Privacy Policy

Welcome to Fylix, operated by Skyie Global Technologies Ltd ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy rights in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy describes how we collect, use, store, and share information when you use our self-assessment tax filing platform and related services. By using Fylix, you acknowledge that you have read and understood this policy.

If you have any questions about how we handle your data, please contact us at support@fylix.com.

We collect several types of information to provide and improve our services:

2.1 Account Information

• Personal details: name, email address, phone number, postal address
• Business information: company name, UTR number, industry type, role
• Authentication credentials: hashed passwords, security questions

2.2 Financial & Tax Data

• Income and expense records
• Bank transaction data (when you connect bank accounts)
• Tax return submissions and HMRC correspondence
• Property details (for landlords)
• Receipt images and supporting documents

2.3 Usage Data

• Log data: IP address, browser type, device information
• Platform interactions: pages visited, features used, time spent
• Performance metrics: error logs, response times

2.4 Cookies & Tracking

We use cookies and similar technologies to enhance your experience. See our Cookie Policy for detailed information.

We process your data for the following purposes:

• Service Delivery: To process tax calculations, generate returns, and submit filings to HMRC on your behalf
• Account Management: To create and maintain your account, authenticate your identity, and manage subscriptions
• Customer Support: To respond to inquiries, resolve technical issues, and provide assistance
• Platform Improvement: To analyze usage patterns, identify bugs, and develop new features
• Security: To detect fraud, prevent unauthorized access, and protect against security threats
• Legal Compliance: To meet our obligations under UK tax law, anti-money laundering regulations, and court orders
• Communications: To send service updates, deadline reminders, and (with your consent) marketing materials

We rely on the following legal bases for processing your data under UK GDPR: Contract Performance (Article 6(1)(b)), Legal Obligation (Article 6(1)(c)), Legitimate Interest (Article 6(1)(f)), and Consent (Article 6(1)(a)) where applicable.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal obligations.

Retention Periods

• Tax Records: Retained for 7 years after submission (HMRC requirement)
• Account Data: Retained while your account is active, plus 12 months after closure
• Usage Logs: Retained for 24 months for security and analytics
• Marketing Data: Retained until you withdraw consent

After the retention period expires, we securely delete or anonymize your data in accordance with our data deletion procedures.

You have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of the personal data we hold about you
• Right to Rectification (Article 16): Correct inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing (Article 18): Limit how we use your data in certain circumstances
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact our Data Protection Officer at dpo@fylix.com. We will respond to your request within 30 days.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

We implement industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction:

• 256-bit AES encryption for data at rest
• TLS 1.3 encryption for data in transit
• SOC 2 Type II certified infrastructure
• Regular security audits and penetration testing
• Role-based access controls and audit logging
• Multi-factor authentication for sensitive operations

While we take every precaution to secure your data, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

We do not sell your personal data. We may share your information with the following categories of third parties:

• HMRC: To submit tax returns and fulfill statutory obligations
• Cloud Service Providers: For hosting and infrastructure (AWS, Google Cloud)
• Payment Processors: To process subscription payments (Stripe)
• Bank Integration Partners: For secure open banking connections
• Analytics Providers: For usage insights (Google Analytics)
• Customer Support Tools: To provide assistance (Zendesk)

All third-party service providers are contractually bound to process data in accordance with UK GDPR and our instructions. We conduct regular due diligence to ensure compliance.

Your data is primarily stored on servers located in the United Kingdom. In some cases, data may be transferred to countries outside the UK for processing by our service providers.

Where transfers occur to countries without an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the ICO.

Fylix is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal information, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or through a prominent notice on our platform.

The "Last Updated" date at the bottom of this page indicates when the policy was last revised. Your continued use of Fylix after changes are posted constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: