Privacy Policy

Effective date: 16 March 2026   |  Last updated: 16 March 2026

This Privacy Policy is provided by imultichannel ltd, the data controller for One Accounting AI (oneacc.ai). This is a live document and may be updated as our service evolves.

1. Who We Are

One Accounting AI is a cloud-based accounting and financial management platform operated by:

Company name: imultichannel ltd

Registered in: England and Wales

Website: https://oneacc.ai

Contact email: privacy@oneacc.ai

imultichannel ltd is the data controller for personal data processed through the One Accounting AI platform. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect the following categories of personal and business data:

2.1 Account and Identity Data

  • Full name, email address, and password (encrypted)
  • Business name, Companies House number, and registered address
  • VAT registration number and UTR (Unique Taxpayer Reference) where applicable
  • Contact telephone number

2.2 Financial and Transactional Data

  • Invoices, bills, receipts, and expense records
  • Bank account details and transaction history (via open banking or manual import)
  • Payroll and employee records (where payroll module is used)
  • Tax submissions and HMRC correspondence data
  • Chart of accounts and journal entries

2.3 Technical and Usage Data

  • IP address, browser type, and operating system
  • Device identifiers and session data
  • Pages visited, features used, and timestamps
  • Error logs and crash reports

2.4 Communications Data

  • Support tickets and chat messages
  • Email correspondence with our team
  • Survey responses and feedback

3. How We Use Your Data

We process your data for the following purposes and on the following legal bases under UK GDPR Article 6:

PurposeLegal Basis
Providing the One Accounting AI serviceContract performance (Art. 6(1)(b))
HMRC Making Tax Digital (MTD) submissionsLegal obligation (Art. 6(1)(c))
Account management and customer supportContract performance (Art. 6(1)(b))
Fraud prevention and security monitoringLegitimate interests (Art. 6(1)(f))
Improving and developing our AI featuresLegitimate interests (Art. 6(1)(f))
Sending product updates and marketing emailsConsent (Art. 6(1)(a))
Regulatory and legal complianceLegal obligation (Art. 6(1)(c))

4. HMRC and Making Tax Digital (MTD)

One Accounting AI is designed to integrate with HMRC's Making Tax Digital (MTD) infrastructure. When you authorise us to connect to HMRC on your behalf:

  • We act as an authorised software provider and submit VAT returns, Self Assessment, and other MTD-compatible filings to HMRC via HMRC's API.
  • Your HMRC credentials are never stored by us — we use OAuth 2.0 tokens issued by HMRC, which you can revoke at any time via your HMRC Government Gateway account.
  • Data transmitted to HMRC is encrypted in transit using TLS 1.2 or higher.
  • We retain submission records in accordance with HMRC's statutory record-keeping requirements (minimum 6 years for VAT, 5 years for Self Assessment).

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only as follows:

  • HMRC: For tax submissions you authorise us to make on your behalf.
  • Cloud infrastructure providers: Our platform is hosted on industry-standard cloud providers with appropriate data processing agreements in place.
  • Payment processors: For subscription billing (e.g., Stripe). Your full card details are never stored on our servers.
  • AI/ML service providers: Anonymised and aggregated data may be processed by AI providers to power intelligent features. We do not share identifiable financial data with AI providers without your explicit consent.
  • Open Banking providers: If you connect your bank, your authorisation is handled directly with your bank or an FCA-regulated open banking provider.
  • Legal or regulatory authorities: Where required by law or court order.

6. International Data Transfers

Your data is primarily stored and processed within the UK and European Economic Area (EEA). Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses (SCCs) approved by the ICO
  • Adequacy decisions recognised by the UK government

7. Data Retention

We retain your data for as long as necessary for the purposes described in this policy:

  • Active account data: Retained for the duration of your subscription plus 12 months after cancellation.
  • Financial records and tax submissions: Minimum 6 years from the end of the relevant tax year, in compliance with HMRC requirements.
  • Marketing data: Until you withdraw consent or unsubscribe.
  • Technical logs: Up to 12 months.

Upon account deletion, your personal data will be securely deleted or anonymised within 30 days, except where retention is required by law.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data in certain circumstances.
  • Right to restriction: Request that we restrict processing of your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making: Not to be subject to solely automated decisions with significant effects.

To exercise any of these rights, contact us at privacy@oneacc.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Multi-factor authentication (MFA) for user accounts
  • Regular security assessments and penetration testing
  • Role-based access control for our internal team
  • Incident response and breach notification procedures

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected users without undue delay.

10. Cookies

We use cookies and similar technologies to operate our service. These include:

  • Essential cookies: Required for the platform to function (e.g., session management, authentication). Cannot be disabled.
  • Analytics cookies: Used to understand how users interact with our platform. You can opt out via your account settings.
  • Preference cookies: Remember your settings such as language and theme.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

11. Children's Privacy

One Accounting AI is a business service not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at privacy@oneacc.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notification at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

13. Contact Us

Data Controller: imultichannel ltd

Privacy enquiries: privacy@oneacc.ai

General enquiries: hello@oneacc.ai

Website: https://oneacc.ai

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO): Website: ico.org.uk | Helpline: 0303 123 1113