Privacy Policy — Nuxo Tax

Who we are
Age restriction
Data we collect
Legal basis
How we use your data
Where data is stored
Third parties
AI processing
Data retention
Your rights
Data breach procedure
Cookies
Contact

Who we are

Nuxo Tax is an AI-powered tax intelligence app for UK sole traders, operated by Nuxo Tech Ltd (Companies House No. 17122508), registered in England and Wales. We are the data controller for personal data collected through the Nuxo Tax app and the /tax pages of nuxo.co.uk.

We are registered with the UK Information Commissioner's Office (ICO) as a data controller — ICO Registration: ZC121202.

Contact: hello@nuxo.co.uk

Age restriction

Nuxo Tax is not intended for users under 16. You must be at least 16 years old to create an account. If we become aware that we have collected personal data from anyone under 16 without verified parental consent, we will delete that data promptly.

Data we collect

Account information — name, email address, password (hashed, never stored in plain text)
Financial data — income, expenses, invoices, mileage you enter or import
Profile information — business type, tax year start, home office details
Subscription data — purchase history, entitlement status (via RevenueCat)
Device data — device type, OS version, app version (for compatibility and crash reporting)
Usage data — features used, screens viewed (anonymised and aggregated)
Push notification tokens — to deliver weekly digests, HMRC deadline reminders, and other service notifications (via Firebase Cloud Messaging)

Legal basis for processing

Under UK GDPR, we process your data on the following legal bases:

Contract performance (Article 6(1)(b)) — to provide the core service: account management, transaction logging, tax calculations, invoicing, and data export
Legitimate interests (Article 6(1)(f)) — to detect fraud, improve service reliability, and maintain crash reporting (Firebase Crashlytics)
Consent (Article 6(1)(a)) — for optional AI features (Ask Nuxo, receipt OCR), push notifications, and marketing emails. You can withdraw consent at any time from within the app
Legal obligation (Article 6(1)(c)) — to respond to lawful requests from UK authorities where required

How we use your data

To provide real-time tax estimates, deduction detection, and AI insights
To power Ask Nuxo — queries are sent to Groq AI for processing, with no retention by Groq
To scan receipts using Google Cloud Vision OCR when you choose to use that feature
To manage subscriptions and process payments (via RevenueCat and the Apple/Google app stores)
To send push notifications (weekly digest, MTD reminders, payment-on-account deadlines) via Firebase Cloud Messaging
To improve the app using aggregated, anonymised analytics only

Where data is stored

All Nuxo Tax financial data is stored in Google Firebase (EU region — eur3). Your financial records never leave the EU. We use Firebase Authentication, Firestore, and Firebase Storage — all encrypted in transit (TLS 1.3) and at rest (AES-256).

Third parties

We work with the following data processors. Each is bound by a data processing agreement:

Google Firebase — authentication, database, storage, push notifications (EU region; transfers outside the EU where applicable covered by Standard Contractual Clauses)
Firebase Cloud Messaging (FCM) — delivery of push notifications to your device
Firebase Crashlytics — anonymised crash reports to improve app stability
Groq Inc. — processes Ask Nuxo queries only; data is not retained beyond the request (US-based, transfers covered by Standard Contractual Clauses)
Google Cloud Vision — processes receipt images only when you choose to scan a receipt
RevenueCat Inc. — subscription management (purchase history, entitlement status); US-based, transfers covered by Standard Contractual Clauses
Apple App Store / Google Play — payment processing for subscriptions

We never sell your data. Ever.

AI processing disclosure

We use third-party AI services (Groq Inc. and Google Cloud Vision) to provide intelligent features such as expense categorisation, tax suggestions, and receipt scanning. Transaction descriptions, amounts, and receipt images may be sent to these services for processing. Data is transmitted securely and is not used to train AI models.

By using Nuxo Tax's AI features you consent to this processing. You can choose not to use receipt scanning or Ask Nuxo if you prefer not to have data sent to these services. Your tax calculations and core app functionality do not require AI processing and will continue to work without it.

Data retention

We retain your personal data for as long as your account is active.

HMRC record-keeping — your responsibility

Upon account deletion, all personal data is removed from our live systems within 30 days (accounting for backup rotations).

We recommend exporting your tax records before deleting your account, as HMRC requires sole traders to retain records for at least 5 years after the relevant tax year. Nuxo Tech Ltd does not retain copies of your data after deletion — you are the controller of your own tax records.

You can export all your data at any time via Settings → Export. This produces a CSV and PDF containing your complete transaction history, invoices, mileage log, and categorisation — everything you need for HMRC compliance or to share with an accountant.

Your rights under UK GDPR

You have the following rights over your personal data:

Access — view your data at any time within the app, or request a full export
Rectification — correct inaccurate data directly in the app
Erasure — delete your account and all data via Settings → Delete Account
Portability — export your data in CSV or PDF format
Object / restrict processing — contact us to restrict specific processing activities
Withdraw consent — turn off AI features, push notifications, or marketing emails at any time

To exercise any of these rights, use the in-app controls or email hello@nuxo.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk if you believe we have mishandled your data.

Data breach procedure

In the unlikely event of a personal data breach, we will:

Notify the Information Commissioner's Office within 72 hours of becoming aware, as required by UK GDPR Article 33
Notify affected users directly without undue delay, where the breach is likely to result in a high risk to your rights and freedoms
Document the breach, its effects, and the remedial action taken

Cookies

The Nuxo Tax app does not use cookies. The nuxo.co.uk/tax website uses no tracking cookies or third-party analytics. Waitlist email submissions are processed by Web3Forms (operated by Nocodeforms UG, Germany), which forwards the submitted email address to our hello@nuxo.co.uk inbox over EU-based infrastructure and does not retain submission data long-term.

Contact

For privacy enquiries, data access requests, or to exercise any of your UK GDPR rights:

Nuxo Tech Ltd
Email: hello@nuxo.co.uk
ICO Registration: ZC121202
Companies House: 17122508

This policy may be updated from time to time. Material changes will be posted on this page with an updated "Last updated" date and, where significant, by in-app notification or email.