Skip to main content
E2E Compliance

Privacy Policy

Last updated: 26 February 2026

1. Who We Are

E2E Compliance is an AI-powered UK Self-Assessment, Corporation Tax, and Making Tax Digital filing platform. We help individuals and companies file their tax returns accurately and efficiently. We are not affiliated with HMRC or any accounting firm.

2. What Data We Collect

  • Account information: email address, name, profile photo (from Google sign-in)
  • Tax-related data: income figures, employment details, tax reliefs, National Insurance number, UTR
  • Company data: company name, registration number, registered address, financial data (for CT600 filing)
  • Profile information: date of birth, address, postcode, country of residence, marital status
  • Uploaded documents: P60s, P45s, invoices, receipts, bank statements (PDF/images, max 5MB)
  • Usage data: pages visited, features used, error logs (via Sentry)

3. Lawful Basis for Processing

We process your personal data under the following UK GDPR lawful bases:

  • Contract performance (Article 6(1)(b)): Processing your tax data, calculating your liability, generating returns, and submitting to HMRC is necessary to provide the filing service you signed up for.
  • Legitimate interest (Article 6(1)(f)): AI-powered return review, smart section guidance, and consultant briefing improve accuracy and user experience. We have assessed that these interests do not override your rights.
  • Consent (Article 6(1)(a)): Analytics cookies and marketing communications are only enabled with your explicit opt-in consent. You can withdraw consent at any time via the cookie settings or by contacting us.
  • Legal obligation (Article 6(1)(c)): We retain tax return data for up to 7 years as required by HMRC record-keeping rules.

4. How We Use Your Data

  • To calculate your tax liability accurately using our deterministic tax engine
  • To generate your Self-Assessment or CT600 tax return PDF
  • To submit quarterly updates and final declarations to HMRC via Making Tax Digital
  • To provide AI-powered tax guidance and return review (via Google Gemini)
  • To enable expert review of your return by qualified consultants (if requested)
  • To send transactional emails (confirmations, reminders, review notifications)
  • To improve our service through anonymised analytics (with your consent)

5. How We Store Your Data

Your data is stored securely in Google Cloud (Firebase Firestore) in the UK (europe-west2, London region). Sensitive fields such as your National Insurance number and UTR are encrypted using AES-256-GCM before being written to the database. HMRC OAuth tokens are separately encrypted with AES-256-GCM. All data is transmitted over HTTPS with TLS encryption.

6. AI Processing

We use Google Gemini AI to provide tax guidance, review returns, and answer questions. When you use our AI features, relevant context from your return is sent to Google's servers for processing. We minimise the data sent — only the context needed for your specific request. Tax calculations are always performed by our deterministic engine, never by AI. AI processing is carried out under our legitimate interest in improving filing accuracy.

7. Cookies

We use three categories of cookies:

  • Essential cookies: Required for authentication, security, and core functionality. Cannot be disabled.
  • Analytics cookies: Help us understand how you use the service so we can improve it. Only enabled with your consent.
  • Marketing cookies: Used for relevant advertising and measuring campaign effectiveness. Only enabled with your consent.

You can manage your cookie preferences at any time using the cookie settings banner at the bottom of the page.

8. Data Retention

We retain your tax return data for 7 years from the date of submission, in line with HMRC record-keeping requirements. You may request earlier deletion, though we recommend retaining records for at least 22 months after the end of the tax year. Account data is deleted within 30 days of account deletion.

9. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

  • Access: request a copy of all data we hold about you
  • Rectification: correct inaccurate personal data
  • Erasure: request deletion of your data ("right to be forgotten")
  • Portability: receive your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interest
  • Withdraw consent: withdraw consent for analytics/marketing cookies at any time

To exercise any of these rights, contact us at privacy@e2ecomply.com. We will respond within 30 days.

10. Third Parties

We share data with the following processors:

  • Google Firebase: authentication, database, storage, hosting (UK region)
  • Google Gemini: AI chat responses and return analysis
  • HMRC: tax return submission via Making Tax Digital APIs (with your authorisation)
  • Companies House: company information lookup
  • Stripe: payment processing for expert review
  • Resend: transactional email delivery
  • Sentry: error monitoring (PII redacted)

We do not sell your data or share it with any third party for marketing purposes.

11. International Transfers

Your tax data is stored in the UK (Google Cloud europe-west2, London). Some processing (AI features, error monitoring) may involve transfers to countries outside the UK. Where this occurs, we rely on appropriate safeguards such as Standard Contractual Clauses and the UK International Data Transfer Agreement.

12. Contact Us

For privacy-related queries, email us at privacy@e2ecomply.com.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.