Last Updated: March 16, 2026
DoneLabs Ltd (Company No. 17056937) is the data controller. 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. Contact: hello@donetaxplus.co.uk
Identity data (name, email), HMRC OAuth tokens (AES-256-GCM encrypted), professional data (ARN, practice name), client data (NINO, financial transactions), usage and technical data
Providing the service (contract), HMRC API submissions (legal obligation), billing via Stripe (contract), security and fraud prevention (legitimate interests)
Required on all MTD API calls by law. Includes IP address, browser fingerprint, device identifiers. Cannot be disabled.
HMRC (submissions), Stripe (billing), Vercel (hosting), Neon (database). We never sell data.
Active subscription: data retained. Post-cancellation: 30 days then permanently deleted. Audit logs and submission records: 7 years (legal requirement).
Access, rectification, erasure, restriction, portability, objection. Contact hello@donetaxplus.co.uk. Complaints to ICO at ico.org.uk.
Single session cookie (donetaxplus_session). Strictly necessary only. No advertising or tracking cookies.
We will notify you of material changes by email or via the service.
hello@donetaxplus.co.uk · 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ