Are the calculators HMRC compliant?

Our calculations are built to align with HMRC guidance and use the latest April 2026 rates. However, they're for guidance only – always verify complex cases with HMRC or a qualified professional.

Yes. We're ICO registered (ZC013807) and calculations run in your browser – we don't store sensitive payroll data unless you explicitly save it to your account.

Do you integrate with payroll software?

MBridge tools work as standalone calculators alongside your existing software like Sage, Xero, and QuickBooks. No integration required – use our tools as a pre-check layer.

What's the VAT registration threshold?

The UK VAT registration threshold is £95,000 taxable turnover in a rolling 12-month period. You must register within 30 days of exceeding this threshold.

Security — MBridge Technologies | MBridge Compliance Co-Pilot

Our Commitment to Security

MBridge Technologies Limited takes the security of your data seriously. We implement industry-standard security measures to protect your information and continuously monitor our systems for vulnerabilities.

Infrastructure Security

All data is encrypted in transit using TLS 1.2+ (HTTPS enforced site-wide)
Data at rest is encrypted using AES-256 encryption
Authentication powered by Supabase with bcrypt password hashing
Row-Level Security (RLS) ensures strict data isolation between users
Payment processing handled by Paddle (PCI DSS compliant) — we never store card details
HSTS enabled with a one-year max-age policy
Content Security Policy (CSP) headers configured to prevent XSS attacks

Application Security

Calculator inputs are processed client-side and not stored unless you explicitly save them
API keys are hashed using SHA-256 before storage
Rate limiting on all API endpoints to prevent abuse
Role-based access control (RBAC) for team and organisation features
Error monitoring via Sentry with PII scrubbing enabled

Compliance

ICO Registered — Registration number: ZC013807
UK GDPR Compliant — Full data subject rights supported
ISO 42001 Aligned — AI management system controls implemented
Cyber Essentials Plus — Certification in progress

Data Location

All customer data is processed and stored within the United Kingdom and European Economic Area. Our primary database is hosted in London (eu-west-2). We do not transfer personal data outside of the UK/EEA.

Reporting a Security Issue

If you discover a security vulnerability or have concerns about the security of our platform, please report it to us immediately. We take all reports seriously and will investigate promptly.

Report a Vulnerability

Email: support@mbridgetechnologies.cloud

For general enquiries, please use our contact page instead.

When reporting a security issue, please include:

A description of the vulnerability
Steps to reproduce the issue
The potential impact
Any suggestions for remediation

We aim to acknowledge security reports within 24 hours and provide an initial assessment within 72 hours.

Incident Response

In the event of a data breach, we will:

Notify the Information Commissioner's Office (ICO) within 72 hours
Notify affected users without undue delay
Investigate the root cause and implement corrective measures
Publish a post-incident report where appropriate

Contact

Email: support@mbridgetechnologies.cloud
General: Contact page

MBridge Technologies Limited
United Kingdom

Security