Privacy Policy

Single Form Accounting — Hidden Mango Limited

✕ Close
Version: 1.0  |  Effective Date: March 2026

1. Introduction

Hidden Mango Limited ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use Single Form Accounting ("the Software").

Data Controller

Hidden Mango Limited

Contact: Vinodrai Mandavia

Email: singleformacc@gmail.com

2. What Data We Collect

2.1 Account and Registration Data

  • Business name and legal entity type
  • Your name and role within the business
  • Email address and username
  • Password (stored in encrypted/hashed form — never in plain text)
  • VAT Registration Number (if applicable)
  • Financial year and VAT period settings

2.2 Financial and Accounting Data

  • Sales and purchase invoices
  • Customer and supplier names, addresses, and contact details
  • Payment and receipt records
  • Bank account details including account name, bank name, account number and sort code (entered by you for the purpose of bank reconciliation and transaction management)
  • Journal entries and general ledger data
  • VAT return figures (Boxes 1–9)
  • Exchange rates and currency data

2.3 HMRC Connectivity Data (Making Tax Digital)

  • HMRC OAuth access and refresh tokens (used to connect to HMRC on your behalf)
  • VAT submission references and timestamps
  • Fraud prevention header data required by HMRC including IP address, browser information, and device identifiers

2.4 Technical and Usage Data

  • Login timestamps and session information
  • IP addresses
  • Browser type and version
  • Error logs and diagnostic information

3. How We Use Your Data

Purpose Lawful Basis
Providing and operating the Software Performance of contract
Processing and storing your accounting records Performance of contract
Submitting VAT returns to HMRC via MTD on your behalf Performance of contract / Legal obligation
Sending account-related communications (e.g. password resets) Performance of contract
Complying with legal and regulatory obligations Legal obligation
Detecting and preventing fraud or unauthorised access Legitimate interests
Improving the Software and fixing technical issues Legitimate interests
Notifying you of changes to the Software or these policies Legitimate interests

We will never use your data for marketing purposes without your explicit consent, and we will never sell your data to third parties.

4. Making Tax Digital and HMRC

  1. 4.1When you use the MTD VAT submission feature, you authorise us to connect to HMRC's API on your behalf using your Government Gateway credentials via the OAuth 2.0 protocol. We store the resulting access and refresh tokens securely in our database.
  2. 4.2We transmit your VAT return data (Boxes 1–9) and fraud prevention headers to HMRC as required by their MTD regulations.
  3. 4.3Fraud prevention headers transmitted to HMRC may include your IP address, browser type, and device identifiers. This is a mandatory requirement under HMRC's MTD regulations and cannot be opted out of if you wish to use the MTD submission feature.

5. Data Storage and Security

  1. 5.1Your data is currently stored on a local server in the United Kingdom. We intend to migrate to a UK-based cloud hosting provider in due course and will update this policy accordingly.
  2. 5.2We implement appropriate technical and organisational security measures including password hashing, JWT token-based authentication, OAuth 2.0 for HMRC connectivity, and access controls limiting data access to authorised users only.
  3. 5.3Despite our efforts, no method of data transmission or storage is completely secure. We cannot guarantee absolute security of your data.
  4. 5.4In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) as required by law.

6. Data Retention

Data Type Retention Period
Account and registration data Duration of account plus 90 days after closure
Accounting and financial records 7 years from end of financial year (HMRC requirement)
HMRC OAuth tokens Until disconnected or account closed
VAT submission records 7 years (HMRC requirement)
Technical logs 90 days

7. Data Sharing and Third Parties

We do not sell, rent, or share your personal data with third parties for their own marketing purposes. We may share your data only in the following circumstances:

  1. 7.1HMRC — when you use the MTD submission feature, your VAT return data and fraud prevention headers are transmitted to HMRC at your explicit instruction.
  2. 7.2Legal obligations — we may disclose your data where required to do so by law, court order, or at the request of a regulatory authority.
  3. 7.3Business transfer — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity. We will notify you in advance.

8. Your Rights Under UK GDPR

Right of AccessYou have the right to request a copy of the personal data we hold about you.
Right to RectificationYou have the right to request correction of inaccurate or incomplete data.
Right to ErasureYou have the right to request deletion of your personal data where there is no legitimate reason for us to continue processing it. Note that we may be required to retain certain financial records for legal compliance.
Right to RestrictionYou have the right to request that we restrict processing of your data in certain circumstances.
Right to Data PortabilityYou have the right to receive your data in a structured, commonly used, machine-readable format.
Right to ObjectYou have the right to object to processing based on legitimate interests.
Right to Withdraw ConsentWhere processing is based on consent, you have the right to withdraw it at any time.

To exercise any of these rights, please contact us at singleformacc@gmail.com. We will respond within 30 days.

9. Cookies

The Software uses only essential session cookies necessary for authentication and security. We do not use advertising, tracking, or analytics cookies. No cookie consent banner is required as we use only strictly necessary cookies.

10. Children's Data

The Software is intended for business use by adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or by posting a notice within the Software.

12. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Website: ico.org.uk

Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at singleformacc@gmail.com.

13. Contact Us

Hidden Mango Limited

Data Controller: Vinodrai Mandavia

Email: singleformacc@gmail.com

This Privacy Policy was last updated in March 2026.