Privacy Policy
Last updated: 10 January 2026
Your Privacy Rights (UK GDPR)
Under UK data protection law, you have the right to:
- • Access your personal data
- • Correct inaccurate data
- • Request deletion of your data
- • Object to processing of your data
- • Data portability
- • Withdraw consent at any time
Contact us at privacy@tax-is-hard.com to exercise these rights.
1. Introduction
COGA AI Limited ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at tax-is-hard.com (the "Service").
We are the data controller for the personal data we process. Our registered address is Apt 4, Montague House, 5 Ash Tree Close, BR6 7FH, United Kingdom, and you can contact our data protection team at privacy@tax-is-hard.com.
2. Information We Collect
2.1 Information You Provide
We collect information you voluntarily provide, including:
- Account Information: Email address, password (encrypted), name
- Financial Data: Income figures, business revenue, costs, and other financial information you enter for tax calculations
- Payment Information: Billing address and payment card details (processed securely by Stripe; we do not store full card numbers)
- Communications: Messages you send us via email or contact forms
- Saved Scenarios: Tax calculation scenarios you choose to save
2.2 Information Collected Automatically
When you use our Service, we automatically collect:
- Device Information: Browser type, operating system, device type
- Usage Data: Pages visited, features used, time spent on pages
- Log Data: IP address, access times, referring URLs
- Cookies: See our Cookie Policy for details
2.3 Information from Third Parties
We may receive information from:
- Payment Processors: Transaction confirmation from Stripe
- Authentication Providers: If you sign in via social login
2.4 Analytics & Session Replay
We use a privacy-first analytics tool (PostHog) that can include optional session replay to understand usability. Recording is suppressed when Do Not Track is enabled or when you decline analytics in the cookie banner. Recordings are retained for up to 30 days and we mask form fields where possible. You can opt out at any time via settings or by contacting privacy@tax-is-hard.com.
2.5 Optional Ads / Boosts
Free users may opt to watch a rewarded ad to receive extra usage. Ads are never shown unless you explicitly start them. Partner/affiliate offers are off by default and will only run if you opt in.
3. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Providing tax calculation services | Contract performance |
| Processing payments | Contract performance |
| Account management | Contract performance |
| Sending service updates | Legitimate interest |
| Marketing communications | Consent |
| Improving our services | Legitimate interest |
| Fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |
4. Data Sharing and Disclosure
We may share your information with:
4.1 Service Providers
- AWS (Amazon Web Services): Cloud hosting and data storage (EU region)
- Stripe: Payment processing
- Analytics providers: To understand service usage
4.2 Legal Requirements
We may disclose your information if required by law, court order, or government request.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
4.4 We Do NOT
- Sell your personal data to third parties
- Share your financial data with advertisers
- Use your data for automated decision-making that affects you
5. Data Retention
We retain your data for the following periods:
- Account data: Until you delete your account, plus 30 days
- Calculation history: 7 years (for tax record purposes)
- Payment records: 7 years (legal requirement)
- Marketing preferences: Until you unsubscribe
- Analytics data: 26 months
You can request deletion of your data at any time, subject to legal retention requirements.
6. Data Security
We implement appropriate security measures including:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Secure password hashing (bcrypt)
- Regular security audits and penetration testing
- Access controls and authentication
- Employee training on data protection
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
7. International Data Transfers
Your data is primarily stored in AWS data centres in the EU (Ireland). If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the ICO
- Adequacy decisions by the UK government
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
8.1 Right of Access
You can request a copy of all personal data we hold about you. We will respond within one month.
8.2 Right to Rectification
You can request correction of inaccurate or incomplete data.
8.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your data in certain circumstances. Note that we may need to retain some data for legal compliance.
8.4 Right to Restrict Processing
You can request that we limit how we use your data.
8.5 Right to Data Portability
You can request your data in a structured, machine-readable format (JSON or CSV).
8.6 Right to Object
You can object to processing based on legitimate interests, including direct marketing.
8.7 Right to Withdraw Consent
Where we process data based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
8.8 How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@tax-is-hard.com. We may need to verify your identity before processing your request.
9. Children's Privacy
Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
10. Cookies and Tracking
We use cookies and similar technologies. For detailed information, please see our Cookie Policy.
11. Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. The "Last updated" date at the top indicates when the policy was last revised.
13. Complaints
If you have concerns about how we handle your data, please contact us first at privacy@tax-is-hard.com.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
14. Contact Us
For privacy-related inquiries:
- Email: privacy@tax-is-hard.com
- Data Protection Officer: dpo@tax-is-hard.com
- Address: COGA AI Limited, Apt 4, Montague House, 5 Ash Tree Close, BR6 7FH
- Company number: 16036396
- ICO registration reference: ZC103238