SmartC Logo

SmartC
SmartC Logo

SmartC

Privacy matters

Last updated: 4 September 2025

Privacy Policy

SmartC Digital LTD (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, mobile app, and services.

Terms & Conditions Contact us

1) Who we are

SmartC Digital LTD

Company number: 16595390

Registered office: Flat 1 Caine House, 6 Greycaine Road, Watford, England, WD24 7GP

Email: support@smartc.co.uk

We are registered in the UK and comply with the UK GDPR and the Data Protection Act 2018.

2) Data we collect

  • Account data: name, email, password (hashed/salted), role, firm.
  • Identity data: National Insurance Number (NINO), Unique Taxpayer Reference (UTR) where required for filings.
  • Financial & tax data: Self-Assessment (e.g., SA100 schedules), VAT information, CIS/property records, uploaded documents (e.g., PDF, CSV).
  • HMRC data: OAuth2 tokens (access & refresh) and tax data retrieved via HMRC APIs with your authorisation.
  • Payment data: processed via Stripe; we store payment tokens only, never full card details.
  • Usage & technical: IP address, device information, pages visited, timestamps, approximate region, browser.
  • Files & AI extraction: invoices/receipts you upload and extracted fields used to populate records.
  • Support: messages, attachments, feedback.

We do not intentionally collect special-category data unless you provide it within documents.

3) Sources of data

You (or your firm) provide most information directly. We also receive data from HMRC APIs (with your permission), payment providers (e.g., Stripe), email/analytics tools, and document parsing services used to extract invoice data.

4) How we use personal data

  • Provide accounting and tax services (accounts, filings, AI extraction).
  • Connect to HMRC APIs to retrieve/submit tax data on your instructions.
  • Manage payments and subscriptions via Stripe.
  • Customer support and incident response.
  • Security, fraud prevention, and audit logging.
  • Product analytics and service improvement.
  • Legal/regulatory compliance and enforcement.
  • With consent, marketing communications (you can opt out).

We never sell your personal data.

6) Sharing & recipients

We share data with service providers under contract (e.g., hosting, email, analytics, payments, AI extraction), and with HMRC when you fetch obligations/liabilities or submit returns. We may engage vetted IT subcontractors under NDA and GDPR-compliant terms. We may disclose data if required by law, to regulators, or to protect rights, users, or the service. Firms may grant accountants access to specific client records. See our sub-processors list.

7) International transfers

Data is stored on secure UK/EU servers. Where data leaves the UK/EEA, we use appropriate safeguards (e.g., UK Addendum to SCCs, adequacy decisions, or other lawful mechanisms). Details available on request.

8) Retention

  • Client tax/accounting data: 6 years (as required by HMRC), unless a longer period is required by law.
  • Account details: retained until you close your account (or as needed to resolve disputes/comply with law).
  • Payment data: retained according to Stripe’s policies; we keep only necessary tokens/records.

You can request deletion where applicable (see Your rights).

9) Security

  • Encryption in transit and at rest; secure UK/EU hosting.
  • Passwords encrypted (hashed + salted); tokens stored securely and refreshed automatically.
  • Role-based access, least privilege, 2FA support.
  • Per-submission audit trails and activity logs.
  • Backups and disaster recovery procedures.
  • Access limited to authorised personnel.

No system is 100% secure; we work continuously to protect your data.

10) Your rights

Under UK GDPR you may have rights to access, rectify, erase, restrict or object to processing, and data portability. Where processing relies on consent, you can withdraw it at any time. We will respond within applicable timeframes.

11) Cookies

We use essential cookies for authentication/session and optional analytics cookies (with consent) to improve user experience. You can manage cookies in your browser settings. For details and controls, see our Cookies page.

12) HMRC data & authorisations

When you connect an HMRC account, we process OAuth2 tokens and tax data to fetch obligations/liabilities and submit returns on your instructions. Tokens are stored securely and refreshed automatically. You can revoke HMRC access from your account or via HMRC. We log submissions and responses for compliance and support.

13) Contact & complaints

Contact: support@smartc.co.uk. You can also write to our registered address (see above). If you are not satisfied, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

14) Changes to this policy

We may update this notice to reflect changes in law or our practices. We will post the new version here and update the effective date.

Effective date: 4 September 2025.

Need a copy or DPA?

We can provide a signed DPA and security details on request.

View DPA Contact us