Does Finpliq support MTD VAT?

Yes. Finpliq helps UK VAT-registered businesses prepare, review and submit MTD VAT returns after HMRC connection and user confirmation.

Is Finpliq for UK small businesses?

Yes. Finpliq is built for UK sole traders, contractors, small companies and CIS businesses that want plain-English bookkeeping and compliance workflows.

Privacy Policy — Finpliq

1. Who we are

Finpliq is a product of TA&T Ltd, a company registered in England and Wales. References to "Finpliq", "we", "us", or "our" in this policy refer to TA&T Ltd.

We are the data controller for the personal data you provide when using Finpliq. You can contact us at finpliq@taandt.com.

2. What data we collect

We collect the following categories of personal data:

Account data: your name, email address, and password (hashed).
Business data: your business name, type, VAT registration status, Companies House number, and PAYE reference.
Financial data: bank transaction data imported via Open Banking or CSV, invoice details, expense records, payroll figures, and HMRC filing history.
Government Gateway credentials: if you use RTI payroll submission, your Government Gateway user ID and password are stored encrypted using AES-256-GCM. They are never transmitted except directly to HMRC.
Usage data: how you interact with Finpliq (pages visited, actions taken) to improve the product.
Communications: any emails or messages you send to us.

3. How we use your data

We use your data to:

Provide and operate the Finpliq service.
Process your bank transactions and generate financial reports.
Submit returns to HMRC on your behalf when you instruct us to (VAT, CIS, payroll RTI, MTD ITSA).
Send you service communications (receipts, alerts, deadline reminders).
Improve the product based on how it is used.
Comply with our legal obligations.

We do not sell your data. We do not use your data for advertising. We do not share your financial data with third parties except as described in Section 5.

4. Legal basis for processing (UK GDPR)

Contract: processing necessary to provide the service you have signed up for.
Legal obligation: where we are required to retain records or comply with HMRC requirements.
Legitimate interests: improving the product, preventing fraud, and ensuring security.
Consent: for optional communications such as product updates. You may withdraw consent at any time.

5. Who we share data with

We share data with the following categories of third party only where necessary:

HMRC: when you instruct Finpliq to submit a filing (VAT return, CIS return, payroll FPS/EPS, MTD ITSA). Only the data required for that specific filing is transmitted.
Open Banking providers: to retrieve your bank transactions. We use regulated Open Banking APIs. Your bank credentials are never shared with Finpliq.
Payment processors (Stripe): to process subscription payments. Stripe is PCI-DSS compliant. We do not store card details.
Infrastructure providers: our hosting and database providers process data on our behalf under data processing agreements.
Your accountant: if you use the accountant handoff or CA review features, the data you choose to share is made available to the CA you select.

6. Data retention

We retain your data for as long as your account is active. If you close your account, we delete your personal data within 30 days, except where we are required to retain records for legal or regulatory purposes (for example, HMRC requires businesses to retain financial records for 6 years from the end of the accounting period).

You may request a full export of your data at any time from Settings → Export data.

7. Your rights

Under UK GDPR, you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Request deletion of your data (subject to legal retention requirements).
Restrict how we process your data.
Data portability — receive your data in a machine-readable format.
Object to processing based on legitimate interests.
Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at finpliq@taandt.com. We will respond within 30 days.

8. Security

We take security seriously. Key measures include: AES-256-GCM encryption for Government Gateway credentials, TLS encryption for all data in transit, hashed passwords (bcrypt), and access controls ensuring only you can access your business data. See our Security page for more detail.

9. Cookies

We use cookies for session management and product analytics. See our Cookie policy for detail.

10. Contact and complaints

For any privacy queries, contact us at finpliq@taandt.com.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.