Legal

Privacy Policy

We are committed to protecting your personal data and being transparent about how we use it, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Last updated: 1 March 2026 Version: 1.0
Contents

1. Who We Are

Simpleledger Limited ("we", "us", "our") is a UK-registered accountancy and tax advisory firm. We are the data controller responsible for your personal information.

  • Company name: Simpleledger Limited
  • Company number: 14373987
  • Registered address: 67 Watling Street, Nuneaton, CV11 6JJ
  • ICO registration number: ZB656697
  • email: info@simpleledger.co.uk
  • Phone: 02475 229 097

2. Data We Collect

We collect personal data in the following circumstances:

When you enquire or register

  • Full name, email address, phone number
  • Business name, business type and turnover band
  • Home and business address
  • UTR number, National Insurance number, company registration number
  • Previous accountant details (if switching)

When you use our ACSP identity verification service

  • Full name, date of birth, home address
  • Identity document details (via our third-party verification partner, Didit)
  • Payment information (processed by Stripe — we do not store card details)

When you contact us

  • Name, email address, phone number and the contents of your message

Automatically collected data

  • IP address, browser type, pages visited and referral source (via Google Analytics, with your consent)
  • reCAPTCHA score (for fraud prevention)

3. How We Use Your Data

We use your personal data for the following purposes:

  • To provide accountancy, tax and payroll services to you
  • To conduct identity verification as required under the Economic Crime and Corporate Transparency Act 2023
  • To communicate with HMRC, Companies House and other regulatory bodies on your behalf
  • To send you your engagement letter and obtain your signature
  • To process payments for our services
  • To respond to enquiries and provide customer support
  • To comply with our legal and regulatory obligations (including AML/KYC)
  • To improve our website and services (analytics, with your consent)

We process your personal data under the following legal bases under UK GDPR:

  • Contract (Article 6(1)(b)): Processing necessary to provide our accountancy services to you
  • Legal obligation (Article 6(1)(c)): Compliance with HMRC, Companies House, AML regulations and the Economic Crime and Corporate Transparency Act
  • Legitimate interests (Article 6(1)(f)): Fraud prevention, security, improving our services and direct marketing to existing clients
  • Consent (Article 6(1)(a)): Analytics cookies and email marketing, where you have opted in

5. Sharing Your Data

We do not sell your personal data. We share it only where necessary:

  • HMRC — to register your business, file returns and correspond on your behalf
  • Companies House — for company formations, ACSP verification and filing
  • Stripe — to process payments securely (Stripe's privacy policy applies)
  • Didit — to conduct identity verification checks (Didit's privacy policy applies)
  • Resend — to send transactional emails on our behalf
  • Supabase — our secure database provider (data stored in EU data centres)
  • Google Analytics — anonymised site analytics, with your consent
  • Your previous accountant — to request handover of your records

All third-party processors are bound by Data Processing Agreements and are required to handle your data securely and in accordance with UK GDPR.

6. Data Retention

We retain your personal data only for as long as necessary:

  • Client records (tax and accounts): 6 years after the end of the tax year, as required by HMRC
  • AML/KYC identity records: 5 years after the end of the client relationship, as required by the Money Laundering Regulations 2017
  • ACSP verification records: 7 years, as required by the Economic Crime and Corporate Transparency Act 2023
  • Enquiry/contact data: 2 years from last contact if you did not become a client
  • Website analytics: 26 months (Google Analytics default)

7. Your Rights

Under UK GDPR you have the following rights:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — ask us to delete your data (subject to legal retention obligations)
  • Right to restrict processing — ask us to limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making — we do not make solely automated decisions that significantly affect you

To exercise any of these rights, please contact us at info@simpleledger.co.uk We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time.

8. Cookies

We use the following cookies on our website:

  • Essential cookies: Required for the website to function (e.g. form session state). These cannot be disabled.
  • Analytics cookies (Google Analytics): Used to understand how visitors use our site. Only set with your consent via our cookie banner.
  • reCAPTCHA: Google's fraud prevention service. Subject to Google's Privacy Policy.

You can withdraw your consent to analytics cookies at any time by clearing your browser cookies or contacting us.

9. Security

We take the security of your personal data seriously. Our measures include:

  • All data transmitted via HTTPS/TLS encryption
  • Database access restricted by Row-Level Security policies
  • Sensitive keys stored in encrypted environment variables, never in client-side code
  • Payment data handled exclusively by Stripe — we never store card details
  • Access to client data restricted to authorised staff only

10. International Data Transfers

Some of our third-party processors may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions, in line with UK GDPR requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page will reflect any changes. We will notify active clients of material changes by email.

12. Contact Us

For any privacy-related queries, to exercise your rights, or to make a complaint:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully.