Privacy Policy

Last updated: January 2026

1. Who We Are

ByeBye Accountants ("we", "us", "our") provides a UK tax management platform for IT contractors and consultants. This privacy policy explains how we collect, use, and protect your personal data.

2. Data We Collect
  • Account data: Email address, full name, company name
  • Company data: Company number, registered address, director details, shareholder information
  • Financial data: Invoice amounts, expense records, VAT returns, tax calculations
  • Tax references: UTR, Corporation Tax reference, VAT number, NI number (encrypted at rest)
  • Technical data: Login IP addresses, browser user agent, session data
3. How We Use Your Data
  • To provide the tax management service
  • To calculate tax liabilities and VAT returns
  • To send deadline reminders and alerts
  • To authenticate your identity (magic links, 2FA)
  • To comply with legal obligations
4. Legal Basis for Processing

We process your data under the following lawful bases:

  • Contract: To provide the service you signed up for
  • Consent: You accept our terms when registering
  • Legal obligation: Tax records must be retained per HMRC requirements
5. Data Retention
  • Tax and financial records: 6 years plus current year (HMRC requirement)
  • Account data: Retained while your account is active
  • Inactive accounts: Warning at 12 months, deletion at 24 months of inactivity
  • Audit logs: 2 years
6. Your Rights (GDPR)

Under the UK GDPR, you have the right to:

  • Access: Request a copy of all your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your account and data (subject to legal retention requirements)
  • Portability: Export your data in machine-readable format (JSON)
  • Restriction: Request that we limit processing of your data
7. Data Security
  • All data transmitted over HTTPS (TLS encryption)
  • Sensitive fields (tax references, Government Gateway) encrypted at rest
  • Passwordless authentication via magic links
  • Optional two-factor authentication (Google Authenticator)
  • Data stored in UK data centres (AWS eu-west-2)
8. Cookies

We use only essential cookies:

  • sessionid: Maintains your login session
  • csrftoken: Protects against cross-site request forgery

We do not use analytics, tracking, or advertising cookies.

9. Third Parties

We do not sell or share your personal data with third parties for marketing purposes. We use:

  • Dynu SMTP: For sending authentication and notification emails
  • AWS: For hosting infrastructure (UK region)
10. Contact

For data protection enquiries, contact us at: noreply@byebye-accountants.com

Back to Home