Legal

Privacy Policy

Last updated: March 2026

Who we are

TealFX is operated as an independent software product. For the purposes of UK GDPR, TealFX is the data controller for personal data collected through this website. If you have any questions about how we handle your data, contact us at [email protected].

What data we collect

  • Account data — your email address, and optionally your name and firm name, collected when you register or sign in.
  • Calculation data — the details of any CGT calculations you save to your dashboard, including dates, amounts, currencies, and any notes you add. This data is associated with your account and stored securely.
  • Usage data — standard server logs including IP address, browser type, pages visited, and timestamps. This data is used for security and to maintain service reliability. It is not sold or shared.
  • Payment data — if you subscribe, payment is processed by Stripe. TealFX does not store your card details. We receive a Stripe customer ID and subscription status only.

How we use your data

  • To provide and maintain your account and saved calculations
  • To send transactional emails (sign-in links, account changes, subscription receipts)
  • To process and manage your subscription via Stripe
  • To investigate security incidents or misuse
  • To comply with legal obligations

We do not use your data for advertising, profiling, or sell it to third parties under any circumstances.

Legal basis for processing

Under UK GDPR, we process your personal data on the following bases:

  • Contract — processing necessary to provide the service you signed up for
  • Legitimate interests — security monitoring, abuse prevention, and service improvement
  • Legal obligation — where required by law

Data retention

We retain your account data for as long as your account is active. If you delete your account, your personal data and saved calculations are scheduled for permanent deletion within 30 days.

Server logs are retained for up to 90 days for security purposes.

Third parties

  • Stripe — payment processing. Subject to Stripe's own privacy policy.
  • Amazon Web Services (SES) — transactional email delivery. Emails are processed through AWS infrastructure in the London (eu-west-2) region.
  • DigitalOcean — hosting infrastructure. Data is stored on servers located in London, United Kingdom.

No other third parties have access to your personal data.

Cookies

TealFX uses a single session cookie to keep you signed in. This cookie is strictly necessary for the service to function and does not track you across other websites. No advertising or analytics cookies are used.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict processing
  • Port your data in a machine-readable format
  • Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to registered users. The date at the top of this page reflects when the policy was last updated.