Privacy Policy

At Yonda Tax, we help businesses expand globally, without the burden of managing sales tax compliance across multiple countries and states.

Document type Privacy Policy (Website & Platform)
Data controller Yonda Tax Limited, 86–90 Paul Street, London, EC2A 4NE
Scope Website visitors, prospective clients, platform users & their personnel
Applicable law UK GDPR / Data Protection Act 2018; US state privacy laws (CCPA/CPRA where applicable)
Last updated May 2026

1. Who We Are and How to Contact Us

Yonda Tax Limited (“Yonda”, “we”, “us”, “our”) is a company registered in England and Wales (Company No. 13973098) with its registered office at 86-90 Paul Street, London, EC2A 4NE. We provide indirect tax compliance software and services, including VAT, GST, and US sales tax registration, filing, and advisory services, via our online platform (the “Platform”) and associated website at www.yondatax.com (the “Website”).

For all privacy-related queries, data subject requests, or concerns, please contact our designated privacy contact at:

Email hello@yondatax.com
Post Data Privacy, Yonda Tax Limited, 4th Floor, Centro Forum, 74–80 Camden Street, London, NW1 0EG

2. Scope of This Policy

This Privacy Policy applies to Personal Data we collect and process in connection with:

  • visitors to our Website (www.yondatax.com);
  • individuals who contact us via our Website, email, telephone, or social media;
  • prospective clients and their representatives;
  • clients (“Clients”) who access and use our Platform and Services; and
  • personnel and authorised users of Client organisations who access the Platform on their employer’s behalf.

This Policy does not cover Personal Data that Clients upload to the Platform in connection with their own customers or end-users (“Client-Controlled Data”). In respect of Client-Controlled Data, Yonda acts as a data processor on the Client’s instructions, and the Client is the data controller. Such processing is governed by the Data Processing Agreement (“DPA”) between Yonda and the Client.

3. Personal Data We Collect

3.1 Website visitors and marketing contacts

  • Name, job title, company name and contact details (email, phone, LinkedIn).
  • IP address, browser type and version, device information, and operating system.
  • Pages visited, time spent on site, referral source, and clickstream data.
  • Cookie identifiers and behavioural data (see Section 8).
  • Any information you voluntarily provide via contact forms, demo requests, or webinar registrations.

3.2 Prospective and onboarding clients

  • Business name, registration number, and registered address.
  • Name, email, and contact details of authorised representatives and signatories.
  • Information provided in scoping calls, proposals, and onboarding questionnaires.

3.3 Platform users

  • Account credentials (username, hashed password).
  • Name, job title, work email address, and telephone number.
  • Tax identifying numbers (VAT, GST, EIN/TIN) for the Client entity.
  • Banking details where provided in connection with tax registration or filing services.
  • Transaction and filing data uploaded to or generated within the Platform.
  • Audit logs of Platform activity (logins, actions taken, timestamps).
  • Support tickets and correspondence with our team. 

4. How and Why We Use Your Personal Data

We process your Personal Data on the following legal bases under UK GDPR:

Purpose Data used Lawful basis
Providing the Platform and Services Account, contact, tax, and transaction data Performance of contract (Art. 6(1)(b))
Creating and managing user accounts Name, email, credentials Performance of contract (Art. 6(1)(b))
Client onboarding and KYC/AML checks Business registration, representative details Legal obligation (Art. 6(1)(c))
Tax registration and filing on behalf of Clients Tax IDs, banking details, transaction data Performance of contract (Art. 6(1)(b))
Customer support and issue resolution Contact details, support correspondence Legitimate interests (Art. 6(1)(f))
Platform security, fraud prevention, and audit logging IP address, login data, activity logs Legitimate interests (Art. 6(1)(f))
Website analytics and improvement Cookies, IP, behavioural data Consent (Art. 6(1)(a)) or Legitimate interests
Marketing communications (where opted in) Name, email, company Consent (Art. 6(1)(a))
Compliance with legal and regulatory obligations As required Legal obligation (Art. 6(1)(c))

5. Sharing Your Personal Data

We do not sell, rent, or trade your Personal Data. We may share your data with the following categories of third parties where necessary to deliver our Services:

  • Cloud infrastructure and hosting providers (e.g. AWS or equivalent) who host the Platform and process data on our behalf;
  • Tax authority portals and government systems to which we submit filings on behalf of Clients;
  • Payment processors and banking partners where required to facilitate tax payments or fee collection;
  • Customer relationship management (CRM), helpdesk, and analytics software providers;
  • Professional advisers including lawyers, accountants, and auditors under obligations of confidentiality;
  • Regulatory or law enforcement authorities where we are required to do so by law.

All third-party processors are subject to written data processing agreements and are authorised to use your data only for the purpose of providing services to us. We publish a list of our current sub-processors, which is available on request at privacy@yondatax.com.

6. International Data Transfers

Yonda is headquartered in the United Kingdom. We serve clients globally, including in the United States, and some of our sub-processors are based outside the UK and European Economic Area (EEA).

Where we transfer Personal Data outside the UK or EEA, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office (ICO) or the European Commission;
  • Adequacy decisions where applicable; or
  • Other transfer mechanisms recognised under applicable data protection law.

For US-based Clients, to the extent that we process Personal Data subject to applicable US state privacy laws (including the California Consumer Privacy Act / CPRA), we comply with the obligations applicable to service providers under such laws and will not sell or share Personal Data for cross-context behavioural advertising.

7. Data Retention

We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

Active Platform accounts For the duration of the Client relationship plus 7 years following termination (to meet statutory accounting and tax record-keeping requirements).
Tax filing records 7 years from the date of filing, or longer where required by the relevant tax authority.
Marketing contact data 3 years from last engagement, or until consent is withdrawn.
Website analytics 26 months (standard analytics retention).
Support correspondence 3 years from resolution of the relevant matter.

Following the end of the applicable retention period, Personal Data will be securely deleted or anonymised. Where deletion is not immediately possible (for example, where data is held in backup archives), we will ensure the data is isolated and protected from further processing.

8. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies. We use the following categories of cookies:

  • Strictly necessary cookies – essential for the Website to function. These cannot be disabled.
  • Analytical / performance cookies – help us understand how visitors interact with our Website (e.g. Microsoft Clarity, Google Analytics).
  • Functional cookies – remember your preferences to personalise your experience.
  • Targeting / advertising cookies – used to deliver relevant advertising and track campaign performance (e.g. Microsoft Advertising, LinkedIn Insight Tag).

You can manage your cookie preferences via the cookie consent banner on our Website or by adjusting your browser settings. Please note that disabling certain cookies may affect Website functionality.

For information about how Microsoft Clarity and Microsoft Advertising collect and use your data, please refer to the Microsoft Privacy Statement at https://privacy.microsoft.com.

9. Security

We take data security seriously and implement appropriate technical and organisational measures to protect your Personal Data against unauthorised access, loss, alteration, or disclosure. These measures include:

  • Encryption of data in transit (TLS/HTTPS) and at rest;
  • Role-based access controls and authentication requirements for Platform access;
  • Regular security assessments and penetration testing;
  • Staff training on data protection and information security;
  • Incident response and breach notification procedures.

In the event of a Personal Data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, and will notify affected individuals without undue delay where required by law.

10. Your Rights

Depending on your location and the applicable law, you may have the following rights in respect of your Personal Data:

  • Right of access – to obtain a copy of the Personal Data we hold about you.
  • Right to rectification – to correct inaccurate or incomplete Personal Data.
  • Right to erasure – to request deletion of your Personal Data in certain circumstances.
  • Right to restrict processing – to request that we limit how we use your data.
  • Right to data portability – to receive your data in a structured, machine-readable format.
  • Right to object – to object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

California residents may additionally exercise rights under the CCPA/CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of the “sale” or “sharing” of Personal Data. Yonda does not sell or share Personal Data as those terms are defined under California law.

To exercise any of your rights, please contact us at hello@yondatax.com. We will respond within one calendar month (or within 45 days for US residents where applicable). We will not charge a fee unless a request is manifestly unfounded or excessive.

If you are unhappy with how we have handled your Personal Data, you have the right to lodge a complaint with the relevant supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) at www.ico.org.uk.

11. Children

Our Website and Platform are not directed at individuals under the age of 18. We do not knowingly collect Personal Data from children. If you believe we have inadvertently collected such data, please contact us at privacy@yondatax.com and we will take steps to delete it promptly.

12. Links to Third-Party Websites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. We will post the updated policy on our Website with a revised “Last updated” date. Where changes are material, we will notify active Platform users by email or in-platform notification with reasonable notice before the changes take effect.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your Personal Data, please contact us:

Email hello@yondatax.com
Post Data Privacy, Yonda Tax Limited, 4th Floor, Centro Forum, 74–80 Camden Street, London, NW1 0EG
Website www.yondatax.com/privacy-policy
We value your privacy
We use cookies to enhance your browsing experience, serve personalized ads or content, analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy
Manage cookie preferences
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.