QQuarterLink
Start my free trial

QuarterLink privacy

Privacy Notice

How QuarterLink handles personal data for the public website, account workspace, HMRC connection, spreadsheet workflows, billing, support, and account deletion requests.

Last updated: 15 June 2026

Built around MTD workflows

We process the data needed to connect HMRC, map spreadsheet figures, keep evidence, run billing, and support your account.

Sensitive identifiers are protected

HMRC tokens, NINOs, and other sensitive taxpayer identifiers are encrypted or masked where the product can do so.

You stay in control

You can request access, correction, export, restriction, or deletion review, subject to tax, audit, billing, security, and legal retention duties.

On this page

Who we are

QuarterLink is the customer-facing software brand licensed through Haetora Software Limited. The underlying software intellectual property is owned by Lee Hine. For privacy questions, data-rights requests, support-access questions, security concerns, billing questions, or complaints, contact [email protected].

This notice covers visitors, account holders, direct taxpayers, client users, practice users, support contacts, and people who contact us through the website.

Data we collect

QuarterLink collects data only where it supports the website, account workspace, HMRC workflow, security, support, billing, or legal accountability.

Account and access data
Name, email address, account role, workspace, login state, MFA (multi-factor authentication) status, passkey or authenticator state, recovery-code state, and account settings.
Legal basis: Contract, legitimate interests, security
Taxpayer and HMRC data
NINO, UTR where supplied, HMRC business IDs, authorisation records, obligations, quarterly update records, HMRC reference details, receipts, and HMRC-returned record summaries.
Legal basis: Contract, legal obligation, legitimate interests
Spreadsheet workflow data
Import details, file checks, parsed totals, mapping proof, supporting records, validation results, upload security findings, and submission-readiness records.
Legal basis: Contract, legal obligation, legitimate interests
Security and audit data
Sign-in events, protected-action records, support-access records, IP/proxy diagnostics, MFA verification timestamps, HMRC fraud-prevention browser data, and operational records.
Legal basis: Legal obligation, legitimate interests, security
Billing and support data
Stripe customer, subscription, invoice, payment status, checkout and portal references, support tickets, support messages, and deletion/export case records.
Legal basis: Contract, legal obligation, legitimate interests
Website and contact data
Contact form details, readiness-checker submissions, essential cookie preferences, and voluntary information you submit through public forms.
Legal basis: Consent where required, legitimate interests, contract steps

Why we use the data

  • To provide the account workspace, authenticate users, apply role-based access controls, and keep workspace and taxpayer data separated.
  • To connect to HMRC with the taxpayer authority, sync business details and obligations, prepare supported quarterly updates, and retain evidence.
  • To process spreadsheet imports, reject unsafe files, create mapping proof, and maintain supporting records.
  • To operate billing, support, account deletion/export, security monitoring, fraud-prevention, and accountability records.
  • To respond to enquiries, improve onboarding, and understand first-party conversion signals such as checker submissions and contact requests without adding marketing cookies.

Who we share data with

HMRC
When you connect HMRC, sync HMRC records, or make a supported submission after all product and account controls allow it.
Stripe
For hosted checkout, billing portal, invoices, payment methods, retries, payment security, and billing-status webhooks. QuarterLink does not store card numbers.
Hosting, email, database, monitoring, and support providers
For operating the service, sending account/support messages, storing records, monitoring reliability, and investigating issues.
Professional advisers, regulators, courts, or law enforcement
Where required by law or needed to protect users, HMRC data, service integrity, legal claims, or security.

Retention

Temporary spreadsheet source files
Kept only for the upload/import workflow where possible. Parsed records, hashes, mapping proof, and evidence references can be retained for audit and support.
HMRC workflow and submission evidence
Retained where needed for Making Tax Digital, tax, dispute, support, and legal accountability. HMRC tax records may need to be kept for years after the relevant filing deadline.
Billing and invoices
Retained for accounting, tax, payment dispute, fraud-prevention, and subscription history requirements.
Support, security, and audit records
Retained while needed to investigate issues, prove protected actions, maintain service security, handle complaints, and meet legal duties.
Deletion and export cases
Retained to show how a request was handled and which records were erased, restricted, anonymised, or retained.

Your rights

Under UK data protection law, you may have rights to access, correct, erase, restrict, object to processing, request portability, and complain to the UK Information Commissioner's Office.

Some rights can be limited where records must be retained for HMRC tax, billing, audit, security, support, legal claims, or service-integrity reasons.

Security and support access

QuarterLink uses layered controls including encryption, MFA/passkeys, role-based access controls, support-access controls, upload scanning, and HMRC fraud-prevention data capture.

Support access is temporary, controlled, and recorded. It is used only where needed to investigate a support issue. Support teams should not need to see card numbers, raw OAuth tokens, or full sensitive identifiers to help investigate normal issues.

Questions and complaints

Contact [email protected] if you want to exercise privacy rights, ask how a record is used, or make a complaint. Haetora Software Limited will review the issue, acknowledge it, investigate the relevant records, and explain the outcome or next step. You can also complain to the UK Information Commissioner's Office if you are unhappy with how personal data is handled.

Related QuarterLink pages

Useful sources