Sign In Get Started

Privacy Policy

Last updated: 27 March 2026

1. Who we are

Company Filing Service is operated by Redstone Technology Ltd, a company registered in England and Wales (Company No. to be inserted). Our registered address is [address to be inserted].

We are the data controller for the personal data we process in connection with this service. If you have any questions about this policy or your data, please contact us at [email protected].

2. What data we collect

We collect the following categories of personal data when you use our service:

  • Account information: your name, email address and password when you register.
  • Company data: your company name, registration number, UTR, VAT registration number and accounting period details necessary to prepare and file your accounts.
  • Financial data: profit and loss figures, balance sheet items and other accounting data you upload or import.
  • Payment information: billing details processed securely via Stripe. We do not store full card numbers; Stripe is our payment processor and holds card data under their own PCI-DSS compliant systems.
  • Usage data: IP address, browser type, pages visited, and actions taken within the service, collected via server logs and analytics.
  • Communications: emails or support messages you send us.

3. How we use your data

We process your personal data for the following purposes:

  • Providing the service (contract performance): preparing iXBRL accounts, CT600 corporation tax returns, and submitting them to HMRC and Companies House on your behalf.
  • Account management (contract performance): creating and maintaining your account, authenticating you, and providing customer support.
  • Payments (contract performance): processing your filing fee via Stripe.
  • Legal compliance (legal obligation): retaining records as required by UK law, including HMRC requirements.
  • Service improvement (legitimate interests): analysing usage patterns to improve the product, fix bugs, and add new features.
  • Security (legitimate interests): detecting and preventing fraud, abuse and unauthorised access.
  • Marketing (consent): sending you service updates or promotional communications, only where you have given explicit consent. You may withdraw consent at any time.

4. Legal basis for processing

Under UK GDPR, we rely on the following lawful bases: contract performance (Articles 6(1)(b)), legal obligation (Article 6(1)(c)), legitimate interests (Article 6(1)(f)), and consent (Article 6(1)(a)) as described above.

5. Data sharing

We share your personal data only where necessary:

  • HMRC and Companies House: your company and financial data is submitted to these government bodies as part of the filing service you have requested.
  • Stripe: payment processing. See Stripe's privacy policy.
  • Amazon Web Services (AWS): our cloud infrastructure provider. Data is stored in the eu-west-2 (London) region.
  • Accounting integrations: if you connect Xero or QuickBooks, we access only the accounting data you authorise.
  • Professional advisers: accountants, lawyers or auditors bound by confidentiality obligations, where required.

We do not sell your personal data to third parties and do not share it for third-party marketing purposes.

6. Data transfers outside the UK

Your data is stored on AWS infrastructure in the UK (eu-west-2 London region). Some of our third-party processors (e.g. Stripe) may process data in the US. Where data is transferred outside the UK, we ensure adequate safeguards are in place under UK GDPR, including Standard Contractual Clauses where applicable.

7. Data retention

We retain your account data for as long as your account is active and for up to 7 years thereafter, in line with HMRC record-keeping requirements for UK companies. Financial and filing records are retained for 7 years from the date of filing, as required by law. You may request deletion of your account at any time; we will delete personal data not subject to legal retention requirements within 30 days.

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you (Subject Access Request).
  • Rectification of inaccurate or incomplete data.
  • Erasure ("right to be forgotten") subject to legal retention obligations.
  • Restriction of processing in certain circumstances.
  • Data portability — to receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please email [email protected]. We will respond within one month. If you are dissatisfied with our response you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We use industry-standard measures to protect your data, including TLS encryption in transit, AES-256 encryption at rest, AWS KMS key management, and role-based access controls. We conduct periodic security reviews and penetration testing. In the event of a personal data breach we will notify the ICO within 72 hours and affected users as required by UK GDPR.

10. Cookies

We use essential cookies necessary to operate the service (session management, CSRF protection). We do not use tracking or advertising cookies. If we introduce optional analytics cookies in future we will request your consent first.

11. Children

Our service is intended for company directors and is not directed at individuals under 18. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email to registered users or prominently on our website. The "last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

For any privacy-related queries, please contact:
Redstone Technology Ltd
Email: [email protected]