Legal

Privacy Policy

Last updated: April 2026 · ClearYear (Andrean Tahchiev, Sole Trader)

1. Who We Are

ClearYear is operated by Andrean Tahchiev, a sole trader registered in the United Kingdom. We provide an online HMRC Self Assessment filing service for UK self-employed individuals.

Contact: privacy@clearyear.co.uk

2. What Data We Collect

We collect the minimum data necessary to provide our service:

  • Email address — for payment receipt and service communications
  • NINO & UTR — used only during your session to submit to HMRC, then immediately discarded. We store only a one-way SHA256 hash for fraud prevention
  • Income & expense figures — processed in your session only, never stored in our database
  • IP address — stored in audit logs as required by HMRC
  • Payment reference — Stripe session ID stored for dispute resolution (no card data)

3. What We Do NOT Store

❌ Full NINO or UTR in plaintext
❌ Income or expense figures
❌ Bank or card details
❌ HMRC access tokens
❌ Tax return content

4. Legal Basis for Processing

We process your data under Article 6(1)(b) GDPR — processing necessary for the performance of a contract (filing your tax return).

Audit logs are retained under Article 6(1)(c) — legal obligation (HMRC requires traceability).

5. Data Retention

  • Session data — deleted immediately after submission
  • Submission records — retained for 6 years (HMRC statutory requirement)
  • Audit logs — retained for 6 years (legal obligation)
  • Payment records — retained for 6 years (financial records)

6. Third Parties

  • HMRC — your tax return data is submitted to HMRC as the primary purpose of this service
  • Stripe — payment processing. Stripe's privacy policy applies to card data

We do not sell, rent, or share your data with any other third parties.

7. Your Rights (GDPR)

  • Right of access — request a copy of your data
  • Right to erasure — request deletion of non-statutory data via DELETE /delete-my-data
  • Right to rectification — correct inaccurate data
  • Right to portability — receive your data in machine-readable format
  • Right to object — object to processing in certain circumstances

To exercise your rights, email: privacy@clearyear.co.uk

8. Security

All data is transmitted over HTTPS. Sensitive identifiers are hashed using SHA256 before storage. HMRC access tokens are stored only in encrypted server-side sessions and never written to disk.

9. Complaints

If you have concerns about our data practices, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.

Start Tax Return → Terms & Conditions