Privacy Policy

Privacy Policy

This Privacy Policy explains how ForwardifyMtd collects, uses, stores and protects personal data when you use our invoicing and Making Tax Digital VAT application.

Last updated: 08/06/2026

1. Who we are

Accusolve Accountants Limited is the provider of ForwardifyMtd, an online invoicing, accounting-support and Making Tax Digital VAT submission application.

Company name
Accusolve Accountants Limited
Company number
16705058
Registered office
38B Monahan Avenue, Purley, CR8 3BA
Website
https://invoicing.accusolveaccountants.com/
Email
mail@accusolveaccountants.com
Telephone
0203 092 6909

In this Privacy Policy, “we”, “us” and “our” means Accusolve Accountants Limited. “You” and “your” means the person, business, organisation or authorised user using ForwardifyMtd.

2. What this Privacy Policy covers

This Privacy Policy explains how we collect, use, store and share personal data when you:

  • visit our website;
  • create an account;
  • use our invoicing software;
  • connect the application to HMRC Making Tax Digital VAT services;
  • send invoices or emails through the application;
  • contact us for support;
  • subscribe to updates or marketing communications.

It also explains your rights under UK data protection law.

3. Our role: controller and processor

Depending on the data and the purpose, we may act as either a data controller or a data processor.

Where we are a controller

We are normally the data controller for personal data we use for:

  • user account creation;
  • billing and subscription management;
  • identity, login and security checks;
  • support requests;
  • fraud prevention and system monitoring;
  • marketing communications;
  • website analytics;
  • legal and regulatory compliance.

Where we are a processor

Where you enter, upload or generate data relating to your customers, suppliers, invoices, VAT records or business transactions, you are usually the data controller and we act as your processor.

This means you are responsible for making sure you have a lawful basis for entering that data into the application, and we process it only to provide the service, maintain the system, secure the platform and comply with legal obligations.

4. Personal data we collect

We may collect and process the following categories of personal data.

  • name;
  • business name;
  • email address;
  • phone number;
  • username;
  • password hash;
  • login details;
  • role and permissions;
  • account status;
  • email verification status;
  • subscription status.

  • company name;
  • trading name;
  • company number;
  • VAT number;
  • registered office or trading address;
  • customer names and addresses;
  • supplier names and addresses;
  • invoice details;
  • credit note details;
  • payment records;
  • VAT rates and VAT amounts;
  • tax point/supply date;
  • due dates;
  • invoice PDFs;
  • email templates;
  • branding files such as logos.

  • VAT Registration Number;
  • HMRC authorisation tokens;
  • VAT obligations;
  • VAT return values;
  • VAT liabilities;
  • VAT payment information;
  • VAT customer information;
  • HMRC API response data;
  • API error messages;
  • audit logs relating to submissions.

  • IP address;
  • browser and device information;
  • operating system;
  • user agent;
  • login timestamps;
  • failed login attempts;
  • session data;
  • cookie identifiers;
  • server logs;
  • audit trail records;
  • load balancer or proxy-related request data;
  • information needed for HMRC fraud prevention headers.

  • billing name;
  • billing address;
  • payment status;
  • invoices issued by us to you;
  • subscription plan;
  • renewal dates;
  • payment provider references.

We do not usually store full card numbers. Payments should be processed by our payment provider, such as [Stripe / GoCardless / PayPal / Other].

  • support tickets;
  • emails sent to us;
  • call notes;
  • chat messages;
  • feedback;
  • bug reports;
  • feature requests.

5. HMRC fraud prevention header data

When you use the HMRC MTD VAT features, HMRC requires software providers to send fraud prevention header information with relevant API requests.

This may include technical data such as:

  • your public IP address;
  • device and browser information;
  • connection method;
  • user agent;
  • local device time zone;
  • vendor/server IP information;
  • request identifiers;
  • other audit and security data required by HMRC.

We send this data to HMRC because it is required for the operation of HMRC APIs and to support the prevention and detection of tax fraud.

6. How we use your personal data

We use personal data to:

  • create and manage your account;
  • provide the invoicing application;
  • generate and store invoices, credit notes and related records;
  • send invoice emails and reminders where enabled;
  • connect your account to HMRC;
  • retrieve VAT obligations;
  • submit VAT returns to HMRC where you instruct us to do so;
  • keep audit logs of key actions;
  • provide support;
  • manage subscriptions and billing;
  • improve system security;
  • prevent abuse, fraud and unauthorised access;
  • monitor system performance;
  • send service messages;
  • send marketing communications where permitted;
  • comply with legal, tax and regulatory obligations.

7. Lawful bases for processing

We rely on one or more of the following lawful bases:

Contract

We process data where necessary to provide the application and services you have requested.

Legal obligation

We may process data where necessary to comply with legal, tax, accounting, regulatory or HMRC-related obligations.

Legitimate interests

We may process data for our legitimate business interests, including securing the platform, preventing fraud, improving the service and responding to support requests.

Consent

We rely on consent where required, for example certain marketing communications, non-essential cookies or optional communications preferences.

Where we process your customer, supplier, invoice or VAT records on your behalf, we do so as your processor and in accordance with your instructions.

8. Who we share personal data with

We may share personal data with:

  • HMRC, where you use MTD VAT features;
  • payment providers;
  • email delivery providers;
  • hosting providers;
  • cloud infrastructure providers;
  • database and backup providers;
  • analytics providers;
  • professional advisers;
  • legal or regulatory authorities;
  • fraud prevention or security service providers;
  • subcontractors who help us operate the application.

We only share data where necessary for the service, where required by law, or where we have another lawful basis.

9. HMRC authorisation

To use MTD VAT features, you must authorise ForwardifyMtd through HMRC’s authorisation process.

Once authorised, we may use HMRC access tokens to perform actions that you request or enable, such as retrieving VAT obligations or submitting VAT returns.

You are responsible for ensuring that only authorised people in your organisation can connect, view, prepare or submit VAT information.

10. Marketing communications

We may send you service-related messages, such as:

  • account emails;
  • password reset emails;
  • security alerts;
  • invoice delivery notices;
  • subscription or billing notices;
  • MTD VAT submission status messages.

These are not marketing emails and are necessary for the service.

We may also send marketing emails about product updates, offers or related services where permitted by law. You can unsubscribe from marketing emails at any time.

11. Cookies and analytics

Our website and application may use cookies and similar technologies.

Some cookies are necessary for login, security, session management and core application functionality.

We may also use optional cookies for analytics, performance monitoring or marketing. Non-essential cookies should only be used where you have given consent where required.

You can manage cookies through our cookie banner, cookie settings page, or your browser settings.

12. How long we keep data

We keep personal data only for as long as reasonably necessary.

Data type Typical retention period
Account data While your account is active, then for a reasonable period after closure
Invoice and VAT records Usually at least 6 years where required for tax/accounting purposes
Audit logs Usually up to 6 years, unless a shorter or longer period is justified
Support tickets Usually up to 6 years
Marketing preferences Until you unsubscribe or your record is no longer needed
Security logs Usually 6–24 months, unless needed for investigation
HMRC tokens Until revoked, expired, replaced or no longer required

You are responsible for ensuring your own business record retention obligations are met.

13. Data security

We use appropriate technical and organisational measures designed to protect personal data, including:

Encrypted HTTPS connections
Password hashing
Role-based access controls
Audit logging
Server and database access controls
Backup procedures
Monitoring for suspicious activity
Separation of tenant/company data

No online service can be guaranteed to be completely secure. You are responsible for keeping your login details confidential and ensuring your users follow good security practices.

14. International transfers

Some of our service providers may process data outside the United Kingdom. Where this happens, we will take steps designed to ensure appropriate safeguards are in place, such as UK-approved contractual safeguards or adequacy arrangements.

15. Your rights

Depending on the circumstances, you may have the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion;
  • restrict processing;
  • object to processing;
  • request data portability;
  • withdraw consent;
  • complain to the Information Commissioner’s Office.

16. Your responsibilities

You are responsible for:

  • ensuring you have permission to enter personal data into the application;
  • keeping your account details secure;
  • managing user permissions correctly;
  • checking invoice and VAT data before submission;
  • complying with your own tax, VAT, accounting and data protection obligations;
  • keeping appropriate backups or exports where necessary for your business.

17. Children’s data

The application is intended for business users and is not intended for children.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on our website or within the application. Where changes are significant, we may notify you by email or through the application.

19. Contact us

For privacy questions, contact:

Accusolve Accountants Limited

38B Monahan Avenue, Purley, CR8 3BA

Email: mail@accusolveaccountants.com

Telephone: 0203 092 6909