iXBRL Tagging. HMRC & Companies House Compliant. iXBRL Tagging Cost Calculator
iXBRL Support Contact us
Mon–Fri 09:00–17:30
Try Now

Data Privacy & Protection

Your privacy matters. Learn how we protect your data with secure, transparent practices.

UK GDPR aligned privacy information for clients, finance teams, and filing contacts. Last updated: 20 June 2026.
Purpose limited

Client data is used to provide iXBRL, CT600, accounts filing, support, and required compliance records.

Secure handling

Financial documents are handled through controlled access, encryption, and retention controls.

UK GDPR rights

You can request access, correction, deletion, restriction, objection, and portability where applicable.

Privacy contact

Email [email protected] for privacy questions or formal data subject requests.

At Digital Reporting (UK), we protect your financial data through secure handling, limited access, and clear retention rules. We process your financial statements and company information to deliver iXBRL, UKSEF, ESG, CT600, and accounts filing services. We never sell your data or share it with third parties for their own marketing.

This privacy policy covers all information collected through our website, platform, and iXBRL services. It applies to your financial statements, company details, and personal data provided during onboarding, tagging, validation, and HMRC/Companies House filing.

We process personal data in line with UK GDPR and the Data Protection Act 2018. You have rights to access, correct, delete, restrict, object to, and port your personal data where those rights apply under UK law.

We retain financial data for 7 years from filing date (UK Companies Act requirement for accounting records). Personal data is retained during our service relationship plus 7 years for HMRC audit purposes. You can request deletion after statutory retention periods expire.

We will notify you of any material changes to our privacy policy via email and by posting updates on our website. We recommend reviewing our privacy policy periodically. Continued use of our services after changes indicates acceptance of the updated policy.

Contact [email protected] for privacy queries. We aim to respond promptly during business hours (Mon-Fri, 09:00-17:30 UK time) and provide full responses to formal data subject requests within the statutory timeframe required by UK GDPR.

Personal Data: Names, email addresses, phone numbers, job titles, and signatures of authorized signatories and finance decision-makers.

Company Data: Company registration numbers, legal entity names, business addresses, SIC codes, company structure, shareholding information, and registered office details.

Financial Data: Complete financial statements (balance sheets, profit & loss accounts, notes to accounts), tax computations, trial balances, bank statements, invoices, and supporting financial documentation you upload or provide for iXBRL tagging and filing.

Filing Data: HMRC Government Gateway credentials (via secure integration), Companies House filing history, filing deadlines, and submission references.

Usage Data: IP addresses, browser types, operating systems, pages visited, time spent on our platform, form submissions, file uploads, and interaction patterns (collected automatically via cookies and analytics).

Payment Data: Card details, billing addresses, and invoice records (processed securely via third-party payment processors—we don't store full card details).

Mandatory vs. Optional: All data necessary to deliver iXBRL tagging and HMRC/Companies House filing is mandatory. Optional data includes: marketing preferences, product feedback, and demographic information. Failure to provide mandatory data prevents service delivery. You can decline optional data collection without affecting core service functionality.

We collect: contact details (name, email, phone), company information (registration number, address, SIC codes), financial statements (for iXBRL tagging), filing deadlines, and authorized signatory details. We only collect data essential for HMRC and Companies House compliance filing.

We collect data through: website forms, secure file uploads (PDF/Excel financial statements), platform account registration, HMRC Government Gateway integration, Companies House API, and direct client communications. We use cookies for session management and analytics.

Your financial statements contain sensitive business data. We process this under strict controls: encryption in transit and at rest, access limited to authorized tagging specialists, audit logging, and retention rules. We do not use client documents for model training unless you explicitly agree.

Yes, you have control over your data collection. You can opt out of non-essential data collection, manage cookie preferences, and specify what information you're comfortable sharing. We will always respect your data preferences and boundaries.

We use essential cookies for website functionality and may use analytics cookies to understand user behavior and improve our services. You can manage cookie preferences through your browser settings and any cookie controls provided on the website.

After HMRC/Companies House filing, we retain iXBRL files and submission confirmations for 7 years (UK statutory requirement). Source financial statements can be deleted upon request after successful filing. All data is archived in encrypted, access-controlled storage.

We use your data to: convert financial statements to iXBRL format, validate against HMRC/FRC taxonomies, submit filings to Companies House and HMRC, provide compliance support, and maintain filing history. All processing is for direct service delivery—no marketing or third-party sales.

We share data only where needed for service delivery, including with HMRC for CT600 filing, Companies House for statutory accounts, secure infrastructure providers, and payment processors. Service providers are expected to process data under appropriate contractual and data protection safeguards.

You can opt out of marketing emails anytime via unsubscribe links or by contacting [email protected]. Opting out doesn't affect essential service communications (filing confirmations, deadline reminders, HMRC/Companies House updates, invoice notifications).

We process data under: contractual necessity (to deliver iXBRL services), legal obligation (UK Companies Act, HMRC regulations), and legitimate interests (service improvement). For marketing, we require explicit consent. All processing complies with UK GDPR and DPA 2018.

We may use automated analysis to improve our services and provide personalized recommendations, but we don't make significant automated decisions about individuals without human oversight. You have the right to request human review of any automated decisions that affect you.

Yes, you can opt out of non-essential data uses including marketing communications, analytics, and certain data processing activities. However, opting out of essential data processing may limit our ability to provide some services. We'll clearly explain any limitations.

We use encryption and access controls to protect data in transit and at rest. Financial statements are handled through controlled systems from upload through processing and filing support.

In the event of a data breach, we notify affected clients within 24 hours and the ICO within 72 hours (UK GDPR requirement). We provide detailed breach information, mitigation steps, and support. Our incident response team contains breaches immediately and conducts forensic analysis.

Where possible, client financial data is stored in UK-based or UK/EU compliant infrastructure. Access is restricted to authorized personnel and controlled through security, monitoring, and backup procedures.

We maintain documented information security controls for financial data handling, including controlled access, secure infrastructure, audit logging, and periodic security review. Any formal certifications should be confirmed in writing before they are relied on for procurement or vendor due diligence.

Data transmission uses encrypted connections and secure authentication methods appropriate to the service being used. Access to filing and support systems is limited to authorized users and controlled by role.

Access to financial data is restricted to authorized iXBRL tagging specialists and quality reviewers only. We use role-based access controls (RBAC), multi-factor authentication, and activity logging. All employees sign NDAs and undergo background checks. Access is revoked immediately upon role changes.

Under UK GDPR, you have rights to: access your data, correct inaccuracies, delete data (after retention periods), port data to other providers, restrict processing, object to processing, and withdraw consent. Contact [email protected] to exercise your rights.

Request your data by emailing [email protected] with subject "Data Subject Access Request". We'll verify your identity and provide a comprehensive report within 30 days (UK GDPR standard), including: contact details, company information, filing history, and stored financial documents.

Yes, you have the right to request deletion of your personal data ("right to be forgotten"). We'll process deletion requests within 30 days, though some data may be retained for legal compliance. We'll notify you if any data cannot be deleted and explain why.

You can request corrections to your personal data by contacting our support team. We'll verify and update inaccurate information within the required timeframe. For some corrections, we may need additional verification to ensure data integrity.

Yes, you have the right to data portability. We provide your data in machine-readable formats (JSON, CSV, XML) so you can transfer it to other services. This includes all personal data you've provided and data generated through your use of our services.

Contact [email protected] first to resolve concerns. If unsatisfied, you have the right to complain to the ICO (Information Commissioner's Office) at ico.org.uk or call 0303 123 1113. The ICO is the UK supervisory authority for data protection.

Email [email protected]. We aim to respond promptly during business hours (Mon-Fri, 09:00-17:30 UK time). For formal data subject requests, we provide full responses within the statutory timeframe required by UK GDPR.

Privacy policy updates are posted on our website at digitalreporting.uk/privacy-policy. We may also email active clients about material changes where appropriate.

Privacy support is available Monday-Friday, 09:00-17:30 UK time. Email inquiries are reviewed during business hours, with formal requests handled within the statutory timeframe required by UK GDPR.

Where required for client projects, we can provide practical guidance on secure document handling, GDPR-aware filing workflows, and privacy-by-design principles for finance and compliance teams.

Report privacy concerns to [email protected] with subject "Privacy Concern". We review privacy reports promptly. If you are not satisfied with our response, you have the right to raise the matter with the ICO at ico.org.uk.

Digital Reporting (UK) processes personal data under UK GDPR and the Data Protection Act 2018. ICO registration details, where applicable, can be provided during onboarding or vendor due diligence.

30-minute response guarantee during business hours

Get iXBRL Done Right

Fixed pricing. Expert support. Fast delivery.

We deliver three solutions: iXBRL filing, UKSEF compliance, and ESG reporting. Ready for 2027 mandatory software filing. Our team responds to your questions within 30 minutes during business hours (Mon–Fri, 09:00–17:30).

40–60% lower cost. 30-minute support response. 48-hour delivery.

Your information is secure. We'll use it only to contact you about your digital reporting query. No spam, ever.