Skip to main content
← Back to home

Privacy Policy

Last updated: 14 April 2026

1. Who We Are

RegNexus Books is operated by FYM Compliance Limited, a company registered in England and Wales. We provide cloud accounting software for UK regulated professional firms.

Data Controller: FYM Compliance Limited
Contact: info@reg-nexus.com

2. Data We Collect

We collect and process the following categories of personal data:

  • Account data — name, email address, organisation details
  • Financial data — invoices, bills, journal entries, bank transactions, VAT returns, payroll records
  • Tax data — VAT Registration Number (VRN), National Insurance Number (NINO), UTR, PAYE references
  • HMRC data — when you connect to HMRC via Making Tax Digital, we store OAuth tokens (encrypted) and retrieve your VAT obligations, ITSA obligations, and submission receipts
  • Open Banking data — when you connect a bank account via TrueLayer, we import transaction data (descriptions, amounts, dates) to facilitate reconciliation
  • Companies House data — company profiles, filing history, and officer information retrieved via the Companies House API
  • Usage data — pages visited, features used, timestamps

3. How We Use Your Data

We use your data to:

  • Provide and maintain the RegNexus Books accounting service
  • Submit VAT returns and ITSA quarterly updates to HMRC on your behalf via Making Tax Digital APIs
  • Import and reconcile bank transactions via Open Banking (TrueLayer)
  • File annual accounts with Companies House
  • Generate invoices, payroll, and financial reports
  • Process payments via Stripe and GoCardless
  • Send transactional emails (invoices, reminders, receipts)
  • Improve our service and fix issues

4. HMRC Data

When you authorise RegNexus Books to connect to HMRC, we access your tax data solely to submit returns and retrieve obligations on your behalf. We store encrypted OAuth tokens to maintain the connection. You can disconnect from HMRC at any time via Settings > Integrations, which immediately deletes all stored tokens.

We comply with HMRC's fraud prevention requirements and transmit the required headers with every API request.

5. Open Banking Data

Bank account data imported via TrueLayer is used exclusively for transaction reconciliation within your accounting ledger. We do not sell, share, or use your bank data for any other purpose. Bank connections can be revoked at any time.

6. Legal Basis

We process your data under the following legal bases (UK GDPR):

  • Contract — processing necessary to provide the accounting service you have subscribed to
  • Legal obligation — compliance with UK tax law and HMRC requirements
  • Consent — for optional integrations (HMRC, Open Banking) which you explicitly authorise
  • Legitimate interest — service improvement, security monitoring

7. Data Storage & Security

Your data is stored in Neon PostgreSQL (EU region) and served via Vercel (edge network). All data is encrypted in transit (TLS 1.3) and sensitive credentials (OAuth tokens, API keys) are encrypted at rest. We use role-based access control to ensure data isolation between organisations.

8. Data Retention

Financial records are retained for the duration required by UK law (typically 6 years for tax records). Account data is deleted upon request or when you close your account. HMRC tokens are deleted immediately upon disconnection.

9. Third-Party Processors

  • Neon — database hosting (EU)
  • Vercel — application hosting
  • Stripe — payment processing
  • Resend — transactional email delivery
  • HMRC — tax data exchange (UK government)
  • TrueLayer — Open Banking data (FCA-authorised AISP)
  • Companies House — company data (UK government)

10. Your Rights

Under UK GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise any of these rights, contact us at info@reg-nexus.com.

11. Contact

For any privacy-related enquiries, contact:
FYM Compliance Limited
Email: info@reg-nexus.com