Privacy Policy

1. Who we are

NexusPilot operates LandlordTaxAi, an AI-powered Making Tax Digital compliance tool for UK landlords. We help landlords categorise property income and expenses and submit quarterly returns to HMRC.

2. Data we collect

We collect the following personal data to provide our service:

• Email address and name (account registration and communication)
• National Insurance Number (NINO) for HMRC quarterly submissions
• Bank statement transaction data (uploaded CSV files for categorisation)
• Property details (addresses and rental information)
• Browser information (screen size, device ID, plugins) for HMRC fraud prevention headers

3. How we store your data

All data is stored on Neon PostgreSQL hosted in London, EU region. HMRC OAuth tokens are encrypted using AES-256-GCM encryption with a securely managed key. Bank statement files are stored in Cloudflare R2 (EU region).

We follow industry best practices for data security including encrypted connections (TLS), secure authentication, and regular access reviews.

4. Who we share data with

We share your data only with HMRC via their official Making Tax Digital API, and only when you explicitly click "Approve & Submit to HMRC". We never submit data without your explicit action.

We do not sell, rent, or share your personal data with any third parties for marketing or advertising purposes.

5. Third-party processors

We use the following services to operate LandlordTaxAi:

• Supabase — Authentication and user management. Hosted in EU (London region).
• Stripe — Payment processing (we never see your full card details)
• Cloudflare — Hosting, CDN, and file storage (EU region)
• Neon — Database hosting (London, EU region)
• Anthropic — AI categorisation. AI processing may occur on servers outside the UK. Only transaction descriptions are sent — no personal identifiers such as names, NINOs, or bank details. International transfers are covered under the UK-US Data Bridge adequacy framework.

6. Your rights

Under UK GDPR, you have the right to:

• Access — Export all your transaction data as CSV at any time from the Transactions page
• Rectification — Edit or correct your personal information in Settings
• Erasure — Request deletion of your account and all associated data
• Portability — Download your data in a machine-readable format (CSV)
• Object — Opt out of any non-essential data processing

7. Contact

For any privacy-related queries, data access requests, or to exercise your rights, please contact us:

Email: hello@nexuspilot.co.uk