Privacy Policy

Last updated: April 2026

1. Who We Are

OptimaApp is operated by Optima Creative Limited (Company No. 10519595), a company registered in England and Wales. Registered address: Unit 19 Apex Business Centre Suite 1, Boscombe Road, Dunstable, Bedfordshire, LU5 4SB, United Kingdom.

For privacy inquiries, contact us at: info@optima-creative.co.uk

2. Data We Collect

Account Data

• Name, email address, phone number
• Business type (Self-Employed, Limited Company, Landlord, Crypto Investor)
• UTR (Unique Taxpayer Reference), NI Number, VAT Number
• Company name and Companies House number
• Personal and business addresses

Financial Data

• Bank transactions (via TrueLayer Open Banking - read-only access)
• HMRC tax submission data (via HMRC MTD API)
• Invoice details (client names, amounts, dates)
• CIS deduction records
• Mileage trip records

Documents

• Uploaded receipts, invoices and documents
• OCR-extracted data (vendor, amount, VAT, date)

Technical Data

• Device information (for HMRC Fraud Prevention Headers)
• IP address, browser/app user agent
• App usage and crash data

3. How We Use Your Data

• To provide the OptimaApp service (tax calculations, MTD submissions, bank sync)
• To submit data to HMRC on your behalf (with your explicit consent)
• To synchronise bank transactions via TrueLayer (with your explicit consent)
• To process documents using Google Cloud Document AI (OCR)
• To send service notifications (deadline reminders, payment confirmations)
• To improve the app based on usage patterns

4. Legal Basis for Processing (UK GDPR)

• Contract: Processing necessary for providing our services to you
• Consent: HMRC connection, bank connection, marketing communications
• Legitimate Interest: App improvement, security monitoring, fraud prevention
• Legal Obligation: HMRC Fraud Prevention Headers, audit logging

5. Data Sharing

We share your data only with:

• HMRC - Tax submissions (only when you explicitly submit)
• TrueLayer - Open Banking data retrieval (read-only, with your consent)
• Google Cloud - Document AI for OCR processing
• Supabase - Database hosting (EU/UK data centre)
• SendGrid - Transactional emails only

We never sell, rent or share your data with advertisers or unrelated third parties.

6. Data Security

7. Data Retention

• Account data: retained while account is active, deleted within 30 days of account deletion
• Bank transactions: retained for the current and previous tax year
• HMRC submission records: retained for 7 years (legal requirement)
• Audit logs: retained for 2 years
• Documents: retained while account is active

8. Your Rights (UK GDPR)

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability - receive your data in a machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time (e.g. disconnect HMRC or bank)

To exercise your rights, email: info@optima-creative.co.uk

9. Cookies

OptimaApp (mobile) does not use cookies. The landing page website uses only essential cookies for session management. No tracking or advertising cookies are used.

10. Children's Privacy

OptimaApp is not intended for use by individuals under the age of 18. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via the app or email. The "last updated" date at the top reflects the most recent revision.

12. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk

13. Disclaimer

OptimaApp is not affiliated with, endorsed by, or associated with HMRC, GOV.UK or any UK government entity. The app provides informational tools and does not constitute professional tax advice.