Last updated: 25 January 2026
Effective date: 25 January 2026
Summary: ByteLogic Accounting helps UK Ltd company directors manage accounts, payroll, and HMRC compliance. We process your financial data to provide these services and submit information to HMRC on your behalf. We never sell your data.
1. Who We Are
| Company Name | ByteLogic Ltd |
| Company Number | 15073068 |
| Registered Address | England & Wales |
| Data Protection Contact | edward@bytelogic.ltd |
ByteLogic Ltd is the data controller for the personal data processed through ByteLogic Accounting.
2. Data We Collect
Account Information
- Email address
- Full name
- Password (stored encrypted with bcrypt)
Business Information
- Company name and registration number
- VAT registration number
- PAYE reference
- Bank account details (for reconciliation)
Employee/Payroll Data
- Employee names and addresses
- National Insurance numbers
- Salary and tax information
- Pension contributions
Financial Transactions
- Bank transactions (imported from connected accounts)
- Invoices and payments
- Expense records
3. How We Use Your Data
| Purpose |
Lawful Basis |
| Providing accounting services |
Contract performance |
| Submitting VAT returns to HMRC |
Legal obligation / Contract |
| Payroll processing and RTI submission |
Legal obligation / Contract |
| Generating financial reports |
Contract performance |
| Account security and fraud prevention |
Legitimate interest |
| Service communications |
Contract performance |
4. HMRC Data Sharing
When you authorise ByteLogic Accounting to connect with HMRC, we:
- Use OAuth 2.0 authentication - we never see or store your HMRC login credentials
- Submit VAT returns on your behalf
- Submit payroll information (FPS/EPS) on your behalf
- Send fraud prevention headers as required by HMRC regulations
You can revoke this access at any time through your HMRC online account.
5. Data Security
- Encryption at rest: All sensitive data is encrypted using AES-256
- Encryption in transit: All connections use TLS 1.2 or higher
- Password security: Passwords are hashed using bcrypt with salt
- Access control: Role-based permissions limit data access
- Audit logging: All significant actions are logged
6. Data Retention
- Account data: Retained while your account is active, deleted within 30 days of account closure
- Financial records: Retained for 7 years as required by UK tax law
- Payroll records: Retained for 6 years after the tax year they relate to
- Audit logs: Retained for 2 years
7. Your Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data (subject to legal retention requirements)
- Restrict processing
- Data portability - export your data in a standard format
- Object to processing based on legitimate interest
- Complain to the ICO if you're not satisfied
To exercise these rights, email edward@bytelogic.ltd.
8. Third-Party Services
We may use the following third-party services:
- Stripe: Payment processing (they have their own privacy policy)
- Cloud hosting: UK/EU data centres with appropriate safeguards
- Bank APIs: Wise, Monzo, Revolut for transaction import (read-only access)
9. Cookies
We use minimal cookies:
- Session cookies: Essential for keeping you logged in
- Preference cookies: Remember your settings
We do not use third-party tracking or advertising cookies.
10. Changes to This Policy
We may update this policy and will notify you of significant changes via email. The "Last updated" date at the top indicates when it was last revised.
11. Contact Us
For privacy-related questions: