Legal

Privacy Notice

Last updated: April 21, 2026

Agentax Advisory Ltd (“we”, “us”, “the Firm”) is committed to protecting your personal data. This notice explains what data we collect, why, how we use it, who we share it with, and your rights.

1. Who we are

  • Controller: Agentax Advisory Ltd
  • Registered office: Flat C, 17 Lucerne Road, London, N5 1TZ, United Kingdom
  • Companies House number: 17126173
  • ICO registration number: [pending — see Section 1 of our internal Compliance Pack]
  • Contact: kyle@agentax.com

2. Personal data we collect

To prepare US tax returns and provide advisory services, we collect:

  • Identity data: name, date of birth, nationality, Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN), passport number, foreign tax identification numbers.
  • Contact data: email address, phone number, physical address (current and prior).
  • Financial data: income (W-2, 1099, foreign equivalents), bank and brokerage account details, capital gains, equity compensation, rental income, retirement account balances, foreign financial account details (FBAR/FATCA).
  • Tax data: prior US tax returns, state returns, foreign tax returns, IRS and state correspondence.
  • Family data: spouse and dependent information (name, SSN/ITIN, date of birth) where relevant to filing status.
  • Employment and business data: employer details, self-employment income and expenses.
  • Engagement data: communications, engagement letters, payment records, uploaded source documents.

3. Why we process it (lawful basis)

PurposeLawful basis (UK/EU GDPR Art. 6)
Preparing your tax return and providing advisory servicesArt. 6(1)(b) — contract
Meeting IRS, HMRC, and other tax authority obligationsArt. 6(1)(c) — legal obligation
Retaining records for the statutory periodArt. 6(1)(c) — legal obligation (IRS: up to 7 years; HMRC: up to 6 years)
Defending against claims, complaints, or regulatory enquiriesArt. 6(1)(f) — legitimate interests
Website analytics (Google Ads, LinkedIn Insight)Art. 6(1)(a) — consent, gathered via our cookie banner and withdrawable below
Marketing communications (if any)Art. 6(1)(a) — consent, withdrawable at any time

We do not ordinarily process special category data under Art. 9. If your tax situation requires disclosure of such data (e.g., health-related medical expense deductions), we will process it on the basis of Art. 9(2)(a) — explicit consent.

4. Who we share it with

We share the minimum data necessary with:

  • Tax authorities: the IRS, US state tax departments, HMRC, and (where relevant) foreign tax authorities to file your returns.
  • Co-reviewers: licensed tax advisors engaged to review your return.
  • Processors (on our instructions, under Art. 28 data processing agreements): Vercel (hosting), Neon (database), Stripe (payments), Resend (email delivery), OpenAI and Anthropic (AI-assisted document extraction and drafting), Auth.js / NextAuth (authentication).
  • Professional advisors: legal counsel, insurers, and auditors where reasonably necessary.
  • Successors: if the Firm is sold or reorganised, personal data may transfer to the successor under the same protections.

We do not sell personal data. We do not use your tax or engagement data for advertising.

5. Cookies and similar technologies

This site uses two categories of cookies:

  • Strictly necessary cookies — required for authentication, session management, and CSRF protection. These are always on; the PECR does not require consent for strictly necessary cookies.
  • Analytics and advertising cookies — we use Google Ads (gtag) and LinkedIn Insight to measure which marketing channels lead people to our site. These load only with your consent, via the cookie banner shown on your first visit.

You can change your cookie choice at any time here:

6. International transfers

Some of our processors are located in the United States. Transfers of personal data out of the UK and EU are made under one of the following safeguards:

  • The UK Extension to the EU-US Data Privacy Framework (for US processors that are DPF-certified), and/or
  • EU Commission 2021 Standard Contractual Clauses together with the UK International Data Transfer Addendum, and/or
  • The UK International Data Transfer Agreement (IDTA).

A Transfer Impact Assessment is maintained for each recipient and is available on request.

7. How long we keep it

  • Client tax returns and supporting documents: 7 years from the filing date.
  • Engagement letters and payment records: 7 years after engagement ends.
  • Client correspondence: 3 years.
  • Marketing consents: until withdrawn or 3 years of inactivity, whichever is sooner.

8. Your rights (UK / EU GDPR Arts. 15–22)

You have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Rectify inaccurate data (Art. 16).
  • Erase data (“right to be forgotten”), subject to our legal retention obligations (Art. 17).
  • Restrict processing in specified circumstances (Art. 18).
  • Data portability — receive your data in a structured, machine-readable format (Art. 20).
  • Object to processing based on legitimate interests (Art. 21).
  • Withdraw consent where consent is the lawful basis, at any time (Art. 7(3)).
  • Not be subject to solely automated decisions with legal or similarly significant effects (Art. 22).

To exercise these rights, email kyle@agentax.com. We will respond within one month (extendable by two further months for complex requests) at no charge.

9. Complaints

You have the right to lodge a complaint with a supervisory authority:

  • UK: Information Commissioner’s Office — ico.org.uk/concerns — 0303 123 1113.
  • EU: the data protection authority in your member state of residence (list at edpb.europa.eu).

We would be grateful for the opportunity to address your concerns directly before you contact a regulator.

10. Changes to this notice

We will update this notice from time to time. Material changes will be communicated by email to active clients at least 30 days in advance.

See also our Terms of Service.