GDPR Compliance Statement

This GDPR compliance policy outlines how Simple VAT Checker ("we", "our", or "us") collects, processes, and protects your personal data in accordance with the UK GDPR, EU GDPR, and the Data Protection Act 2018.

1. Data Controller

The data controller responsible for your personal data is:
Simple VAT Checker
Email: support@simplevatchecker.uk

2. What Personal Data We Collect

• Email address
• IP address and device/browser metadata (for security & analytics)
• VAT numbers submitted for checking
• VAT obligations
• VAT Return
• VAT liabilities
• VAT payments
• VAT penalties
• financial details
• Payment and billing data (for paid users, processed securely via Stripe or crypto partners)

3. Purpose and Legal Basis for Processing

We process your data based on the following legal grounds:

• Consent – for optional marketing or account features.
• Contractual necessity – to provide our service and process payments.
• Legal obligation – to comply with tax authorities like HMRC.
• Legitimate interests – to prevent fraud, improve security, and maintain service integrity.

4. Data Storage & Security

We store your data in secure databases hosted within the UK or EEA. We use encryption, firewalls, secure coding practices, and role-based access controls. Payment data is never stored on our servers.

5. Data Retention

We only retain personal data as long as necessary for the purposes stated above, or to comply with applicable legal obligations (e.g. tax reporting).

6. Third-Party Services

We may share limited data with the following services:

• Stripe (payment processor)
• Cloudflare (security & CDN)
• NOWPayments (crypto payments)
• Email providers (transactional communications) Mailgun
• DataBase: mongoDB Atlas
• HMRC systems (when authorized by you)

All third parties are GDPR-compliant and under data processing agreements where applicable.

7. Your Rights

Under GDPR, you have the right to:

• Access your data
• Correct or update your data
• Delete your data ("right to be forgotten")
• Restrict or object to processing
• Data portability (receive a copy in a usable format)
• Withdraw consent at any time (where consent was given)
• Lodge a complaint with the UK ICO or your local regulator

To exercise your rights, contact support@simplevatchecker.uk.

8. Cookies & Analytics

We use cookies for session management and analytics. By using our service, you consent to essential cookies. You can manage your preferences in your browser settings.

9. Automated Decisions

We do not use your personal data for automated decision-making or profiling that significantly affects you.

10. Updates

This GDPR policy may be updated from time to time. We will notify you via email or site notification if significant changes are made.