← Back

Privacy Policy

Last updated: 1 May 2026 · ICO Registration: ZB123456

1. Who We Are

Qwikr ("we", "us", "our") is a cloud-based accounting platform operated in the United Kingdom. We are the data controller for personal data collected through our Service and are registered with the Information Commissioner's Office (ICO).

2. What Data We Collect

We collect the following categories of personal data:

• Account data: name, email address, phone number, practice/company name
• Financial data: invoices, expenses, payroll records, bank transaction data you import
• Usage data: pages visited, features used, IP address, browser type, session duration
• Payment data: billing information processed via Stripe (we do not store card details)
• HMRC data: VAT numbers, UTRs, and other identifiers required for MTD submissions

3. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve the Service
• Process payments and manage your subscription
• Send service-related communications (receipts, security alerts)
• Facilitate HMRC MTD submissions on your behalf
• Detect and prevent fraud or abuse
• Comply with our legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your data on the following bases:

• Contract: to provide the Service you have subscribed to
• Legal obligation: compliance with UK tax and financial regulations
• Legitimate interests: fraud prevention, product improvement, security
• Consent: where we ask for your permission (e.g. marketing emails)

5. Data Sharing

We do not sell your personal data. We share data with:

• HMRC: only when you initiate submissions via our MTD integration
• Stripe: to process subscription payments (subject to Stripe's privacy policy)
• Infrastructure providers: cloud hosting, email delivery, and monitoring services, all bound by data processing agreements
• Accountants: if you grant an accounting firm access to your account, they can view your financial data

6. Data Retention

We retain your account and financial data for as long as your account is active, plus 7 years after closure to comply with UK financial record-keeping requirements. Usage and log data is retained for 12 months.

7. Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request erasure (subject to legal retention requirements)
• Restrict or object to processing
• Receive your data in a portable format
• Withdraw consent where processing is based on consent

To exercise these rights, email privacy@qwikr.tax. We will respond within 30 days.

8. Cookies

We use strictly necessary session cookies to keep you logged in, and analytics cookies to understand how the Service is used. You can disable analytics cookies at any time via your browser settings.

9. Security

We use TLS encryption for all data in transit, AES-256 encryption for data at rest, and enforce role-based access controls. We conduct regular security reviews and penetration testing.

10. International Transfers

Your data is stored in UK/EEA data centres. Where we engage processors outside the UK/EEA, we ensure appropriate safeguards are in place under UK GDPR Articles 46-47.

11. Changes to This Policy

We may update this policy periodically. We will notify you by email of any material changes at least 30 days before they take effect.

12. Contact & Complaints

For privacy queries: privacy@qwikr.tax.
If you are unsatisfied with our response, you have the right to complain to the ICO at ico.org.uk.