Privacy Policy
Last updated: draft — pending legal review
This Privacy Policy is a draft template provided for convenience and is not legal advice. It must be reviewed and adapted by a qualified UK solicitor before TaxRadar goes live. Do not rely on it in its current form.
This policy explains how TaxRadar handles personal data. TaxRadar is a product by Bryxo, operated by Bryxo Ltd, a company registered in the United Kingdom (Bryxo Ltd, “we”, “us”, “our”). We are committed to protecting your privacy and to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are (data controller)
Bryxo Ltd is the data controller for the personal data you provide when you create and use a TaxRadar account (your account data). For questions about this policy or how we use your data, contact our privacy team at security@taxradar.co.
Where TaxRadaraccesses your practice’s HMRC agent data (for example client lists and client tax status) on your authority, your practice is the controller of that client data and we act as a processor on your behalf — we process it only to provide the service to you and on your instructions. See section 4.
2. Personal data we collect
- Account data.The details you give us to register and run your practice’s account — such as your name, work email address, practice name, and account preferences (for example reminder settings).
- HMRC agent & client data (accessed read-only). When you connect your HMRC agent account, TaxRadarreads your client list and each client’s tax status and deadline information through approved HMRC agent APIs. This access is read-only and is exercised only on your authority.
- Usage & technical data. Basic information generated when you use the service — such as log data, device/browser information and IP address — used to keep the service secure and working.
3. Lawful bases for processing (UK GDPR)
- Contract (Article 6(1)(b)). To create your account and provide the TaxRadar service you have asked for.
- Legitimate interests (Article 6(1)(f)). To secure, maintain, debug and improve the service, and to prevent misuse — balanced against your rights.
- Consent (Article 6(1)(a)). For optional marketing communications and for any non-essential cookies or analytics. You can withdraw consent at any time.
- Legal obligation (Article 6(1)(c)). Where we must retain or disclose data to meet a legal or regulatory requirement.
4. How we use HMRC data
TaxRadar connects to HMRC via approved agent APIs and holds a read-onlyview. We use the data we read solely to show you each client’s live tax status and upcoming deadlines, to flag authorisation gaps, and to send the client reminders you switch on. TaxRadar never files returns, submits data to HMRC, or moves money on your behalf. We do not sell HMRC or client data, and we do not use it for advertising or profiling.
5. Sharing and subprocessors
We do not sell your personal data. We share it only with trusted service providers (subprocessors) that help us run TaxRadar, under contracts that require them to protect it and use it only on our instructions. These include:
- Cloud hosting & database — to run the application and store account data securely.
- Email delivery — to send transactional messages, account emails and the client reminders you enable.
We may also disclose data where required by law, to protect our rights, or in connection with a business reorganisation. A current subprocessor list is available on request from security@taxradar.co.
6. International transfers
We aim to store and process personal data in the UK region. Where any processing takes place outside the UK, we put in place an approved transfer mechanism (such as the UK International Data Transfer Agreement or UK Addendum to the EU Standard Contractual Clauses) so that your data receives an equivalent level of protection.
7. Retention
We keep account data for as long as your account is active and for a reasonable period afterwards to meet legal, accounting and security obligations, after which it is deleted or anonymised. HMRC client data is accessed read-only and is retained only for as long as needed to provide the service; disconnecting your HMRC authority stops further access, and deleting your account removes the associated data (see section 10).
8. Security
We use technical and organisational measures appropriate to the risk — including encryption in transit, access controls, and the read-only design of our HMRC connection — to protect personal data against unauthorised access, loss or misuse. No system is perfectly secure, but we work to keep TaxRadar safe and to respond quickly to any incident. Report a security concern to security@taxradar.co.
9. Your rights
Under UK GDPR you have the right to access your personal data, to rectify inaccurate data, to erase data, to restrict or object to processing, to data portability, and to withdraw consent where processing relies on consent. To exercise any of these rights, contact security@taxradar.co. Where your practice is the controller of client data, requests from data subjects about that client data should be directed to your practice, and we will assist you as processor.
10. Disconnecting and deleting your data
You can revoke TaxRadar’s read-only HMRC access at any time, which stops any further access to your agent and client data. You can also ask us to close your account and delete your account data by contacting support@taxradar.co or security@taxradar.co.
11. Cookies and analytics
TaxRadar uses only the cookies needed to run the site and, where you consent, basic analytics to understand usage. A separate Cookie Policy will set out the detail; non-essential cookies are set only with your consent.
12. Complaints
If you have a concern about how we handle your data, please contact us first at security@taxradar.coso we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk.
13. Changes to this policy
We may update this policy from time to time. Material changes will be reflected here with a revised “last updated” line. Please check back periodically.
14. Contact
Privacy and security enquiries: security@taxradar.co. General enquiries: support@taxradar.co.