Privacy Policy

Interpretation and Definitions

Interpretation

Words whose initial letters are capitalized have meanings defined below. The following definitions have the same meaning regardless of whether they appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

Collecting and Using Your Personal Data

Types of Data Collected

1. Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Mailing address (Address, State, Province, ZIP/Postal code, City)
• Account login credentials for your TaxHakr Account
• Preferences and settings related to your use of the Service

We keep certain personal information for as long as you maintain an Account with the Company, and for additional periods as required or permitted by law, or as described in "Retention of Your Personal Data."

2. Financial Connection Data (Plaid, Banks, and QuickBooks)

If you choose to connect a bank account, credit account, or accounting platform (such as QuickBooks) to the Service, we use Financial Connection Services (such as Plaid) to facilitate a secure connection.

• You provide your financial account credentials directly to the Financial Connection Service, not to TaxHakr.
• TaxHakr does not receive or store your bank or QuickBooks login credentials.
• The Financial Connection Service provides us with a secure token and limited financial/accounting data needed to:
  • Provide AI-generated tax tips and insights;
  • Help you categorize and understand tax-relevant financial activity;
  • Operate, maintain, and improve the Service.

We treat the financial data we receive via token (such as transaction or ledger information, account identifiers, balances, and similar details) as Personal Data and protect it in line with this Privacy Policy. The Financial Connection Service's own collection and use of your data is governed by its separate privacy policy.

3. Uploaded Tax Documents and Derived Data

You may upload documents that contain tax or financial information (for example, pay stubs, W-2s, 1099s, receipts, or other records).

To minimize our handling of directly identifying information, we use an automated pipeline:

• When you upload documents, they are processed through tools that extract and "break down" tax-relevant data.
• During this process, direct personal identifiers (such as full Social Security numbers, full bank account numbers, and, where reasonably feasible, names and addresses) are masked, truncated, or removed, and we retain only the numerical and textual fields needed for tax-relevant analysis (such as income amounts, deduction amounts, dates, and similar fields).
• This filtering and masking process is designed to begin before any original document is stored in persistent form on our servers. Original files may be handled briefly in memory or transient storage only for the purpose of automated extraction.
• After extraction and masking, original documents are deleted or destroyed according to our internal technical and operational timelines, and we retain only the derived, minimized data needed to provide the Service and meet our legal obligations.

If the derived data can still be associated with you, we treat it as Personal Data.

4. Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include:

• IP address
• Browser type and version
• Device type and operating system
• The pages of our Service you visit, and the time and date of your visit
• Time spent on pages, clickstream data, and other diagnostic data
• Unique device identifiers and other diagnostic identifiers

When you access the Service by or through a mobile device, we may collect additional information automatically, including:

• Type of mobile device
• Mobile device unique ID
• IP address of your mobile device
• Mobile operating system
• Type of mobile internet browser you use

We may also collect information that your browser sends whenever you visit our Service.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies (such as web beacons, tags, and scripts) to track activity on our Service and store certain information to improve and analyze our Service.

The technologies we use may include:

• Cookies or Browser Cookies. A cookie is a small file placed on your Device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. If you do not accept Cookies, some parts of the Service may not function properly.
• Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that allow us, for example, to count users who have visited pages or opened emails and to generate related statistics.

Cookies can be "Persistent" (remain on your Device when you go offline) or "Session" cookies (deleted when you close your browser).

We use both Session and Persistent Cookies for purposes including:

• Necessary / Essential Cookies (Session; administered by us) — Required to provide core functionality of the Website (authentication, security, preventing fraudulent use).
• Cookies Policy / Notice Acceptance Cookies (Persistent; administered by us) — Remember whether you have accepted the use of cookies.
• Functionality Cookies (Persistent; administered by us) — Remember your preferences (such as login details or language) to provide a more personalized experience.
• Tracking and Performance Cookies (Persistent; administered by third parties) — Help us understand traffic and usage patterns, test new features, and improve the Service. This information may be linked to a pseudonymous identifier tied to your Device.

For more information about the cookies we use and your choices, please refer to our separate Cookies Policy (if provided) or this Cookies section.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor usage, operate AI Services, and provide tax-related tips and insights.
• To manage your Account, including enabling you to log in, use features, and manage your settings.
• For the performance of a contract, including providing the products or services you request and managing transactions.
• To contact you, including by email, phone, SMS, or in-app notifications regarding updates, security alerts, and administrative messages.
• To provide you with news, offers, and information about products, services, and events similar to those you have already purchased or requested (unless you opt out).
• To manage your requests, such as responding to support inquiries.
• For business transfers, such as mergers, acquisitions, financings, or asset sales in which user data is among the transferred assets.
• For analytics and improvement, including data analysis, identifying usage trends, and evaluating and improving the Service and user experience.
• For security and fraud prevention, including detecting and preventing fraud, abuse, and other harmful activity.
• For compliance, including compliance with legal obligations, regulatory requirements, and enforcement of our agreements.
• For any other purpose with your consent.

We may share your personal information in the following situations:

• With Service Providers, including analytics providers, email and marketing platforms, hosting providers, Financial Connection Services (such as Plaid), and payment processors.
• For business transfers, as part of due diligence or completion of a merger, sale, or similar transaction.
• With Affiliates, who must honor this Privacy Policy.
• With business partners, to offer joint or co-branded services or promotions (where permitted).
• With other users, if you voluntarily share information in public areas of the Service.
• With your consent, for any other disclosed purpose.

Retention of Your Personal Data

We retain Personal Data only as long as reasonably necessary for the purposes described in this Privacy Policy or as required by law.

In particular:

• We retain core Account information (such as your name, contact information, and login data) for as long as your Account remains active.
• We retain derived tax-relevant data extracted from your documents and financial connections for as long as your Account is active and as needed to provide you with historical context, features, or legal compliance (for example, to respond to audits or regulatory inquiries), subject to applicable retention periods.
• Original uploaded documents are deleted or destroyed after automated masking and extraction, as described above.
• Usage Data is generally retained for shorter periods, unless it is used to improve security, functionality, or we are legally obligated to retain it longer.

When we no longer need your Personal Data, we will delete or anonymize it, or, if this is not possible (for example, where data is stored in backup archives), we will securely store and isolate it from further processing until deletion is possible.

Transfer of Your Personal Data

Your information, including Personal Data, may be processed at the Company's operating offices and in other locations where our Service Providers are located. This means your information may be transferred to computers located outside your state or other governmental jurisdiction where data protection laws may differ.

By using the Service and providing information, you consent to such transfers. We take steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy and that transfers occur under appropriate safeguards where required by law.

Delete Your Personal Data

You have the right to delete or request that we assist in deleting Personal Data that we have collected about you, subject to legal and contractual exceptions.

• You may be able to delete certain information through your Account settings.
• You can also contact us to request access to, correction of, or deletion of Personal Data you have provided to us.

We may retain certain information where we have a legal obligation or legitimate interest (for example, compliance, fraud prevention, security, or internal recordkeeping).

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy, where required by law.

Law Enforcement and Legal Requests

We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies, regulators).

Other Legal Requirements

We may disclose your Personal Data in the good-faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

Security of Your Personal Data

We use commercially reasonable technical and organizational measures designed to protect your Personal Data. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Detailed Information on the Processing of Your Personal Data

Third-party Service Providers may have access to your Personal Data to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service, such as Google Analytics.

• Google may use the collected data to track and monitor usage of our Service and may share aggregated data within its own network.
• You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.

(See Google's Privacy & Terms page for details.)

Financial Connection Services (Plaid and Similar)

To connect your financial accounts (e.g., bank accounts, QuickBooks), we use Financial Connection Services such as Plaid:

• You provide credentials directly to the Financial Connection Service.
• We receive tokens and financial/accounting data necessary for the Service.
• The use of your information by the Financial Connection Service is governed by that service's own privacy policy.

We never see or store your raw banking or QuickBooks login credentials.

Email Marketing

We may use your Personal Data to send newsletters, marketing, or promotional materials and other information that may interest you. You may opt out at any time by following the unsubscribe instructions or contacting us.

We may use Email Marketing Service Providers such as Klaviyo to manage and send emails.

Payments

We may provide paid products and/or services within the Service.

• Payments are processed exclusively through third-party payment processors (for example, Stripe or similar providers sometimes referred to in our materials as "Swipe").
• We do not store or collect your payment card details.
• Your payment information is provided directly to the payment processor, whose use of your personal information is governed by its own privacy policy.
• These processors adhere to PCI-DSS standards, which help ensure secure handling of payment information.

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

Where GDPR applies, we process Personal Data under one or more of the following legal bases:

• Consent
• Performance of a contract
• Legal obligations
• Vital interests
• Public interest
• Legitimate interests

We will clarify the applicable legal basis upon request.

Your Rights under GDPR

Where GDPR applies, you have rights including:

• Right of access
• Right to rectification
• Right to erasure
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent

You can exercise these rights by contacting us. You also have the right to lodge a complaint with a supervisory authority.

CCPA/CPRA Privacy Notice (California Privacy Rights)

This section applies solely to California residents and supplements the information in this Privacy Policy.

Categories of Personal Information Collected

We may collect or may have collected in the last 12 months the following categories of personal information as defined by CCPA/CPRA:

• Category A: Identifiers — Examples: real name, alias, postal address, IP address, email address, account name, or similar identifiers. Collected: Yes.
• Category B: Personal information categories listed in Cal. Civ. Code § 1798.80(e) — Examples: name, signature, address, bank account number, or other financial information. We do not collect your banking login credentials; financial information related to accounts and transactions may be received via secure token from our Financial Connection Services. Collected: Yes.
• Category C: Protected classification characteristics — Collected: No.
• Category D: Commercial information — Examples: records of products or services purchased or considered. Collected: Yes.
• Category E: Biometric information — Collected: No.
• Category F: Internet or other similar network activity — Examples: interaction with our Service or ads. Collected: Yes.
• Category G: Geolocation data — Collected: No (except approximate location as derived from IP where necessary for security or analytics).
• Category H: Sensory data — Collected: No.
• Category I: Professional or employment-related information — Collected: No.
• Category J: Non-public education information — Collected: No.
• Category K: Inferences drawn from other personal information — Collected: No (other than basic internal inferences for Service improvement, not for profiling unrelated to the Service).
• Category L: Sensitive personal information — Examples: account login and password, certain financial data. We collect login credentials for your TaxHakr Account only; financial accounts are accessed via token through our Financial Connection Services, not via stored credentials. Collected: Yes.

We may use, disclose, or share these categories of Personal Information for the business or commercial purposes described above.

Sale and Sharing of Personal Information

We do not sell personal information as "sell" is commonly understood. However, under CCPA/CPRA, allowing certain third-party advertising or analytics providers to collect data via cookies or similar technologies may be considered a "sale" or "sharing."

• We may allow third-party analytics and advertising partners to collect information about your use of our Service (for example, via cookies).
• You may have the right to opt out of such "sale" or "sharing" of Personal Information using mechanisms described in our cookie tools or by contacting us.

We do not knowingly sell the personal information of Consumers under 16 years of age.

Your CCPA/CPRA Rights

If you are a California resident, you may have rights to:

• Notice of categories of Personal Information collected and purposes
• Know/access the Personal Information we collected about you
• Request deletion of Personal Information (subject to exceptions)
• Correct inaccurate Personal Information
• Opt out of sale or sharing of Personal Information
• Limit use or disclosure of sensitive Personal Information (where applicable)
• Not be discriminated against for exercising your rights

To exercise these rights, you can contact us at contact@taxhakr.com. We may need to verify your identity and may deny requests where permitted or required by law.

"Do Not Track" (CalOPPA)

Our Service does not currently respond to "Do Not Track" (DNT) signals. Some third-party websites do keep track of browsing activity; you should configure your browser settings if you do not wish to be tracked.

Children's Privacy

Our Service is not directed to anyone under the age of 13, and we do not knowingly collect Personal Data from children under 13. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us so we can take appropriate action, including deletion where required.

Links to Other Websites

Our Service may contain links to third-party websites or services not operated by us. We are not responsible for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policy of every site you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

• Changes will be posted on this page with an updated "Last updated" date.
• Where required by law, we will provide additional notice (for example, via email or an in-Service notice).

Changes are effective when posted on this page.

Governing Law and Scope (United States; Wyoming)

This Privacy Policy and any disputes arising out of or relating to it or the Service are governed by and construed in accordance with the laws of the State of Wyoming, without regard to its conflict of law principles.

We operate within the United States, and this Privacy Policy is intended to comply with applicable U.S. federal law and relevant state laws, including California privacy laws (such as CCPA/CPRA and CalOPPA). Where state-specific privacy statutes grant you additional rights, we will honor those rights as required by law.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, you can contact us: