Privacy Policy

Last updated: April 2026

1. Who We Are

ClearCash is a personal finance and business tax management application operated by Cadogan Advisory Ltd, a company registered in England and Wales.

When we refer to "we", "us", or "our" in this policy, we mean Cadogan Advisory Ltd. When we refer to "you" or "your", we mean you as a user of ClearCash.

2. What Data We Collect

We collect the following types of personal data when you use ClearCash:

Account Information

• Name, email address, and password (hashed)
• Language preference and base currency

Financial Data

• Bank account names, types, balances, and currencies
• Transaction data: descriptions, amounts, dates, and categories
• Budget categories and amounts
• Savings goals
• Recurring payment schedules

Open Banking Data

• When you connect a bank account via Open Banking (through our regulated providers Powens or Plaid), we receive read-only access to your account information and transaction history
• We do not have access to your bank login credentials
• Connection tokens are stored encrypted

HMRC Data

• When you connect to HMRC for Making Tax Digital (MTD), we store your HMRC OAuth access tokens (encrypted), National Insurance Number (NINO), and VAT Registration Number (VRN) where applicable
• Income source details, tax profiles, and quarterly submission data
• VAT return data (9-box values) and submission receipts

Technical Data

• IP address, browser type, device information, and screen dimensions (collected for HMRC fraud prevention compliance)
• Session data and authentication tokens

3. Why We Collect Your Data

We process your data for the following purposes:

• To provide the service: managing your finances, tracking transactions, budgeting, and savings goals
• MTD compliance: submitting Income Tax and VAT returns to HMRC on your behalf
• Open Banking: importing your bank transactions automatically
• Tax calculations: estimating your tax liability based on your business transactions
• Security: protecting your account and detecting fraud
• HMRC compliance: providing fraud prevention headers as required by HMRC for all API interactions

4. Legal Basis for Processing

We process your data under the following legal bases under UK GDPR:

• Contract: processing is necessary to provide the ClearCash service to you
• Consent: where you explicitly connect to HMRC or Open Banking providers
• Legal obligation: HMRC fraud prevention header requirements
• Legitimate interest: improving the service and maintaining security

5. How We Store Your Data

• All data is stored on secure, encrypted servers
• Passwords are hashed using bcrypt and are never stored in plain text
• HMRC and Open Banking tokens are encrypted at rest
• Database connections use encryption in transit
• We follow industry-standard security practices

6. Data Sharing

We do NOT sell your data. We do not share your personal or financial data with any third parties for marketing or advertising purposes.

We share data only with:

• HMRC: when you submit MTD Income Tax or VAT returns, the relevant tax data is transmitted directly to HMRC via their secure API
• Open Banking providers (Powens, Plaid): regulated intermediaries used to securely access your bank account data, under FCA regulation
• ExchangeRate-API: for currency conversion rates (no personal data is shared — only currency codes)

7. Cookies

ClearCash uses the following cookies:

• Session cookie: essential for maintaining your login session
• CSRF token: essential for security against cross-site request forgery
• HMRC client data cookie: collects screen size, timezone, and browser information required by HMRC's fraud prevention header regulations
• Theme preference: stored in localStorage (not a cookie) to remember your dark/light mode preference

We do not use any analytics, advertising, or tracking cookies.

8. Data Retention

• Your data is retained for as long as your ClearCash account is active
• If you delete your account, all personal data is permanently erased within 30 days
• HMRC submission records may be retained for up to 7 years as required by UK tax law
• You may request deletion of your data at any time by contacting us

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access: request a copy of all data we hold about you
• Right to rectification: request correction of inaccurate data
• Right to erasure: request deletion of your data ("right to be forgotten")
• Right to data portability: receive your data in a structured, machine-readable format
• Right to restrict processing: request that we limit how we use your data
• Right to object: object to processing based on legitimate interest
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@clearcash.site.

10. Children's Privacy

ClearCash is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of significant changes via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

12. Contact Us

If you have any questions about this privacy policy or our data practices, please contact:

• Email: privacy@clearcash.site
• Company: Cadogan Advisory Ltd

13. Supervisory Authority

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113