QQuarterLink
Start my free trial

QuarterLink security

Security and Data Protection Profile

How QuarterLink protects taxpayer details, HMRC connection data, spreadsheet records, billing records, support access, and account security.

Last updated: 15 June 2026

Review-led workflow

Submissions depend on HMRC authority, relevant obligations, spreadsheet records, duplicate-submission protection, and account controls.

Layered account security

MFA, passkeys, recovery codes, role-based access controls, workspace scope, client view-only access, and emergency controls protect sensitive workflows.

Controlled live submission access

Trial and evaluation use are separated from real HMRC submissions. Live submissions remain gated by account and workflow controls.

On this page

Account security

  • Users can use passkeys, security keys, authenticator-app MFA, and recovery codes.
  • Protected HMRC and administrative actions can require recent identity verification.
  • Role-based access and workspace context restrict who can see account, client, billing, support, and HMRC areas.

Sensitive data protection

  • HMRC token material and sensitive taxpayer identifiers are encrypted where implemented by the service.
  • Sensitive identifiers are masked in normal screens where possible.
  • Operational records and exports are designed to avoid exposing raw OAuth tokens, passwords, auth codes, card numbers, or full NINOs.

Client view-only access

Taxpayer and client users are scoped to their own account or authorised workspace data. Client portal access is intended to be read-only unless a specific authorised workflow says otherwise.

Spreadsheet upload protection

  • Supported spreadsheet types are checked before processing.
  • Password-protected, encrypted, macro-enabled, unsafe, oversized, or unsupported files are rejected or blocked according to the upload policy.
  • Production upload flows can require malware scanning. If a scanner is unavailable, the workflow records that state and applies the configured safety behaviour.

HMRC workflow controls

  • QuarterLink requires HMRC authority, relevant obligations, readiness checks, duplicate-submission protection, role/module access, and MFA where required before supported submissions.
  • Trial users cannot make real live HMRC submissions.
  • Live HMRC submission remains blocked unless account and workflow controls allow it.
  • HMRC fraud-prevention headers use request and browser context where required by HMRC.

Records and evidence

  • Important HMRC, import, submission, billing, support, and administrative actions are recorded where required.
  • Submission evidence is retained so users can review workflow history and supporting records.
  • HMRC reference details help trace events without exposing token material.

Payments

Stripe handles checkout, payment methods, billing portal, invoice payment, retries, payment security, and hosted payment pages. QuarterLink stores billing references and status records, not card numbers.

Support access

Support access is temporary, controlled, and recorded. Support may need safe account, import, billing, or HMRC reference details to diagnose issues, but should not need raw passwords, raw OAuth tokens, card numbers, or full sensitive identifiers for normal support.

Incident reporting

If you believe your account, HMRC connection, billing, or taxpayer data is at risk, contact [email protected] with the account email, page, approximate time, and any safe reference or support ticket reference you can see.

Related QuarterLink pages

Useful sources