Privacy Policy
Last updated: 14 April 2026
1. Who we are
OneFiler is a trading name of Light and Dark Energy Ltd, a company registered in England and Wales (No. 15095270). OneFiler (“we”, “us”, “our”) is a UK-based software service that helps micro-entity company directors file their Corporation Tax return (CT600) and annual accounts with HMRC and Companies House. We are the data controller for the personal data described in this policy.
We are registered with the Information Commissioner's Office (ICO) as a data controller. Our ICO registration reference is ZC106109.
Service availability: OneFiler is intended solely for use by UK companies subject to UK Corporation Tax. We do not offer the service to companies or individuals outside the United Kingdom.
To contact us about privacy matters: privacy@onefiler.co.uk
2. What data we collect and why
| Data | Purpose | Legal basis |
|---|---|---|
| Email address (account) | Sign in and account management | Contract performance |
| Email address (waitlist) | Notify you when OneFiler launches | Consent |
| Company name, CRN, UTR | Populate and file your CT600 | Contract performance |
| Financial figures (accounts, tax) | Calculate Corporation Tax and generate iXBRL accounts | Contract performance |
| HMRC gateway credentials | Submit your return to HMRC on your behalf — deleted immediately after submission completes | Contract performance |
| QuickBooks Online financial data (trial balance, P&L, balance sheet) | Pre-fill your CT600 figures — financial data never stored; OAuth tokens held encrypted and deleted after import | Contract performance (with your explicit consent to connect) |
| Xero financial data (trial balance) | Pre-fill your CT600 figures — financial data never stored; OAuth tokens held encrypted and deleted after import | Contract performance (with your explicit consent to connect) |
| Session recordings (anonymised click and navigation data) | Diagnose errors and improve the service. Sensitive fields (UTR, gateway credentials, auth codes) are masked and never recorded. | Legitimate interests |
3. How we store and protect your data
All data is stored in Supabase (PostgreSQL), hosted in the EU. Sensitive credentials such as your HMRC Gateway password are encrypted at rest using AES-256-GCM before being written to the database, and are permanently deleted as soon as your submission completes or fails definitively. Our application servers are hosted in London (UK).
We use Clerk for authentication. Clerk is SOC 2 Type II certified and GDPR-compliant. Standard Data Processing Agreements (DPAs) are accepted with Clerk, Supabase, and Fly.io — please verify that you have accepted these in the respective provider dashboards.
4. Accounting software integrations (QuickBooks Online and Xero)
OneFiler optionally integrates with QuickBooks Online (provided by Intuit Inc.) and Xero to allow you to import financial figures directly into your CT600 filing. These integrations are entirely optional — you can enter figures manually instead.
What we access:When you authorise the connection, we read your trial balance, profit & loss, and balance sheet data for your selected accounting period only. We request read-only access and do not write to or delete any data in your accounting software.
How the data is used: The imported figures are used solely to pre-populate the financial fields in your CT600 filing. The raw financial data from QuickBooks Online or Xero is never stored in our database — it is used transiently in memory to populate your form and immediately discarded. OAuth tokens (used to authenticate the connection) are stored encrypted and are permanently deleted as soon as the import completes.
Who can see it: Your QuickBooks Online or Xero data is only ever shown to you. It is never shared with any third party, used for any other purpose, or combined with data from other users.
Connection and disconnection:The connection is authorised via OAuth 2.0 — you are redirected to QuickBooks Online or Xero to grant permission and OneFiler never sees your QuickBooks or Xero password. The connection is automatically revoked immediately after your import completes. You can also disconnect at any time from within OneFiler, which revokes our access token on Intuit's and Xero's servers and deletes all stored credentials from our systems.
QuickBooks Online: Use of the QuickBooks Online integration is subject to Intuit's Privacy Statement. OneFiler's use of QuickBooks data is governed by the Intuit Developer Program Agreement.
5. How long we keep your data
HMRC Gateway credentials are permanently deleted from our systems as soon as your submission completes or fails. They are never retained beyond that point.
Filing data (CT600 returns, accounts, tax computations) is retained for 12 monthsafter the filing is completed or last updated, then permanently deleted. You are responsible for retaining your own copies of filed documents in accordance with HMRC's record-keeping requirements (typically 6 years for Corporation Tax).
Waitlist email addresses are deleted within 30 days of OneFiler launching, unless you have created an account.
If you delete your account, all personal data (company details, financials, credentials) is permanently deleted within 30 days, subject to any legal obligation to retain records.
5. Third parties we share data with
- HMRC — we submit your CT600 and accounts on your instruction. This is the purpose of the service.
- Companies House — we file your micro-entity accounts on your instruction.
- Clerk — handles authentication. Processes your email address. Standard DPA accepted.
- Supabase — stores your filing data. Hosted in the United Kingdom (eu-west-2, London). Standard DPA accepted.
- Fly.io — hosts our application servers (London region). Standard DPA accepted.
- Stripe — processes payments. Handles billing details only; does not receive your filing data. Stripe is PCI DSS Level 1 certified.
- Intuit (QuickBooks Online) — if you choose to connect QuickBooks Online, we read your financial data via Intuit's API solely to pre-fill your CT600. Financial data is never stored; OAuth tokens are held encrypted and deleted immediately after import. Governed by Intuit's Privacy Statement.
- Xero — if you choose to connect Xero, we read your trial balance via Xero's API solely to pre-fill your CT600. Financial data is never stored; OAuth tokens are held encrypted and deleted immediately after import. Governed by Xero's Privacy Policy.
- PostHog — session recording and product analytics, used to diagnose errors and improve the service. Data is hosted on PostHog's EU servers (Frankfurt). Sensitive fields are masked. Standard DPA accepted. You can object to this processing at any time by emailing privacy@onefiler.co.uk.
We do not sell your data, share it with advertisers, or use it for any purpose beyond providing the service.
6. Your rights under UK GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data (subject to legal retention obligations)
- Portability — receive your data in a machine-readable format
- Withdraw consent — for waitlist emails, at any time
- Object — to processing based on legitimate interests
To exercise any of these rights, email privacy@onefiler.co.uk. We will respond within 30 days. You can also delete your account directly from your dashboard settings, which will erase all your filing data.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
7. Cookies and session recording
We use strictly necessary cookies only — specifically, the authentication session cookie set by Clerk. We do not use advertising or tracking cookies. No consent is required for strictly necessary cookies.
We use PostHog to record anonymised session data (mouse clicks, navigation, and page interactions) to help us identify errors and improve the service. PostHog operates without cookies on our platform (session state is held in memory only). Sensitive fields such as your UTR, gateway credentials, and auth codes are masked and never captured. This processing is based on our legitimate interests in maintaining a reliable service. You have the right to object — email privacy@onefiler.co.uk and we will disable recording for your account.
8. Changes to this policy
If we make material changes to this policy, we will notify you by email and update the “Last updated” date above. Continued use of OneFiler after notification constitutes acceptance of the updated policy.