← Back

Privacy Policy

Last updated: May 2026

1. Who we are

MTD ITSA Manager is operated by Tymofii Iosypenko ("we", "us", "our"). We provide workflow management software for UK accounting firms to manage Making Tax Digital for Income Tax Self Assessment (MTD ITSA) compliance.

Contact: tymofiiiosypenko@gmail.com

2. Important notice — we do not submit to HMRC

MTD ITSA Manager is a workflow management tool only. It does not submit any data to HMRC or any other government body. Actual HMRC submissions must be made through HMRC-authorised software. Your firm remains responsible for all statutory filings.

3. What data we collect and why

Account data (your firm)

Email address, password (hashed), firm name. Used to provide you with access to the service. Legal basis: contract (UK GDPR Article 6(1)(b)).

Client data (your clients' information)

Names, email addresses, Unique Taxpayer Reference (UTR) numbers, income and tax data that your firm uploads. We process this data strictly on your instructions, as a data processor acting under your authority as data controller. Legal basis: contract (UK GDPR Article 6(1)(b)) / data processing agreement (Article 28).

Usage data

Login timestamps, actions within the app. Used for security and service improvement. Legal basis: legitimate interests (UK GDPR Article 6(1)(f)).

Billing data

Payment information is processed by Stripe. We do not store card details. Legal basis: contract.

4. How long we keep your data

Your account data and client data are retained for the duration of your subscription, plus 30 days after cancellation to allow data export. After 30 days, all data is permanently deleted.

5. Who we share data with

We use the following third-party services (sub-processors) to operate the service:

  • Stripe — payment processing (stripe.com)
  • SendGrid / Gmail — transactional email delivery
  • VPS hosting provider — server infrastructure for data storage

We do not sell your data or your clients' data to any third party.

6. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — you can request a copy of your data
  • Right to rectification — you can ask us to correct inaccurate data
  • Right to erasure — you can ask us to delete your account and all associated data
  • Right to data portability — you can request your data in a machine-readable format
  • Right to restriction — you can ask us to restrict processing in certain circumstances
  • Right to object — you can object to processing based on legitimate interests

To exercise any of these rights, email us at tymofiiiosypenko@gmail.com. We will respond within 30 days as required by UK GDPR.

7. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted passwords, CSRF protection, secure session management, and access controls. All data is stored on a dedicated server with restricted access.

8. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the UK Information Commissioner's Office (ICO): ico.org.uk / 0303 123 1113.

9. Changes to this policy

We may update this policy from time to time. We will notify registered users by email of any material changes. Continued use of the service after changes constitutes acceptance.

10. Contact

For any privacy-related queries or to exercise your rights:
Tymofii Iosypenko
Email: tymofiiiosypenko@gmail.com