logo

Security & Data Ownership

Last updated: February 2026

WpAccPac is designed for UK accountants. We aim to keep your working papers organised and accessible, while applying sensible security controls and keeping ownership of your data clear.

1. Security overview

  • Authenticated access: Access to the application is restricted to signed-in users.
  • Organisation scoping: Data is scoped to your organisation and access is limited by user role within the app.
  • Encrypted in transit: Traffic is served over HTTPS.
  • Managed infrastructure: The application runs on managed hosting, database, and storage infrastructure.
  • Role-based access: Users only see the organisations, clients, and periods they have access to within the platform.

2. Where your data lives

Structured data

Working papers data is stored as structured records in a database. This may include organisations, clients, accounting periods, planning documents, lead schedules, supporting schedules, fixed assets, review notes, queries, and sign-offs.

Uploaded documents and evidence

WpAccPac may store uploaded supporting documents such as PDFs and images within the platform using managed storage providers under our control. These files are scoped to the relevant organisation, client, and accounting period.

External document links

WpAccPac may also store references (links) to documents held in your own systems, such as SharePoint, Google Drive, or internal file servers.

  • Links are stored as metadata within the application and scoped to the relevant client and accounting period.
  • Access to the linked document remains controlled by your own document management system.
  • Your organisation is responsible for ensuring that shared links are configured appropriately and do not expose sensitive files more widely than intended.

3. Data ownership

You retain full ownership of all data entered into WpAccPac, including structured records, uploaded files, and document references.

In most cases, WpAccPac acts as a service provider and data processor, storing and presenting information on your behalf so you can manage accounts jobs efficiently.

4. Access controls

  • Users only see the organisations and clients they have access to.
  • Role-based restrictions may be applied within the application for certain actions.
  • Access to data is controlled through authenticated user accounts and organisation-level separation.

5. Logging, monitoring, and error reporting

We monitor the service to keep it reliable and to diagnose issues. Depending on configuration, technical diagnostics may include items such as error messages, request paths, and browser or device information.

We aim to avoid collecting unnecessary personal data in logs and use diagnostics only to operate, secure, and improve the service.

6. Export & portability

Where export is supported, you can request an export of your data in a practical format. Today, some data types may be easier to export than others.

If you require a broader export, please contact us and we will work with you on a reasonable approach based on your requirements and the features available at the time.

7. Retention and deletion

Data is retained for as long as your account remains active. If you close your account or request deletion, we will delete your data within a reasonable period unless we are legally required to retain certain records.

8. Early access and suitability

WpAccPac may be made available in beta or early access form while features are being refined. Firms should assess whether the platform is suitable for their intended use before uploading sensitive information.

Where a firm chooses to upload or enter real client data, it remains responsible for ensuring that such use is appropriate and compliant with its own legal and professional obligations.

9. Questions

If you have questions about security, data ownership, or exports, please contact us. For further information, see our Privacy Policy and GDPR & UK Data Protection pages.