Skip to main content
Finpliq
Start free
← Policy library

Security

Information Security Policy

How Finpliq protects business, bookkeeping, payroll and tax records using secure access, encryption, logging and operational controls.

Owner
Security & Compliance
Effective from
8 July 2026
Last reviewed
8 July 2026
Review cycle
Annual or following material change

At a glance

Finpliq protects accounting records, HMRC workflow data, evidence packs and user accounts using authenticated access, role-based permissions, encryption where implemented, audit logs and documented incident handling.

Finpliq does not claim external security certification in this document. Security controls are described as internal operating controls unless independently verified.

Full policy

Security objectives are to preserve confidentiality, integrity and availability of customer records; prevent cross-tenant access; support traceable filings and approvals; and reduce the risk of unauthorised access to sensitive financial data.

Responsibilities sit with TA&T Ltd as operator, administrators with elevated access, developers making changes, and users who must protect their credentials, enable MFA where required and review filing outputs before submission.

Assets include user accounts, business records, invoices, bills, bank statement imports, receipt uploads, payroll records, CIS records, VAT records, HMRC tokens or credentials where configured, audit logs, code, databases, deployment environments and support communications.

Access is granted on a least-privilege basis. Admin access should be limited, reviewed and removed when no longer required. Business-level roles must be used to prevent one customer from viewing another customer's data.

Patch and vulnerability management should include dependency review, security updates, code review, testing and documented release checks before production deployment.

Incident response follows documented triage, containment, investigation, customer notification and regulatory notification processes where required by law or HMRC obligations.