks, or marketing platforms. If this changes in the future, we will update this policy and notify you.

7. International Data Transfers

Your data is primarily stored in the EU (Ireland) via Supabase. If we ever transfer data outside the UK or EU, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure (Right to be Forgotten): Request deletion of your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format (e.g., JSON export)
  • Right to Object: Object to processing based on legitimate interests
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Withdraw Consent: Withdraw consent for optional processing (e.g., marketing emails)

To exercise any of these rights, please contact privacy@hmrclever.com. We will respond to your request within one month.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.

9. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
  • Passwords are hashed using bcrypt before storage
  • Database access is restricted to authorised personnel only
  • Regular security audits and vulnerability assessments
  • Automated backups stored in encrypted form

No system is 100% secure. If you believe your account has been compromised, please contact us immediately at security@hmrclever.com.

10. Cookies and Tracking

We use cookies to provide essential functionality, such as keeping you logged in. For full details on our cookie usage, please see our Cookie Policy.

11. Children's Privacy

HMRClever is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a prominent notice on the platform. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us: