We work with external data security and cyber security experts who regularly perform penetration tests on our servers and undertake ISO27001 audits (as well as Cyber Essentials Plus testing) then advise us accordingly, which we implement.
We encrypt all data transferred between you, us and HMRC.
When you upload your data to us, we only read your summary figures HMRC needs. We do not use or store any of your underlying financial data.
We do not see or store any of your credit card details. For your annual licence payment, you are re-directed to Pay360 (owned by Capita), a banking facility that partners with WorldPay. Once payment is made, you are re-directed back to our website. WorldPay is the largest card payment facility provider in the UK.
We store very limited information about you. All historic filing data, future filing obligations listed, HMRC tax estimates, payments and liability information shown on our website all come from HMRC's server each time, we do not store these. We store: contact name, business name, e-mail address, National Insurance Number, VAT Number and your phone number.
The servers we use are kept in a secure UK-based data centre, controlled by the largest web hosting company in Europe. Our servers use enterprise level Microsoft operating systems and database software, as well as the latest anti-virus and anti-intrusion blocking software. The database and website is backed up daily. Remote server access is restricted to administrators having unique hand-held security devices. Remote server access security is provided by Cisco Systems, a company listed on the NASDAQ stock exchange.
So as you can see, we take very, very seriously your data security concerns.