Privacy Policy

We take your privacy very seriously. We only collect the information we need to operate the application and do not store anything we don't need to keep.

We store

  • Your email address, for use as a user ID. We will also use it to contact you if you request a password reset, or if we make changes to our privacy policy.
  • Your encrypted password, so that we can log you into the application.
  • Any HMRC authorisation tokens that you explicitly authorised us to use, so that we can interact with HMRC on your behalf using their published APIs.
  • The last VAT registration number you entered, to save you having to enter it every time you log in to the application.

If you would like to see, update or delete any of the above information, please contact us by email at hello@xlvat.com.

We share

  • We use third-party payment provider Stripe to process card transactions. If you make a payment to us, Stripe will use your name and credit card details for payment processing. We never see your card details.
  • We connect to HMRC to read and change your VAT account data. When you file a VAT return using XLVAT, we send its contents to HMRC. We do not store this information.
  • HMRC mandates that we provide to them various details about your connection, software and hardware, to enable them to detect fraud. We do not store this information.

For further details on the data collected by HMRC to help prevent fraud, see the Fraud Prevention page on HMRC's website.

We do not store

  • You or your business' name, address or payment details. These are used by our payment provider to authorise your card, but we do not store them.
  • Any of your business' accounting information. We don't store VAT returns. We don't know your business' turnover. We merely pass this information to HMRC when you file a return, and retrieve it from HMRC when you want to view it.
  • Any of the anti-fraud information that HMRC mandates we collect on their behalf.

Cookies

  • We do not use cookies at all until you log in to XLVAT. Just browsing this page? We're not using cookies.
  • We use a session cookie to track your session while you are using the application.
  • We use a long-lived cookie to assign an ID to your computer or device, as per our legal obligation under HMRC's anti-fraud legislation.
  • We do not use cookies for anything else, such as tracking your web browsing habits or targeted advertising.

Other stuff...

  • Papaver Software is registered with the Information Commissioner's Office as a Data Controller.
  • We do not, and will never, sell your email address for use in marketing or any other type of communications.