£
Stop Losing Money

Privacy Policy

Last updated: February 2026

Stop Losing Money to Tax ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. What We Collect

  • Account information — your name and email address when you register.
  • Tax calculation inputs — salary, pension contributions, and other figures you enter into our tools. For free users, these are processed in your browser and not stored on our servers.
  • Payment information — processed entirely by Stripe. We never see or store your full card number. Stripe provides us with a transaction reference and the last four digits of your card.
  • Usage data — pages visited, features used, and device information collected through cookies and analytics (see Section 3).

2. How We Use Your Data

We use your data to:

  • Provide tax calculations and personalised strategy recommendations.
  • Process subscription payments and manage your account.
  • Send essential account emails (password resets, payment confirmations).
  • Improve our tools and fix bugs based on aggregated, anonymised usage patterns.

We do not sell your data to third parties. We do not send marketing emails unless you explicitly opt in.

3. Cookies

  • Essential cookies — a session cookie to keep you signed in (set by NextAuth). Strictly necessary and cannot be disabled.
  • Analytics cookies — Google Analytics 4, if enabled, collects anonymised usage data to help us understand how people use the site. You can block these via your browser settings.
  • We do not use third-party advertising or tracking cookies.

4. Third-Party Services

We share data with the following processors, each with their own privacy policies:

  • Stripe — payment processing.
  • Vercel — website hosting and edge delivery.
  • Neon — PostgreSQL database hosting (EU region).
  • Google Analytics — anonymised usage analytics (if enabled).

5. Data Retention

We keep your account data for as long as your account is active. If you delete your account or request erasure, we remove your personal data within 30 days. Anonymised, aggregated analytics data may be retained indefinitely.

6. Your Rights (UK GDPR)

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data ("right to be forgotten").
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us via our contact page. We will respond within 30 days.

7. Security

We use industry-standard security measures including HTTPS encryption, hashed passwords, and secure session management. Payment data is handled entirely by Stripe, which is PCI DSS Level 1 certified.

8. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on the site. The "last updated" date at the top reflects the most recent revision.

9. Contact

If you have questions about this privacy policy or how we handle your data, please get in touch via our contact page.