Privacy Policy - Tax Radar

1. Introduction

This Privacy Policy explains how TresAI Limited ("we", "us", "our") collects, uses, stores, and protects your personal data when you use Tax Radar and our related services.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: TresAI Limited, a company registered in England and Wales (Company No. 15944206). Registered office: [REGISTERED OFFICE ADDRESS]

2. Information We Collect

2.1 Information you provide to us

Account information: Name, email address, company name, job title, and contact details when you register for our services
Financial data: Tax records, invoices, receipts, management accounts, and other financial documents you upload for analysis
Communications: Information you provide when you contact us, including enquiries and feedback

2.2 Information collected automatically

Usage data: How you interact with our platform, features used, and actions taken
Technical data: IP address, browser type, device information, and operating system
Log data: Access times, pages viewed, and system activity for security and troubleshooting

2.3 Information from third parties

Where you connect third-party services (such as accounting software), we may receive data from those services in accordance with your authorisation.

3. How We Use Your Information

We use your personal data for the following purposes:

Purpose	Legal Basis
Providing our tax compliance analysis services	Performance of contract
Creating and managing your account	Performance of contract
Processing financial documents for risk analysis	Performance of contract
Communicating with you about our services	Performance of contract / Legitimate interests
Improving and developing our platform	Legitimate interests
Ensuring security and preventing fraud	Legitimate interests / Legal obligation
Complying with legal and regulatory requirements	Legal obligation
Marketing communications (with your consent)	Consent

4. Data Sharing

4.1 Who we share data with

We may share your personal data with:

Service providers: Cloud hosting (AWS), payment processors, and other third parties who assist in operating our platform, all bound by data processing agreements
Professional advisers: Lawyers, accountants, and auditors where necessary
Regulatory authorities: Where required by law or to protect our legal rights

4.2 What we do not do

We do not sell your personal data. We may use or share anonymised, aggregated data that cannot be used to identify any individual. Such anonymised data is not personal data and falls outside the scope of data protection legislation.

5. Data Retention

We retain personal data only for as long as necessary for the purposes set out in this policy:

Data Type	Retention Period	Reason
Tax analysis records	7 years	Aligned with HMRC enquiry window plus buffer
AML/KYC records	5 years	Money Laundering Regulations 2017
User account data	Account life + 2 years	Limitation period for contractual claims
Audit logs	7 years	Security and accountability
Marketing preferences	Until withdrawal	Respecting your choices

When the retention period expires, we securely delete or anonymise personal data so that it can no longer be linked to any individual.

6. Data Security

We implement comprehensive technical and organisational measures to protect your personal data:

Encryption: AES-256 encryption at rest and TLS 1.3 encryption in transit
Access controls: Multi-factor authentication and role-based access
Infrastructure: UK-based AWS data centres (London eu-west-2)
Monitoring: Intrusion detection and continuous security monitoring
Testing: Regular penetration testing and vulnerability assessments

For more information, see our Security page.

7. International Transfers

Your personal data is stored and processed within the United Kingdom. We do not transfer personal data outside the UK unless required to do so and appropriate safeguards are in place in accordance with UK GDPR.

8. Your Rights

Under UK GDPR, you have the following rights:

Right of access: Request a copy of the personal data we hold about you
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure: Request deletion of your personal data in certain circumstances
Right to restrict processing: Request limitation of how we use your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests or for direct marketing
Rights related to automated decision-making: Not be subject to decisions based solely on automated processing

To exercise any of these rights, please contact us using the details below. We will respond within one month, though this may be extended by a further two months for complex requests.

9. Cookies

Our website uses cookies and similar technologies to enhance your experience, analyse usage, and assist with our marketing efforts. Essential cookies are necessary for the website to function and cannot be disabled. You can manage your preferences for non-essential cookies through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email or through a prominent notice on our platform before the changes take effect.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: [EMAIL ADDRESS]
Post: Data Protection Officer, TresAI Limited, [REGISTERED OFFICE ADDRESS]

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first.