Security & data protection

Your clients' data is sensitive. Here is exactly how we protect it.

TLS encryption in transit

All communication between your browser and our servers uses TLS 1.2 or higher. Your data cannot be intercepted in transit.

Encrypted at rest

Data stored in our database is encrypted at rest. If the physical storage media were ever compromised, your data remains unreadable.

UK data residency

All data is stored on servers located within the United Kingdom. No data is transferred to or stored outside the UK.

Email 2FA on every login

Every login attempt requires a time-limited one-time code sent to your registered email address. There are no bypass options.

Automatic session expiry

Sessions expire automatically after a period of inactivity. Unattended terminals cannot be exploited to access your account.

Full audit logging

Every action taken in the platform — filings, document generation, company changes — is logged with user identity, timestamp, and IP address.

Rate limiting & brute-force protection

Login attempts and sensitive actions are rate-limited. Repeated failed attempts are automatically blocked and can trigger alerts.

Role-based access control

Each user account is scoped to the companies and actions they are authorised for. Team members cannot access data outside their permissions.

UK GDPR & Data Protection

WebFiling processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a data controller, we process only the personal data necessary to provide the platform service.

Personal data we hold (user names, email addresses, company officer details entered by you) is used solely for the purpose of providing the WebFiling service. We do not sell, rent, or share your data with third parties for marketing purposes.

Data subjects have the right to access, rectify, and erase their personal data. Requests can be raised through the platform or by contacting us directly.

Companies House data

WebFiling retrieves publicly available company data from the Companies House API to pre-populate filings and provide search functionality. This data is sourced from the public register and is not personal data in the GDPR sense. It is used exclusively to assist with filing preparation.

Payment data

WebFiling does not store card numbers or payment credentials. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified. WebFiling only retains a Stripe customer reference and subscription status.

Responsible disclosure

If you discover a security vulnerability in WebFiling, please report it responsibly by raising a support ticket through your account. We will investigate promptly and communicate resolution timelines clearly.

Secure by design, from day one

Start a free trial and see the platform for yourself.

Create your account About WebFiling