Skip to main content
Filed QuarterlyFiled QuarterlyBack to home

Privacy Policy

Last updated: 20 March 2026

1. Who we are

Filed Quarterly Ltd (“we”, “us”, “our”) provides cloud-based landlord reporting and Making Tax Digital (MTD) compliance software for UK letting agents. Our registered address is [Your registered address]. You can contact us at hello@filedquarterly.co.uk.

2. What data we collect

We collect and process the following personal data:

  • Account information: name, email address, agency name, role
  • Financial data: bank transaction descriptions, amounts, dates (via CSV upload)
  • Landlord data: name, email, phone, tax reference (UTR) and National Insurance Number (NINO) — both encrypted at rest
  • Property data: addresses, tenancy details, rent amounts
  • HMRC data: OAuth tokens (encrypted at rest), submission responses
  • Usage data: pages visited, features used, IP address

3. Why we collect it (legal basis)

  • Contract performance: to provide the Filed Quarterly service you signed up for
  • Legal obligation: to comply with HMRC Making Tax Digital requirements and tax reporting obligations
  • Legitimate interest: to improve our service, send service-related emails, and prevent fraud

4. How we use your data

  • Generating landlord financial statements and reports
  • Submitting quarterly income and expense data to HMRC on your behalf
  • Matching bank transactions to properties and tenancies
  • Sending service emails (MTD deadline reminders, password resets, invitations)
  • Providing customer support

5. Who we share data with

  • HMRC: quarterly income and expense submissions via the MTD API, as authorised by you
  • Brevo: for sending transactional emails
  • Stripe: for payment processing (we do not store card details)
  • Microsoft Azure: cloud hosting (data stored in UK South region)

We do not sell your data to third parties. We do not share your data with anyone not listed above.

6. Data security

  • All data transmitted over HTTPS (TLS encryption)
  • Sensitive personal data (NINOs, tax references) encrypted at rest using Fernet symmetric encryption — not readable even with direct database access
  • HMRC OAuth tokens encrypted at rest using Fernet symmetric encryption
  • Database hosted on Azure PostgreSQL with encryption at rest
  • Admin panel access restricted with sensitive fields masked — tokens excluded entirely
  • Role-based access control with configurable team permissions (Agency tier)
  • Session-based authentication with CSRF protection
  • Passwords hashed using Django’s PBKDF2 algorithm

7. Data retention & portability

We retain your data for as long as your account is active. Financial transaction data and reports are kept for 6 years after creation to comply with HMRC record-keeping requirements. If you delete your account, we remove personal data within 30 days, except where retention is required by law.

If you downgrade or cancel your subscription, you retain full read-only access to all existing data. We never lock you out of your own data. You can export all your agency data at any time from Settings > Account > Data & Privacy as a ZIP file containing CSV files. Sensitive fields (NINOs, tax references) are masked in exports for security.

8. Your rights (UK GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (subject to legal retention requirements)
  • Export your data in a portable format (available via Settings > Account > Export Data)
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise any of these rights, email us at hello@filedquarterly.co.uk. We will respond within 30 days.

9. Cookies

We use essential cookies only: a session cookie for authentication and a CSRF token for security. We do not use tracking cookies, analytics cookies, or advertising cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or via the application. The “last updated” date at the top reflects the most recent revision.

11. Security

To report a security vulnerability or incident, email us immediately at hello@filedquarterly.co.uk with the subject line “Security”. We will acknowledge receipt within 24 hours and investigate promptly.

12. Contact

If you have questions about this privacy policy or want to make a complaint, contact us at hello@filedquarterly.co.uk. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.