Privacy Policy
Last updated: 22 February 2026
This privacy policy explains how LifetimeTax ("we", "us", "our"), operated by Perihelion Limited, collects, uses, stores, and protects your personal data when you use our website at lifetimetax.co.uk (the "Service").
1. Data Controller
The data controller responsible for your personal data is:
- Company: Perihelion Limited
- Address: 35 Coppice Avenue, Great Shelford, Cambridge, CB22 5AQ, United Kingdom
- Contact: Will Jones — will@perihelion.limited
2. What Data We Collect
We collect the following categories of personal data:
2.1 Account Data
- Email address (used to create your account)
- Password (hashed and salted, never stored in plaintext)
2.2 HMRC Tax Data
When you connect your HMRC account via Government Gateway, we retrieve:
- Income tax paid per tax year
- National Insurance contributions (Class 1, 2, and 4)
- Employment history and employer details
- Self-assessment returns and tax calculations
- Student loan repayment amounts (where available)
- Total earnings per tax year
Important: We never see, store, or have access to your Government Gateway username or password. Authentication is handled entirely by HMRC through their secure OAuth 2.0 flow. You log in directly on HMRC's website and grant us permission to read specific data only.
2.3 Payment Data
- Stripe payment reference (we do not store your card number, expiry, or CVV)
- Whether you have purchased premium access
2.4 Fraud Prevention Data (Required by HMRC)
HMRC legally requires us to collect and transmit the following with each API call:
- Your IP address and port
- Browser user agent string
- Device identifier (a randomly generated UUID stored in a cookie)
- Screen resolution and window size
- Timezone
This data is sent directly to HMRC as part of their fraud prevention requirements and is not used by us for any other purpose.
2.5 Analytics Data
- Page views, click events, and feature usage (via PostHog)
- This data is anonymised and only collected with your consent
3. How We Use Your Data
| Purpose | Lawful Basis (GDPR) |
|---|---|
| Calculate your lifetime tax total and generate your tax receipt | Contract performance (Art. 6(1)(b)) |
| Store your tax data so you don't need to reconnect HMRC each visit | Contract performance (Art. 6(1)(b)) |
| Process premium payments via Stripe | Contract performance (Art. 6(1)(b)) |
| Generate shareable cards (containing only aggregated totals, no personal identifiers) | Contract performance (Art. 6(1)(b)) |
| Submit fraud prevention headers to HMRC | Legal obligation (Art. 6(1)(c)) |
| Analyse usage to improve the Service | Consent (Art. 6(1)(a)) |
4. Data Storage & Security
4.1 Encryption
We take the security of your data seriously:
- HMRC access and refresh tokens: Encrypted at rest using AES-256-GCM
- National Insurance Number (NINO): Encrypted at rest using AES-256-GCM
- Raw HMRC API responses: Encrypted at rest using AES-256-GCM
- Calculated totals: Stored as plaintext (these are aggregated figures, not personally identifiable)
- All data in transit: Protected by TLS 1.2 or higher
Encryption keys are stored separately from the database and are never committed to source code.
4.2 Infrastructure
- Hosting: Railway (application hosting)
- Database: Supabase (PostgreSQL with Row Level Security)
- Payments: Stripe (PCI DSS Level 1 compliant)
- DNS & Domain: Cloudflare
4.3 Access Controls
- Row Level Security (RLS) ensures users can only access their own data
- API routes always derive user identity from authenticated sessions, never from client-supplied parameters
- Service keys and secrets are stored in environment variables, never in source code
5. Data Sharing
We share your personal data with the following third parties, only as necessary to provide the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| HMRC | Retrieve your tax data & submit fraud prevention headers | OAuth tokens, fraud prevention metadata |
| Supabase | Database hosting | All stored data (encrypted where noted) |
| Stripe | Payment processing | Email, payment amount |
| PostHog | Analytics (with consent only) | Anonymised usage events |
| Railway | Application hosting | Server logs (IP addresses, request metadata) |
We do not sell your personal data to any third party. We do not share your data for marketing purposes.
6. Share Cards & Public Data
When you generate a shareable "tax receipt" card, only aggregated totals are included (e.g., "Total lifetime tax: £287,000"). Share cards contain no personally identifiable information — no name, NINO, employer details, or individual tax year data.
Share card URLs are publicly accessible. Once shared, the aggregated data on the card cannot be traced back to your identity without access to our database.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| HMRC tax data | Until you delete your account or request deletion |
| HMRC access tokens | 4 hours (expires automatically) |
| HMRC refresh tokens | 18 months maximum (HMRC-imposed expiry) |
| Payment records | 6 years (UK tax and accounting requirements) |
| Analytics data | 12 months |
8. Cookies
| Cookie | Purpose | Type |
|---|---|---|
| Session cookie | Maintain your logged-in session | Strictly necessary |
| Device ID | HMRC fraud prevention (legally required) | Strictly necessary |
| Analytics cookies | PostHog usage tracking | Consent required |
You can manage cookie preferences at any time through the cookie consent banner. Strictly necessary cookies cannot be disabled as they are required for the Service to function.
9. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of all personal data we hold about you. Use the data export feature in your account settings, or contact us by email.
- Right to rectification (Art. 16): Request correction of inaccurate personal data. Since tax data comes directly from HMRC, corrections to tax figures should be made with HMRC directly.
- Right to erasure (Art. 17): Request deletion of your account and all associated data. Use the account deletion feature in your settings, or contact us by email. Deletion is permanent and cascading — all tax data, tokens, calculations, and share cards will be removed.
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format (JSON). Available via the data export feature.
- Right to restriction of processing (Art. 18): Request that we limit how we process your data in certain circumstances.
- Right to object (Art. 21): Object to processing based on legitimate interests (e.g., analytics).
- Right to withdraw consent: Where processing is based on consent (e.g., analytics cookies), you may withdraw consent at any time.
To exercise any of these rights, contact us at will@perihelion.limited. We will respond within 30 days as required by UK GDPR.
10. Data Export & Account Deletion
We provide self-service tools for data management:
- Data export: Download all your data as a JSON file from your account settings
- Account deletion: Permanently delete your account and all associated data from your account settings
Account deletion is immediate and irreversible. All data including HMRC tokens, tax records, calculations, and share cards are permanently removed from our systems. HMRC OAuth access is revoked.
11. Children's Privacy
The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it immediately.
12. International Data Transfers
Your data may be processed by our third-party providers in jurisdictions outside the UK. Where this occurs, we ensure appropriate safeguards are in place:
- Supabase: Data stored in EU region (AWS eu-west-1)
- Stripe: Certified under UK-US Data Bridge and EU-US Data Privacy Framework
- PostHog: EU hosting available; Standard Contractual Clauses in place
- Railway: US-based hosting with Standard Contractual Clauses
13. Security Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach
- Notify HMRC at SDSTeam@hmrc.gov.uk within 72 hours
- Notify affected users without undue delay where the breach is likely to result in a high risk to rights and freedoms
- Document the breach, its effects, and remedial actions taken
14. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes affecting how we process your data, we will notify you by email.
15. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We encourage you to contact us first at will@perihelion.limited so we can try to resolve your concern directly.
© 2026 Perihelion Limited. Company registered in England and Wales.