Privacy Policy

Last updated: Feb 2026

1. Introduction

TaxPilot ("we", "us", "our") operates the website www.taxpilot.diy ("the Service"). TaxPilot is a UK-focused tax optimisation calculator that helps taxpayers find potential savings by analysing salary, pension, childcare, and benefits information.

This Privacy Policy explains what personal data we collect, how we use it, and your rights under UK data protection law (the UK General Data Protection Regulation and the Data Protection Act 2018). We are committed to protecting your privacy and being transparent about our data practices.

By using TaxPilot, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

2. What Data We Collect

We collect different types of information depending on how you use TaxPilot. We've designed the Service to minimise the data we hold — in particular, your financial and tax information never leaves your browser.

Email Address

When you create an account, we collect your email address through our authentication provider, Supabase. This is the only piece of personally identifiable information we require.

Payment Information

If you upgrade to TaxPilot Pro, payment is processed entirely by Stripe. We never see, receive, or store your card number, CVV, or full billing details. Stripe may share limited transaction data with us (such as the last four digits of your card and payment status) for record-keeping purposes.

Tax Calculation Inputs

The salary, pension, childcare, benefits, and other financial figures you enter into the calculator are stored only in your browser's localStorage. This data is never transmitted to our servers. We cannot access, read, or retrieve it. If you clear your browser data, this information is permanently deleted.

AI Tax Advisor Queries

When you use the AI Tax Advisor feature, the text of your question and relevant tax context is sent to an AI service provider to generate a response. These queries are processed in real-time to provide you with personalised tax optimisation guidance.

Usage & Analytics Data

We may collect anonymised usage data such as page views, feature interactions, and general engagement metrics using privacy-friendly analytics tools. This data helps us understand how people use TaxPilot so we can improve the product.

Technical Data

Like most websites, our servers automatically collect certain technical information, including your IP address, browser type and version, device information, operating system, and referral URLs. This is standard web server logging and is used for security, debugging, and performance monitoring.

3. How We Use Your Data

We use your data for the following purposes:

  • Email address: Account creation, login authentication, and essential service communications (such as payment confirmations or important updates about the Service).
  • Payment data: Processing your subscription payment via Stripe and managing your account tier.
  • AI Advisor queries: Generating personalised tax optimisation responses. Your queries are not used to train AI models.
  • Usage & analytics data: Improving the product, understanding feature adoption, and identifying issues.
  • Technical data: Maintaining security, monitoring performance, and diagnosing technical problems.

We do not sell your personal data to third parties. We do not display third-party advertisements.

4. Data Storage & Security

We take appropriate measures to protect your data, proportionate to the sensitivity of the information:

  • Tax calculation inputs remain entirely in your browser's localStorage. We have no server-side access to this data whatsoever.
  • Email addresses are stored securely via Supabase, which uses encryption at rest and in transit.
  • Payment data is handled by Stripe, a PCI DSS Level 1 compliant payment processor — the highest level of payment security certification.
  • AI Advisor queries are processed in real-time and are not permanently stored by TaxPilot.

All communications with our servers are encrypted using HTTPS/TLS. While no system is 100% secure, we implement industry-standard security practices to protect the data we do hold.

5. Third-Party Services

We use the following third-party services to operate TaxPilot. Each has their own privacy policy governing how they handle data:

  • Supabase (authentication & database) — Privacy Policy
  • Stripe (payment processing) — Privacy Policy
  • AI service provider (AI Tax Advisor responses) — We use a third-party large language model provider to power the AI Advisor. Queries are sent securely and are not used to train the provider's models.
  • Analytics provider — We may use privacy-friendly analytics tools to understand how the Service is used. These tools are configured to minimise data collection and respect user privacy.
  • Hosting provider — The Service is hosted on standard cloud infrastructure with appropriate security measures.

6. Cookies & Local Storage

TaxPilot uses the following browser storage mechanisms:

localStorage

Your tax calculation inputs (salary, pension, childcare figures, etc.) are saved to your browser's localStorage so that your data persists between sessions. This data never leaves your device. You can clear it at any time through your browser settings.

Authentication Cookies & Tokens

Supabase sets cookies and/or tokens to manage your login session. These are essential for the Service to function and are not used for tracking.

Analytics

If analytics tools are in use, they may set cookies or use similar technologies to collect anonymised usage data. We select privacy-friendly analytics providers that minimise tracking and do not build advertising profiles.

7. Your Rights (UK GDPR)

Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights:

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can ask us to correct any inaccurate personal data.
  • Right to erasure — You can ask us to delete your personal data (your "right to be forgotten").
  • Right to data portability — You can request your data in a structured, commonly used format.
  • Right to restrict processing — You can ask us to limit how we use your data.
  • Right to object — You can object to our processing of your data in certain circumstances.
  • Right to withdraw consent — Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please email us at support@taxpilot.diy. We will respond to your request within one month, as required by law.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority.

8. Data Retention

We retain different types of data for different periods:

  • Email address & account data: Retained for as long as your account is active. If you delete your account, we will remove your data within 30 days, except where we are required to retain it by law.
  • Payment records: Retained as required by UK financial record-keeping obligations (typically up to 6 years).
  • Tax calculation inputs: Stored only in your browser's localStorage — entirely under your control. We do not retain this data.
  • AI Advisor queries: Not permanently stored by TaxPilot. Processed in real-time and not retained after the response is generated.
  • Server logs: Retained for up to 90 days for security and debugging purposes, then automatically deleted.

9. Children

TaxPilot is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@taxpilot.diy and we will take steps to delete it promptly.

10. International Transfers

Some of the third-party services we use (such as our hosting provider, AI service provider, and Stripe) may process data outside of the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or the service provider being based in a country with an adequate level of data protection as recognised by the UK government.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email notification. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

support@taxpilot.diy

Note: This privacy policy was generated with AI assistance and has not been reviewed by a qualified solicitor. TaxPilot recommends that you seek independent legal advice if you have concerns about any of these terms. For questions, contact support@taxpilot.diy.