Privacy Policy

Last updated: 3 March 2026

1. Who We Are

Countee Ltd ("we", "us", "our") is an online accounting platform for UK businesses, providing bookkeeping, invoicing, and HMRC Making Tax Digital (MTD) VAT filing services. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Countee Ltd is registered with the Information Commissioner's Office (ICO) as a data controller. ICO Registration Reference: ZC101201. Registration expires: 2 March 2027.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, password (hashed).
  • Organisation data: business name, address, company number, VAT registration number (VRN).
  • Financial data: invoices, bills, expenses, bank transactions, journal entries, and VAT returns that you enter into the platform.
  • HMRC authorisation data: OAuth access tokens issued by HMRC to allow us to submit VAT returns on your behalf via Making Tax Digital. We do not store your HMRC Government Gateway username or password.
  • Technical data: IP address, browser type, device identifiers, and usage logs collected automatically when you use the service.

3. How We Use Your Data

  • To provide and operate the Countee accounting service.
  • To submit VAT returns to HMRC on your behalf via the MTD VAT API, using the authorisation you grant during the OAuth connection flow.
  • To send transactional emails (account creation, password reset, submission confirmations).
  • To comply with our legal obligations, including fraud prevention requirements mandated by HMRC for MTD software.
  • To improve and secure the platform (aggregated, anonymised analytics only).

4. Legal Basis for Processing

  • Contract: processing your account data and financial records is necessary to perform the service you signed up for.
  • Legal obligation: fraud prevention headers sent to HMRC are required by law for MTD-enabled software.
  • Legitimate interests: security monitoring, abuse prevention, and service improvement.

5. Data Sharing

We do not sell your personal data. We share data only where necessary:

  • HMRC: VAT return data and mandatory fraud prevention headers are transmitted to HMRC when you initiate a submission.
  • Hosting providers: your data is stored on servers located in the United Kingdom / European Economic Area.
  • Legal requirements: we may disclose data if required by law or to protect the rights and safety of users.

6. Data Retention

We retain your account and financial data for as long as your account is active, and for up to 7 years after account closure to comply with UK tax record-keeping requirements. HMRC OAuth tokens are deleted immediately upon disconnection.

7. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (subject to legal retention obligations).
  • Object to or restrict certain processing.
  • Data portability – receive your data in a machine-readable format.
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk (our registration reference: ZC101201).

8. Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, and access controls. Financial data and OAuth tokens are stored encrypted at rest.

9. Cookies

We use strictly necessary session cookies to keep you logged in and to protect against cross-site request forgery. We do not use advertising or third-party tracking cookies.

10. Contact

For any privacy-related questions or to exercise your rights, please contact us at privacy@countee.ai.