← Back to TaxPigeon

Privacy Policy

Last updated: April 2025

What we collect

We collect your WhatsApp number, name, UTR, receipt images, and the income and expense amounts you log. HMRC OAuth tokens are stored if you authorise HMRC filing.

How we use it

Your data is used only to provide TaxPigeon: categorising receipts, summarising records, and preparing MTD submissions. We do not sell your data or use it for advertising.

Where it's stored

Data is stored on encrypted AWS servers in London (eu-west-2). Receipt images are encrypted at rest with AES-256. Data is retained while your account is active and for up to 30 days after deletion.

Third parties

  • Twilio — delivers WhatsApp messages
  • Anthropic — AI receipt analysis (images sent for processing)
  • AWS — cloud hosting and encrypted storage
  • HMRC — quarterly MTD submissions (only with your authorisation)

Your rights

Under UK GDPR you can request access to, correction of, or deletion of your data. Delete your account from the dashboard (all data removed within 30 days) or message us on WhatsApp.