Privacy Policy

Introduction

TaxVaultAI ("we," "our," or "us") is committed to protecting your privacy and the privacy of your clients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tax intelligence platform.

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian provincial privacy legislation. By using TaxVaultAI, you consent to the data practices described in this policy.

Information We Collect

Information You Provide

• Account Information: Name, email address, password, firm name, and professional designation when you create an account.
• Client Information: Names, contact information, and financial data you enter for your clients, including income, assets, and tax-related information.
• Documents: Tax slips, CRA correspondence, receipts, and other documents you upload for processing.
• Payment Information: Billing address and payment method details (processed securely by Stripe; we do not store full credit card numbers).
• Communications: Messages you send to our support team.

Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the platform, and actions taken.
• Device Information: Browser type, operating system, device type, and IP address.
• Cookies: We use essential cookies for authentication and optional analytics cookies (with your consent).

How We Use Your Information

We use your information for the following purposes:

• Provide Services: Process documents, analyze CRA correspondence, generate tax optimization recommendations, and manage client data.
• AI Processing: Use AI models to extract data from documents and generate insights. Document content is processed but not used to train AI models.
• Account Management: Manage your subscription, process payments, and provide customer support.
• Improvements: Analyze usage patterns to improve our platform (using aggregated, anonymized data only).
• Communications: Send service updates, security alerts, and (with consent) marketing communications.
• Legal Compliance: Comply with legal obligations and respond to lawful requests.

Information Sharing and Disclosure

We do not sell your personal information. We may share information with:

• Service Providers: Third parties who help us operate our platform:
  • Supabase (database and authentication hosting)
  • Vercel (application hosting)
  • Stripe (payment processing)
  • Anthropic (AI processing - document content is processed but not retained for training)
• Legal Requirements: When required by law, court order, or government request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you would be notified).
• With Your Consent: When you explicitly authorize sharing.

Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• Encryption at Rest: Data stored in our database is encrypted using AES-256 encryption.
• Access Controls: Role-based access controls limit who can access what data within your organization.
• Authentication: Secure password hashing and optional multi-factor authentication.
• Regular Updates: We regularly update our systems and dependencies to address security vulnerabilities.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active and for 30 days after deletion request.
• Client Data: Retained until you delete it or close your account.
• Documents: Retained until you delete them or close your account.
• Payment Records: Retained for 7 years as required for tax and accounting purposes.
• Usage Logs: Retained for 90 days for security and troubleshooting purposes.

Your Rights Under PIPEDA

Under Canadian privacy law, you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information (subject to legal retention requirements).
• Withdraw Consent: Withdraw consent for optional data processing (like marketing emails).
• Complaint: File a complaint with the Office of the Privacy Commissioner of Canada.

To exercise these rights, contact us at privacy@taxvaultai.com. We will respond within 30 days.

Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication and security. Cannot be disabled.
• Analytics Cookies: Help us understand how users interact with our platform. Optional and require consent.

You can manage cookie preferences through our cookie consent banner or your browser settings.

Children's Privacy

TaxVaultAI is designed for business use by accounting professionals. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us immediately.

International Data Transfers

Our services are hosted in North America. If you access our services from outside Canada, your information may be transferred to, stored, and processed in Canada or the United States. By using our services, you consent to this transfer. We ensure that any international transfers comply with applicable data protection laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: