Privacy Policy
Last updated: 24 April 2026
1. Summary
TaxBrain helps UK taxpayers plan their tax position. To do that, we need some information about you — your email, your answers to the quiz, and the messages you send to our AI advisor. This policy explains, in plain English, what we collect, why, how long we keep it, who else sees it, and what you can do about it.
In short: we use the minimum data we need, we never sell it, and you can ask us to delete it at any time.
2. Who is the data controller?
The data controller for your personal data is:
Allen Living Ltd (trading as TaxBrain)
Company number: 14787139
Registered office: C/O ABLM Associates Ltd, Regus Stuart House, St Johns Street, Peterborough, Cambridgeshire, PE1 5DD
ICO registration number: [ICO_REGISTRATION_NUMBER]
Contact: [CONTACT_EMAIL]
3. What we collect
You give us directly
- Email address — when you ask for a personalised plan, subscribe to the newsletter, or use the contact form.
- Quiz responses— your tax profile, including income ranges, business structure, pension arrangements, marital status, and similar. These are brackets where possible (e.g. "£100k–£150k"); we only store exact figures if you choose to enter them.
- AI chat messages — everything you type into the advisor.
- Feedback — thumbs-up / thumbs-down signals on AI responses, used to improve future answers.
We collect automatically
- IP address and approximate location— used by Cloudflare for security and to detect whether you're in a jurisdiction we serve.
- Device and browser information — e.g. user-agent string, screen size. Used for analytics and bug-fixing.
- Usage analytics — which pages you visit, which calculators you use, which questions you ask the AI.
- Error reports — when the site crashes, we send an anonymised stack trace to our error-monitoring service.
We do NOT knowingly collect: your National Insurance number, your UTR, your bank details, or any other financial credential. If you include these in a message to the AI by mistake, please let us know and we'll delete them.
4. Why we collect it (lawful basis)
Under UK GDPR we need a lawful basis for each purpose we use your data for. Ours are:
Delivering the service you asked for
Lawful basis: Contract(Art. 6(1)(b)). Without your quiz answers and email we can't build or deliver the personalised plan you requested.
Marketing emails (weekly tax tips, product updates)
Lawful basis: Consent (Art. 6(1)(a)). You can withdraw consent any time via the unsubscribe link in every email.
Improving the AI advisor (training data)
Lawful basis: Legitimate interests(Art. 6(1)(f)) — we use anonymised Q&A pairs where you have given feedback to fine-tune future models. You can opt out via [CONTACT_EMAIL].
Analytics and error monitoring
Lawful basis: Legitimate interests(Art. 6(1)(f)) — running and securing the service. Optional analytics cookies can be declined via the consent banner.
Legal or regulatory obligations
Lawful basis: Legal obligation (Art. 6(1)(c)) — e.g. responding to a lawful request from HMRC or the ICO.
5. AI processing — what you need to know
When you use the AI advisor, your messages (and any quiz context we have for you) are sent to Anthropic's Claude API. Anthropic processes the request in the United States under UK/EU-adequate safeguards (Standard Contractual Clauses).
Anthropic's commercial API (which we use) does NOT use your content to train their foundation models. Our use of your content for our own fine-tuning is a separate question covered in Section 4 above.
When you start a plan at /plan, we ask you to explicitly acknowledge this AI-processing step.
6. How long we keep it
- Quiz responses, AI chats, extraction plans— kept for 24 months after your last activity, then deleted.
- Email address on the newsletter — until you unsubscribe.
- Analytics events — anonymised after 14 months.
- Error reports — 90 days.
- Anonymised training data — retained indefinitely as part of the model development corpus, with all directly identifying fields stripped.
- Records we are required to keep (e.g. for tax, legal, or regulatory reasons) — for the period required by law.
7. Who else processes your data
We use the following processors. Each has a written data processing agreement (or equivalent) with us, and each is listed with its processing location.
| Processor | Purpose | Location |
|---|---|---|
| Anthropic | AI inference (Claude) | US (SCCs) |
| Supabase | Database + file storage | EU — London region |
| Cloudflare | Hosting, CDN, analytics, security | Global (SCCs) |
| Beehiiv | Newsletter email | US (SCCs) |
| Resend | Transactional email | US (SCCs) |
| PostHog | Product analytics | EU — Frankfurt |
| Sentry | Error monitoring | EU region (SCCs) |
| OpenAI | Text embeddings (no chat content) — for search over our own corpus | US (SCCs) |
We don't sell your data, and we don't share it for marketing by third parties.
8. International transfers
Where your data is transferred outside the UK, we rely on the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, as appropriate. Copies are available on request at [CONTACT_EMAIL].
9. Your rights
Under UK GDPR you have the right to:
- Access — get a copy of the personal data we hold about you.
- Rectify — ask us to correct inaccurate data.
- Erase — ask us to delete your data.
- Port — get a machine-readable export of your data.
- Restrict or object — pause or stop certain types of processing.
- Withdraw consent — for anything we do based on your consent.
To exercise any of these, email [CONTACT_EMAIL] or use the form at /contact. We aim to respond within 30 days.
10. Complaints
If you think we've mishandled your data, please tell us first — we'd like the chance to put it right. You also have the right to complain to the UK data protection regulator:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 · ico.org.uk
11. Cookies
We use a small number of cookies to run the site, and we ask for your consent before setting any analytics or marketing cookies. You can review and change your choices at any time via the "Cookie settings" link in the footer.
- Strictly necessary — session cookies used to remember your place in the quiz. Always on.
- Analytics — Cloudflare Web Analytics, GA4, PostHog. Help us understand how the site is used. Opt-in.
- Marketing— none currently, but if we add any we'll ask for consent separately.
12. Changes to this policy
If we make material changes to this policy we'll email active users and show a banner on the site. Your continued use of TaxBrain after that means you accept the updated policy.
13. Contact
Questions? Email [CONTACT_EMAIL] or use /contact.