Privacy Policy
Last updated: March 2026
1. Who We Are
Sidium Ventures Ltd (company number 16677216), trading as Duly Filed, is a software company providing MTD (Making Tax Digital) compliance services to self-employed individuals in the United Kingdom.
Sidium Ventures Ltd is the data controller for the personal data processed through the Duly Filed platform.
References to “we”, “us”, or “our” refer to Sidium Ventures Ltd.
Contact: contact@dulyfiled.co.uk
Security concerns: security@dulyfiled.co.uk
Registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
2. Data We Collect
We collect the following personal data when you use Duly Filed:
- Account information: name and email address (provided during registration)
- Tax identification: National Insurance number, if you choose to provide it for submission purposes
- Financial data: income and expense figures you enter into the platform
- Tax profile information: annual professional costs, estimated PAYE income, and related details used to calculate your tax position
- HMRC connection details: OAuth tokens obtained when you link your Government Gateway account — we never see or store your HMRC password
- Usage data: anonymised information about how you interact with the platform, used solely for product improvement
3. Why We Collect It and Our Legal Basis
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Providing the Duly Filed service: recording income and expenses, calculating quarterly summaries, estimating your tax position | Contract performance — processing is necessary to deliver the service you signed up for |
| Submitting your quarterly MTD updates to HMRC via their API | Contract performance — this is the core function of the service |
| Retaining records of submissions made to HMRC on your behalf | Legal obligation — to support your compliance with tax legislation and to maintain records of filings |
| Sending you service-related communications (e.g. filing confirmations, deadline reminders) | Contract performance — necessary for delivery of the service |
| Improving the platform based on anonymised usage data | Legitimate interests — our interest in improving the service, balanced against your rights (this data is anonymised and cannot identify you) |
We do not process your data for marketing purposes unless you have separately opted in. We do not use your data for profiling or automated decision-making.
4. Who We Share Your Data With
We share your data with the following parties, and only to the extent necessary:
- HMRC: We transmit your income, expense, tax identification, and quarterly summary data to HMRC via their Making Tax Digital API, solely for the purpose of submitting your quarterly updates. This is the core function of the service.
- Infrastructure providers: Your data is processed and stored using third-party cloud hosting providers based in the UK and EU. These providers act as data processors under contract and process your data only on our instructions.
We do not sell, rent, or otherwise share your personal data with any third party for their own purposes.
5. How We Store and Protect Your Data
- Sensitive data, including HMRC connection tokens and National Insurance numbers, is encrypted at rest
- All data in transit is protected by HTTPS encryption
- Access controls ensure users can only access their own data
- Your data is stored on servers located in the United Kingdom. Some application processing takes place in the European Union, which is covered by UK GDPR adequacy provisions
6. Your Rights Under UK GDPR
As a UK resident, you have the right to:
- Access the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data
- Data portability — request a machine-readable copy of your data (available as a JSON export from your account settings)
- Object to processing based on legitimate interests
- Withdraw consent at any time, where processing is based on consent
To exercise any of these rights, contact us at contact@dulyfiled.co.uk. We will respond within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully.
7. Data Retention
We retain your data for as long as your account is active. When you delete your account, all personal data is permanently deleted within 30 days.
Please note that HMRC may require you to keep your own records for up to six years. We recommend exporting your data before deleting your account if you may need it for future HMRC enquiries. Duly Filed provides a data export function in your account settings for this purpose.
8. Cookies
We use only essential session cookies required to keep you logged in and to maintain security (such as CSRF protection). We do not use advertising, analytics, or tracking cookies. Because these cookies are strictly necessary for the service to function, consent is not required under PECR.
9. Changes to This Policy
We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through a notice on the platform. The “last updated” date at the top of this page indicates when the policy was most recently revised.
10. Contact
For any privacy-related queries:
Email: contact@dulyfiled.co.uk
Security concerns: security@dulyfiled.co.uk
Data controller: Sidium Ventures Ltd, company number 16677216