Last updated: 22 January 2026
Our customers’ privacy is extremely important to us and we take protection of your data very seriously. We use your personal information only for providing our Services, operating the Website, meeting legal obligations, and improving our products.
This Privacy Policy sets out how we collect, use, store, share, and protect your personal data when you use our website at www.deductic.com (the “Website”), including our Making Tax Digital for Income Tax Self Assessment (“MTD for Income Tax” or “MTD ITSA”) software and related services (the “Services”). This Privacy Policy should be read carefully as it becomes legally binding when you use our Services. Any capitalised terms used in this Privacy Policy have the meanings set out in our Terms of Service.
The data controller for the personal information collected via our Website is Deductic Ltd (“Deductic”), which has its registered offices at 85 Great Portland Street, First Floor, London, England, W1W 7LT, United Kingdom. Our registration number with the UK Information Commissioner’s Office (“ICO”) is ZB286458.
We collect and process personal data that you provide directly to us, data we collect automatically when you use the Website, and data we may receive from third parties where permitted by law.
Information you give us includes personal details you provide when you sign up, use our Services, complete forms, or contact us. This may include your name, email address, phone number, address, date of birth, National Insurance number, Unique Taxpayer Reference (UTR), and other identifiers needed to support UK tax compliance. It may also include information about your tax position such as employment details, self-employment income, property income, expenses, allowable deductions, and other information you choose to input into your account. Where you make a purchase, we may collect payment-related details required to process the transaction, although payment card information is typically handled securely by our payment providers. Where required to comply with legal obligations (including fraud prevention and anti-money laundering requirements if applicable), we may also ask for additional verification information.
Information we collect automatically about you includes technical and usage data when you use the Website. This may include your login information, the Internet Protocol (IP) address used to connect your device to the internet, browser type and version, device identifiers, operating system and platform, time zone settings, and information about your visits including the pages you view, page interaction information such as scrolling and clicks, page response times, and errors. We may also keep records of your interactions with our support team for quality assurance, training, and dispute resolution.
Information we receive from other sources may include information from service providers we work with, identity or fraud prevention providers where applicable, analytics providers, advertising partners where permitted, and any referrals where you have given permission for your details to be shared. If you access our Website through a third-party login, that provider may share information with us such as your name, email address, and basic profile information, depending on the settings you have chosen with that provider.
If you use our Services for MTD ITSA, you may provide us with data that is required to maintain digital records and to submit updates to HMRC. This includes income and expense data, business categories, property income records, adjustments, and other information required for Quarterly Updates and end-of-year finalisation submissions. When you connect your account to HMRC using HMRC login and authorisation processes, HMRC may also provide us with certain information needed to enable the integration and deliver the Services, such as taxpayer identifiers and authorisation tokens. We process that data only to provide the requested HMRC-connected functionality.
We generally do not require sensitive personal data to provide our core Services. However, there may be limited cases where we process sensitive data, for example if we carry out identity verification using documents that may contain biometric data, where this is necessary to comply with legal obligations and protect users from fraud. Where we process such data, we do so only where permitted under applicable UK data protection law and with appropriate safeguards.
Our Website and Services are designed for use by adults aged 18 years and above and are not intended for use by children. We do not knowingly collect children’s personal data unless in specific instances where a parent or legal guardian provides information that is needed for tax reporting purposes. If we learn that we have collected personal data from a child without appropriate permission, we will delete it.
We process your personal data only when we have a lawful basis to do so under UK data protection law. Most commonly, we process personal data because it is necessary to perform our contract with you and provide the Services you request, including preparing and transmitting submissions to HMRC based on your instructions and inputs. We may also process your personal data where we have a legal obligation, including meeting regulatory requirements, responding to lawful requests, maintaining appropriate records, and preventing fraud. In certain cases, we process personal data because it is in our legitimate interests to operate, improve, and secure the Services, provided those interests are not overridden by your rights and freedoms. Where we use cookies or similar technologies for analytics or marketing, we may rely on your consent where required by law, and you can withdraw that consent by adjusting your browser or cookie settings.
There may be instances where we share your personal information with selected third parties, but only where it is necessary for providing the Services, operating our business, complying with the law, or with your permission.
Most relevant to our Services is that we may disclose your information to HMRC when you submit a filing through us. This includes transmitting Quarterly Updates, end-of-year finalisation information, and related submissions that you instruct us to submit. We will only submit information to HMRC in accordance with your actions within the product and the requirements of the HMRC integration.
We may also share your data with suppliers, service providers, and sub-contractors who provide services on our behalf, such as cloud hosting, database infrastructure, analytics tools, customer support platforms, security monitoring providers, and payment processing providers. These parties process your data under contractual obligations to protect it and to use it only for the relevant purposes. We may disclose information where we are under a legal duty to disclose or share personal data, for example to comply with a court order or regulatory requirement, or where necessary to prevent and detect fraud or other illegal activity. If we restructure, merge, sell, or transfer part of our business, we may transfer personal data as part of that transaction, subject to appropriate safeguards.
Where Your Personal Information Is Stored and International Transfers
Our Website and Services may be hosted using reputable cloud infrastructure providers, and your personal data may be stored on servers in the United Kingdom or other locations depending on the service arrangements in place. Where we transfer personal data outside the UK, we ensure that appropriate safeguards are used to protect your data and comply with applicable data protection law, such as UK adequacy regulations or approved contractual safeguards.
By providing us with your personal information and using the Services, you acknowledge that your data may be processed in locations where our service providers operate, but we take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy and applicable law.
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against loss, misuse, unauthorised access, alteration, or disclosure. We use encryption and secure transmission methods to protect data in transit and apply security controls designed to protect stored data. We operate access controls and restrict access to personal information to employees and contractors who have a genuine business need to access it and who are subject to confidentiality obligations. We also monitor our systems for suspicious or malicious activity, and we maintain internal policies and training to promote secure and privacy-aware handling of customer information. No method of transmission over the internet is completely secure, but we work to protect your data using industry-standard safeguards.
We use cookies and similar technologies to operate the Website, improve your experience, understand how the Website is used, and support certain functionality. Cookies are small text files that are placed on your device when you visit the Website and may be used to recognise you and remember settings between visits. You can control cookies through your browser settings and, where applicable, through any cookie consent tools presented on the Website. Please note that disabling cookies may reduce the quality or functionality of your experience. For further information, please see our Cookies Policy.
We retain personal data only for as long as necessary to provide the Services, comply with legal and regulatory obligations, resolve disputes, enforce our agreements, and protect our users and our business. Where retention periods apply under law or regulation, we will retain data for those periods. When data is no longer needed, we delete it or anonymise it in accordance with our retention practices.
Subject to applicable laws, you may have rights in relation to your personal data, including the right to access the information we hold about you, request correction of inaccurate data, request deletion of your personal data, and request restriction of processing in certain circumstances. You may also have the right to object to processing where we rely on legitimate interests, and where applicable, the right to data portability. Where we rely on consent for a particular processing activity, you may withdraw that consent at any time, although this may affect your ability to use certain features.
Your rights are subject to legal limitations and exemptions, including where we need to retain certain information to meet legal obligations or to establish, exercise, or defend legal claims. If you exercise your rights and your request is valid and not excessive, we will respond within one month where required by law. In some cases we may need additional information to verify your identity before fulfilling your request.
Some areas of our Website and Services may contain links to third-party websites, including those of advertisers, affiliates, or other partners. If you follow a link to any third-party website, please note that those websites have their own privacy policies and we do not control how they collect or use your data. This Privacy Policy does not cover the practices of third-party websites and we recommend reading their policies before submitting personal information to them. We do not accept responsibility for the privacy practices or content of third-party websites.
This Privacy Policy is effective as of the “Last Updated” date and will remain in effect except where changed in the future. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or best practice. Any changes will take effect when posted on this page. Your continued use of the Website and Services after a change takes effect constitutes your acknowledgment of the updated Privacy Policy, so we encourage you to review this page periodically.
If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at support@deductic.com
If you are unhappy with how we have responded to a concern or you believe your data protection rights have been infringed, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).