HashTax Privacy Policy

Last Updated: December 2025

1. Introduction

HashTax Limited ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, assessment tools, and professional tax advisory services.

Company Details:

  • Company Name: HashTax Limited
  • Registration: Company No: 16273899, Registered in England & Wales
  • Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
  • ICO Registration: ZC050283
  • Contact: hello@hashtax.io

We are registered with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide Directly

When you use our services or assessment tools, we collect:

Contact Information:

  • Name
  • Email address
  • Phone number (optional)
  • Postal address (for service delivery)

Assessment Tool Information:

  • Cryptocurrency transaction details (volumes, frequencies, types)
  • Exchange platform usage
  • Investment objectives and strategies
  • Tax complexity indicators
  • Self-reported tax situation details

Service Engagement Information:

  • Consultation booking details
  • Service preferences and requirements
  • Communication history
  • Payment information (processed securely by third-party payment processors)

Professional Service Delivery:

  • Tax returns and supporting documentation
  • Cryptocurrency transaction records and wallet addresses
  • Exchange account statements
  • Income and expense records
  • Any other information necessary to provide our professional tax services

2.2 Information Collected Automatically

Website Usage Data:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referring website
  • Click patterns and navigation paths

Cookies and Tracking Technologies:

  • Essential cookies for website functionality
  • Analytics cookies (Google Analytics)
  • Marketing cookies (Facebook Pixel, if consent provided)

For detailed information about cookies, please see our Cookies Policy.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

3.1 Contractual Necessity

Processing is necessary to deliver professional tax services that you have engaged us to provide:

  • Tax return preparation and submission
  • Cryptocurrency transaction analysis
  • Tax planning and advisory services
  • Ongoing compliance support

3.2 Legitimate Interests

Processing based on legitimate business interests that do not override your rights:

  • Website improvement and user experience optimization
  • Marketing services to prospective clients (with opt-out available)
  • Fraud prevention and security
  • Business operations and administration

3.3 Legal Obligation

Compliance with legal requirements, including:

  • Tax regulations and HMRC reporting requirements
  • Anti-money laundering (AML) obligations
  • Professional standards (ACCA membership requirements)
  • Record-keeping obligations

3.4 Consent

Processing where explicit consent has been given:

  • Marketing communications via email
  • Non-essential cookies
  • Sharing information with third-party service providers
  • Any other specific purposes requiring consent

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

4. How We Use Your Information

4.1 Service Delivery

Professional Tax Services:

  • Preparing and submitting tax returns to HMRC
  • Calculating cryptocurrency capital gains and income
  • Providing tax planning and compliance advice
  • Maintaining accurate records for regulatory purposes

Assessment Tools:

  • Generating personalized complexity scores and tax impact calculations
  • Creating PDF reports with your results
  • Identifying potential tax optimization opportunities
  • Recommending appropriate service levels

4.2 Communication

Service-Related Communications:

  • Sending assessment tool results via email
  • Appointment confirmations and reminders
  • Service updates and deliverable notifications
  • Responding to your inquiries

Marketing Communications (with your consent):

  • Tax deadline reminders and compliance updates
  • Educational content and blog updates
  • Service announcements and special offers
  • Industry insights and HMRC guidance updates

You can opt out of marketing emails at any time using the unsubscribe link in every communication.

4.3 Business Operations

  • Website analytics and performance monitoring
  • Lead qualification and CRM management
  • Quality assurance and service improvement
  • Internal training and compliance monitoring
  • Financial accounting and business reporting

5. Data Sharing and Disclosure

5.1 Service Providers

We share information with carefully selected third-party service providers who assist in delivering our services:

Technology Partners:

  • Website Hosting: AWS (server infrastructure)
  • Email Delivery: SendGrid (transactional emails and reports)
  • CRM System: Freshsales (client relationship management)
  • Analytics: Google Analytics (website performance tracking)
  • Marketing: Facebook Pixel (advertising campaigns, if consent provided)

All service providers are contractually bound to protect your data and use it only for specified purposes.

5.2 Outsourced Accounting Partners

We may engage external accounting partners for certain service packages to deliver services on your behalf. These partners:

  • Are carefully vetted for professional competence
  • Are bound by confidentiality agreements
  • Process data only under our instructions
  • Maintain appropriate security measures

You will be informed if your service engagement involves outsourced delivery.

5.3 Legal Requirements

We may disclose information when required by law for:

  • HMRC submissions and tax compliance
  • Anti-money laundering (AML) reporting obligations
  • Court orders or legal proceedings
  • Regulatory investigations or audits
  • Protection of our legal rights

5.4 Business Transfers

If HashTax Limited is acquired, merged, or restructured, your personal data may be transferred to the new entity. You will be notified of any such change and your data will continue to be protected under this Privacy Policy.

5.5 Third Parties We Do NOT Share With

We never sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement robust technical and organizational measures to protect your data:

6.1 Technical Safeguards

  • Encryption: TLS/SSL encryption for data transmission
  • Secure Storage: Encrypted databases with access controls
  • Authentication: Multi-factor authentication for system access
  • Regular Backups: Secure backup procedures with encryption
  • Security Updates: Regular patching and system updates

6.2 Organizational Safeguards

  • Access Controls: Limited access based on role requirements
  • Staff Training: Regular data protection training for all personnel
  • Confidentiality: All staff are bound by confidentiality agreements
  • Third-Party Audits: Regular security assessments of service providers
  • Incident Response: Documented breach response procedures

6.3 Physical Security

  • Secure office premises with access controls
  • Locked filing cabinets for physical documents
  • Clean desk policy for sensitive information
  • Secure disposal of documents and devices

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy.

7.1 Active Client Relationships

Data is retained during service engagement and for 6 years thereafter (HMRC requirement):

  • Tax records: A minimum of 6 years after the end of the relevant tax year
  • Financial records: 6 years from the end of the financial year

7.2 Prospective Clients

  • Assessment tool data: 12 months from the last interaction
  • Marketing communications: Retained until you unsubscribe or request deletion
  • Website analytics: 26 months (Google Analytics default)

7.3 Legal Requirements

Some records must be retained longer due to:

  • Professional indemnity insurance requirements
  • ACCA professional standards
  • Anti-money laundering obligations
  • Potential legal claims (Limitation Act 1980)

7.4 Deletion Requests

When you request deletion:

  • We will delete data not subject to legal retention requirements immediately
  • We will anonymize data where deletion is not possible
  • We will provide confirmation of deletion within 30 days
  • We will explain any retention obligations preventing immediate deletion

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

8.1 Right of Access

You can request a copy of all personal data we hold about you. This will be provided within one month, free of charge.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. Records will be updated within one month.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data where:

  • It is no longer necessary for the purposes collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • Processing is unlawful
  • It is required for legal compliance

Important: Data required for legal or regulatory obligations may be unable to be deleted.

8.4 Right to Restrict Processing

You can request that processing of your data be limited in certain circumstances:

  • You contest the accuracy of data (during verification)
  • Processing is unlawful but you don't want erasure
  • The data is no longer needed, but you require it for legal claims
  • You object to processing (pending verification of legitimate grounds)

8.5 Right to Data Portability

You can request transfer of your data in a structured, commonly used format to:

  • Another controller, or
  • Directly to you

This applies to data processed by automated means with your consent or for contract performance.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

8.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. Our assessment tools provide indicative calculations only; all professional advice involves human expertise.

8.8 Right to Complain

You have the right to complain to the ICO about our data processing practices. You can file a complaint with the supervisory authority:

  • Website: https://ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

9. Exercising Your Rights

To exercise your rights or make data protection inquiries:

  • Email: hello@hashtax.io
  • Subject Line: "Data Protection Request"

Information to Include:

  • Your full name
  • Email address used with HashTax
  • Specific right you wish to exercise
  • Any relevant details or documentation

We will respond within one month. For complex requests, we may extend this by two months with explanation.

Identity Verification

To protect your privacy, we may require proof of identity before processing requests. Acceptable documents include passport, driving license, or other government-issued ID.

10. International Data Transfers

Your data is primarily processed within the United Kingdom. If we transfer data outside the UK:

  • We ensure adequate protection through approved transfer mechanisms
  • Standard Contractual Clauses (SCCs) or equivalent safeguards
  • You will be informed of any such transfers

Current International Transfers:

  • SendGrid (email services): USA - adequate safeguards in place
  • AWS (hosting): UK-based servers, but management access from USA - adequate safeguards

11. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately for deletion.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • Changes in laws or regulations
  • New services or features
  • Improvements to our practices

Notification of Changes:

  • Updated "Last Updated" date at the top of this policy
  • Significant changes notified via email to active clients
  • Continued use after changes constitutes acceptance

We encourage you to review this policy periodically.

13. Specific Tool Privacy Information

13.1 Crypto Tax Health Check

  • Data Collected: Self-reported complexity indicators, email address
  • Purpose: Generate complexity score and qualification assessment
  • Retention: 12 months or until deletion requested
  • Sharing: Results emailed via SendGrid; lead data stored in CRM

13.2 Tax Impact Calculator

  • Data Collected: Transaction volumes, gains/losses estimates, email address
  • Purpose: Calculate approximate tax liability and optimization opportunities
  • Retention: 12 months or until deletion requested
  • Sharing: Results emailed via SendGrid; lead data stored in CRM

13.3 Tax Complexity Score

  • Data Collected: Detailed activity information across 15-20 questions
  • Purpose: Comprehensive complexity assessment and audit risk evaluation
  • Retention: 12 months or until deletion requested
  • Sharing: Results emailed via SendGrid; lead data stored in CRM

Important Note: Assessment tool results are indicative only and do not constitute professional advice. Actual service engagements require comprehensive data verification.

14. Professional Obligations

As ACCA registered accountants, we are bound by:

  • ACCA Code of Ethics and Conduct: Professional behavior and confidentiality
  • Anti-Money Laundering Regulations: Customer due diligence requirements
  • Professional Indemnity Insurance: Retention requirements for claims protection

These obligations may override deletion requests in certain circumstances, which will be explained to you.

15. Third-Party Links

Our website may contain links to third-party websites (e.g., HMRC, ACCA, educational resources). We are not responsible for the privacy practices of these sites. We recommend reviewing their privacy policies before providing personal information.

16. Marketing Preferences

You can manage your communication preferences at any time:

To Opt Out:

  • Click 'unsubscribe' in any marketing email
  • Email hello@hashtax.io with "Unsubscribe" in the subject line
  • Update preferences in your client portal (if applicable)

To Opt In:

  • Check the consent box when submitting forms
  • Email hello@hashtax.io requesting marketing communications
  • Update preferences in your client portal (if applicable)

Important Note: Opting out of marketing communications does not affect essential service communications, such as appointment confirmations, service deliverables, or regulatory updates.

17. Contact Information

For privacy-related questions, concerns, or requests:

HashTax Limited
Email: hello@hashtax.io
Address:
71-75 Shelton Street
Covent Garden
London
WC2H 9JQ
United Kingdom

  • Data Protection Queries: Use subject line "Data Protection Request"
  • General Inquiries: Use subject line "General Inquiry"

18. Glossary of Terms

  • Personal Data: Information relating to an identified or identifiable individual
  • Processing: Any operation performed on personal data (e.g., collection, storage, use)
  • Controller: The entity determining the purposes and means of processing, identified as HashTax Limited
  • Processor: The entity processing data on behalf of the controller
  • Consent: A freely given, specific, informed indication of your agreement
  • Legitimate Interests: Lawful processing justified by business interests

Acknowledgment

By using our website, assessment tools, or engaging our services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.

For Professional Service Engagements:

You will be asked to provide explicit written consent at the point of service engagement, confirming your understanding of how your sensitive financial and tax data will be processed.

This Privacy Policy is designed to be transparent, fair, and compliant with UK GDPR. If you have questions or concerns about any aspect of our data practices, please don't hesitate to contact us.

Protecting your privacy while delivering exceptional cryptocurrency tax services.

© 2026 HashTax Limited. All rights reserved.
Company
About HashTaxOur ExpertiseContact UsBook a Consultation
Legal
Terms of ServicePrivacy PolicyDisclaimerCookies Policy

Contact : hello@hashtax.io

COMPANY INFORMATION
HashTax Limited | Company No: 16273899 | Registered in England & Wales
Registered Office:  71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UNITED KINGDOM
PROFESSIONAL REGISTRATIONS
ICO Registration: ZC050283
DISCLAIMER
HashTax provides professional cryptocurrency accounting and tax advisory services. The information on this website is for general guidance only and does not constitute financial, tax, or legal advice. Individual circumstances vary, and you should seek
professional advice specific to your situation.
© 2026  HashTax Limited. All rights reserved.