Privacy Policy
Last updated: January 2025
VAT Aside ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application and website.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Name (optional)
- Password (encrypted)
Financial Data (via Open Banking)
When you connect your bank account, we access:
- Transaction history (amounts, dates, descriptions)
- Account balances
- Account holder name
Important: We use read-only Open Banking access via FCA-regulated providers (TrueLayer). We cannot move money, make payments, or modify your accounts in any way.
Stripe Data
If you connect Stripe, we access:
- Transaction history from your Stripe account
- Payment amounts and dates
2. How We Use Your Information
We use your information to:
- Calculate and display your VAT position
- Track transactions for VAT estimation purposes
- Provide the core functionality of the app
- Send you important account notifications
- Improve our services
3. Data Security
We take security seriously:
- All data is encrypted in transit (TLS/SSL) and at rest
- Bank connections use FCA-regulated Open Banking providers
- We never store your bank login credentials
- Access tokens are securely stored and regularly refreshed
4. Data Sharing
We do not sell your data.
We only share data with:
- TrueLayer - Our Open Banking provider (FCA-regulated)
- Stripe - If you connect your Stripe account
- Law enforcement - Only if legally required
5. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Personal data is deleted within 30 days
- Transaction data is anonymized or deleted
- Backup copies are purged within 90 days
6. Your Rights (GDPR)
As a UK/EU user, you have the right to:
- Access - Request a copy of your data
- Rectification - Correct inaccurate data
- Erasure - Request deletion of your data
- Portability - Export your data
- Object - Object to certain processing
To exercise these rights, contact us at [email protected].
7. Cookies
Our website uses essential cookies for:
- Authentication and session management
- Security
We do not use tracking or advertising cookies.
8. Third-Party Services
We use the following third-party services:
- TrueLayer - Open Banking (UK FCA regulated)
- Stripe - Payment processing
- MongoDB - Database hosting
9. Children's Privacy
VAT Aside is not intended for users under 18. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.