Features & Security
Open Banking feeds, HMRC filings, AI insight — every path your money takes runs through one platform, locked down end to end.
Scroll — watch the network become a shieldFrom your bank feed to HMRC's servers — Filabl handles the whole journey.
A recognised Making Tax Digital connection — not a workaround. Calculate, review and submit VAT returns directly to HMRC via OAuth 2.0.
Starter +Corporation Tax, Self Assessment and payroll Real Time Information — filed from the same dashboard your books already live in.
GrowthPowered by Claude from Anthropic and grounded in your real financial data and UK tax rules. Answers in seconds, 24/7 — no appointments.
All plansConnect 40+ UK banks — Barclays, HSBC, Lloyds, Monzo, Starling, Revolut and more — via FCA-authorised Stripe Financial Connections.
Starter +Transactions sorted into the right UK tax categories with up to 97% accuracy, with anomaly detection flagging anything that looks off.
Starter +Snap or forward a receipt by email — AI extracts the supplier, amount, VAT and category, then matches it to your transactions.
Starter +Branded invoices with payment reminders, bill tracking, quotes that convert to invoices, plus contacts and fixed assets — free forever.
All plansInvite your accountant with scoped access, sync company details from Companies House, and export everything any time. No lock-in.
GrowthThe network above pulls together into a single shield — that's the design principle. Every layer of Filabl is built to protect your financial data.
HMRC credentials are field-encrypted at rest with a unique random IV per operation. Authentication tags are verified on every read — tampering is detected, not trusted.
Every connection is encrypted in transit, enforced by HSTS with a two-year max-age and browser preload. There is no unencrypted path to Filabl.
Row-Level Security at the database layer means each account can only ever read its own data — enforced by the database itself, not just the application.
Authentication and API endpoints are rate-limited against brute-force and abuse, with session tokens verified on every single request.
HMRC and bank connections use HMAC-signed, timestamped state tokens — cross-site request forgery on the OAuth flow is cryptographically blocked.
Your data lives in the EU London region. We never sell it, never train AI on it without consent, and notify you and the ICO within 72 hours of any breach affecting your rights.
Full details in our security policy. Found a vulnerability? See security.txt.
Start free — connect a bank, scan a receipt, ask the AI anything.
Get started free →