Last updated: March 16, 2026
DoneLabs Ltd (Company No. 17056937) is the data controller for DoneTax+. Our registered address is 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. For any data-related enquiries, contact us at hello@donetaxplus.co.uk.
We collect identity data (name, email address), HMRC OAuth tokens stored using AES-256-GCM encryption, professional data (Agent Reference Number, practice name), client data (National Insurance Numbers, financial transactions submitted on their behalf), and standard usage and technical data generated when you use the platform.
Your data is used to provide the DoneTax+ service under contract, to fulfil HMRC MTD API submission obligations under legal requirement, to process billing via Stripe under contract, and to maintain security and prevent fraud under our legitimate interests.
UK law requires all MTD API calls to include fraud prevention headers. These include your IP address, browser fingerprint, and device identifiers. This data is transmitted to HMRC on every submission and cannot be disabled. It is a legal requirement of the MTD programme.
We share data only with the following processors: HMRC (for MTD submissions), Stripe (for billing), Vercel (for platform hosting), and Neon (for database storage). We never sell your data or share it with third parties for marketing purposes.
While your subscription is active, all data is retained. Following cancellation, your data is held for 30 days and then permanently deleted. Audit logs and HMRC submission records are retained for 7 years in line with legal requirements.
Under UK GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. To exercise any of these rights, contact hello@donetaxplus.co.uk. You may also lodge a complaint with the Information Commissioner at ico.org.uk.
DoneTax+ uses a single session cookie (donetaxplus_session) which is strictly necessary for the platform to function. We do not use advertising cookies, tracking cookies, or any third-party analytics cookies.
We will notify you of any material changes to this privacy policy by email or via an in-platform notice before the changes take effect.
hello@donetaxplus.co.uk · DoneLabs Ltd · 71-75 Shelton Street · Covent Garden · London · WC2H 9JQ · ICO Registration No. ICO-0001353294