← Back to home

Privacy Policy

Last updated: February 2026

Who We Are

BetterCallSam is an AI-powered tax submission service for UK self-employed sole traders with a single self-employment business, subject to Making Tax Digital for Income Tax Self Assessment (MTD ITSA). We do not handle property income, VAT, partnerships, or limited company data. We act as the data controller for the personal data processed through our service.

What Personal Data We Process

To provide our tax submission service, we process the following personal data:

  • National Insurance Number (NINO) — used to identify you with HMRC
  • HMRC OAuth tokens — used to authenticate API requests to HMRC on your behalf
  • Business details — trading name, business ID, and accounting period dates as registered with HMRC
  • Self-employment financial records — self-employment income and expense data from files you upload for quarterly submissions
  • Tax calculations — obligation status, income summaries, and tax breakdowns retrieved from HMRC
  • Chat messages — conversations with our AI assistant during the submission process
  • Device information — browser type, screen size, timezone, and device ID collected for HMRC fraud prevention header compliance

Why We Process Your Data

We process your personal data for the following purposes:

  • Tax submission — submitting your quarterly updates and final declaration to HMRC via the MTD ITSA APIs
  • AI-assisted categorisation — processing your financial records through an AI model to categorise income and expenses into HMRC-compliant categories
  • Fraud prevention — collecting device information as required by HMRC to comply with their fraud prevention header specification
  • Service delivery — displaying your obligations, tax position, and submission history

Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Contract (Article 6(1)(b)) — processing is necessary to perform the tax submission service you have signed up for
  • Legal obligation (Article 6(1)(c)) — HMRC requires us to collect and transmit fraud prevention headers as a condition of using their APIs

Third-Party Data Processors

Your data is shared with the following third parties solely for the purpose of delivering our service:

  • HMRC — your financial data, NINO, and fraud prevention headers are transmitted to HMRC via their MTD APIs to fulfil your tax obligations
  • Anthropic (Claude AI) — your chat messages and uploaded financial data are processed by Anthropic's AI model to categorise transactions and provide guidance. Anthropic does not use API data for model training.

We do not sell, rent, or share your personal data with any other third parties for marketing or any other purposes.

How We Protect Your Data

  • HMRC OAuth tokens are encrypted at rest using AES-256-GCM
  • All data transmitted to HMRC uses TLS encryption
  • We implement all 16 HMRC fraud prevention headers as required
  • No passwords or HMRC credentials are stored by our application
  • Authentication is handled via HMRC's own OAuth 2.0 flow — we never see your Government Gateway password

Data Retention

Your session data (chat messages, uploaded files, and processed transactions) is held in memory for the duration of your active session. HMRC OAuth tokens are retained only while your session is active and are discarded when the session ends. We do not maintain a persistent database of your personal or financial data.

Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time (where consent is the lawful basis)
  • Lodge a complaint with the Information Commissioner's Office (ICO)

Contact Us

For any questions about this privacy policy or to exercise your data rights, contact us at:

privacy@bettercallsam.co.uk

For security concerns, see our security page.