Data Retention Policy

Last updated: November 2025

DATA RETENTION POLICY

Overview

MTDify is committed to retaining your data only for as long as necessary to provide our services and comply with legal obligations under UK law, including HMRC Making Tax Digital requirements.

Data We Retain

We retain the following categories of data:

  • Account Information: Name, email address, phone number, UTR, National Insurance Number
  • Financial Records: Income entries, expense entries, invoices, receipts
  • Business Information: Business entity details, VAT registration information
  • System Data: Login history, account activity logs, verification records

Retention Periods

Data Type Retention Period Legal Basis
Financial records (income/expenses) 6 years from end of tax year HMRC record-keeping requirements (TMA 1970)
Uploaded receipts and invoices 6 years from end of tax year HMRC record-keeping requirements
User account information Duration of active account + 30 days after deletion Legitimate business interest
Login and security logs 12 months Security and fraud prevention
Email communications 3 years Business records
Deleted account records 30 days (backup retention) System backup procedures

Why We Retain Data

We retain your data to:

  • Fulfill our contract to provide Making Tax Digital services
  • Comply with HMRC record-keeping requirements (minimum 6 years for financial records)
  • Comply with UK tax law and regulatory obligations
  • Prevent fraud and ensure platform security
  • Respond to legal requests and enforce our terms

HMRC Record-Keeping Requirements

Under UK tax law, sole traders must keep business records for at least 5 years after the 31 January submission deadline of the relevant tax year. In practice, this means approximately 6 years from the end of the tax year.

For example, records for the 2023/24 tax year (ending 5 April 2024) must be kept until at least 31 January 2030.

MTDify automatically retains your financial records to help you comply with these legal requirements.

Account Deletion

When you delete your MTDify account:

  • Your account is immediately deactivated and you can no longer access it
  • All personal and financial data is immediately and permanently deleted 
  • Some data may be retained in encrypted backups for up to 30 days, after which it is permanently removed
  • We may retain anonymised, aggregated data for statistical purposes

Important: Once deleted, your data cannot be recovered. Please ensure you have downloaded or exported any records you need before deletion.

Data You Can Delete Yourself

You have the right to delete:

  • Individual income or expense entries (unless submitted to HMRC)
  • Uploaded receipts and documents
  • Business entity records
  • Your entire account and all associated data

Data We Cannot Delete

We may be legally required to retain certain data even after account deletion for:

  • Legal proceedings or investigations
  • Regulatory compliance and audits
  • Fraud prevention and security purposes
  • HMRC inquiries into submitted tax returns

In such cases, we will only retain the minimum data necessary and only for as long as legally required.

Automatic Data Deletion

We automatically delete:

  • Unverified accounts: Deleted after 30 days if email not verified
  • Inactive accounts: Warning sent after 24 months of inactivity; account deleted 30 days after warning if no response
  • Expired trial accounts: Data retained for 90 days after trial expiry, then deleted if no subscription activated
  • Backup data: Deleted according to backup rotation schedule (maximum 30 days)

Your Rights

Under UK GDPR, you have the right to:

  • Access your data (download a copy)
  • Rectify incorrect data (update your account settings)
  • Erase your data (delete your account)
  • Restrict processing of your data
  • Object to certain data processing
  • Data portability (export your data in a standard format)

To exercise these rights, contact us at support@mtdify.uk or use the account deletion feature in your Account Settings.

Changes to This Policy

We may update this policy to reflect changes in legal requirements or our practices. We will notify you of significant changes via email or through the platform.

Contact Us

For questions about data retention or to exercise your rights: Email: support@mtdify.uk