Privacy Policy

Last Updated: December 6, 2025

1. Introduction

Welcome to AlphaTax ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tax optimization platform and services (the "Service").

By using AlphaTax, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account and use our Service, we collect:

Account Information: Name, email address, phone number, password (encrypted)
Tax Information: Social Security Number (SSN), filing status, state of residence, business structure, industry, dependent information, spouse information (if applicable)
Financial Information: Income details, deductions, expenses, bank account information (through Plaid), payment card information (processed by Stripe), tax calculations and results
Business Information: Business entity details, EIN (Employer Identification Number), business address, business income and expenses
Communication Data: Support inquiries, feedback, email correspondence

2.2 Information Collected Automatically

When you access our Service, we automatically collect:

Usage Data: Pages visited, features used, time spent on Service, clickstream data
Device Information: IP address, browser type, operating system, device identifiers
Log Data: Access times, error logs, performance data
Cookies and Tracking Technologies: Session information, preferences, analytics data (see our Cookie Policy for details)

2.3 Information from Third-Party Sources

We may receive information from:

Plaid: Bank account data, transaction information (with your authorization)
QuickBooks/Xero: Business accounting data (with your authorization)
Google Drive/Dropbox: Tax documents you upload (with your authorization)
Payment Processors: Stripe for payment processing and transaction history
Identity Verification Services: To verify your identity and prevent fraud

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

Calculate tax liability and identify potential deductions
Generate IRS Form 1040 and related schedules
Provide tax optimization recommendations
Track expenses and categorize deductions
Store and organize tax documents
Generate quarterly tax estimates

3.2 Account Management

Create and maintain your account
Authenticate your identity
Process subscription payments
Provide customer support
Send service-related notifications

3.3 Service Improvement

Analyze usage patterns to improve features
Develop new tax optimization algorithms
Train AI models (using anonymized data only)
Conduct research and analytics
Test new features and functionality

3.4 Communication

Send tax deadline reminders
Notify you of identified deductions
Provide quarterly estimate reminders
Send product updates and newsletters (with your consent)
Respond to your inquiries

3.5 Legal and Security

Comply with legal obligations
Prevent fraud and abuse
Enforce our Terms of Service
Protect our rights and property
Respond to legal requests
Maintain audit logs for security purposes

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

Plaid: Secure bank account connections and transaction data retrieval
Stripe: Payment processing (they never receive your full payment card information)
Supabase/Vercel: Cloud hosting and data storage (SOC 2 Type II certified)
Anthropic: AI-powered expense categorization using Claude API
Resend: Email delivery services
Analytics Providers: Google Analytics, PostHog (anonymized data)
E-filing Partners: April or Column Tax for IRS e-filing services (when feature is launched)

All service providers are contractually obligated to protect your data and may only use it for specified purposes.

4.2 Business Transfers

If AlphaTax is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our Service of any change in ownership or use of your personal information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Valid legal processes (subpoena, court order)
Government or regulatory requests
To protect our rights, property, or safety
To prevent fraud or security threats

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4.5 Aggregated or Anonymized Data

We may share aggregated or anonymized data that cannot identify you individually for research, marketing, or analytics purposes.

5. Data Security

We implement robust security measures to protect your information:

5.1 Technical Safeguards

Encryption: All data transmitted using TLS 1.3 encryption; sensitive data encrypted at rest using AES-256
Access Controls: Row-level security ensuring each user can only access their own data, multi-factor authentication available
Infrastructure Security: Hosted on SOC 2 Type II compliant platforms (Supabase, Vercel)
HTTPS Enforcement: All traffic uses HTTPS with HSTS (HTTP Strict Transport Security)
Automated Backups: Daily encrypted backups stored securely in Cloudflare R2
Rate Limiting: Protection against brute force attacks and DDoS
Intrusion Detection: Real-time monitoring for suspicious activity

5.2 Organizational Safeguards

Data Access Policies: Strict data access policies and procedures are documented and enforced to ensure only authorized personnel can access user data
Security Reviews: Regular security reviews and updates are conducted quarterly to identify and address potential vulnerabilities
Incident Response Procedures: We maintain a documented incident response plan to address security incidents promptly and effectively. Our incident response procedures include detection, containment, eradication, recovery, and post-incident review processes
Data Breach Notification: We have established procedures for notifying affected users and relevant authorities in the event of a data breach, in accordance with applicable state and federal laws. Our breach notification procedures ensure timely notification (typically within 30-60 days as required by law) and provide users with clear information about the incident and steps they can take to protect themselves

5.3 Access Logging

We maintain logs of data access for security and troubleshooting purposes. Access logs are retained for 90 days and include:

Login attempts and authentication events
Data access patterns
Administrative actions
API requests

5.4 SSN Protection

Social Security Numbers are encrypted with AES-256 encryption and accessible only for legitimate tax calculation purposes. SSN data is never displayed in full and is masked in all user interfaces.

5.5 GLBA Safeguards Rule Compliance

If applicable, AlphaTax complies with the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, which requires financial institutions to protect the security and confidentiality of customer information. Our compliance includes:

Security Program: We maintain a comprehensive information security program with documented policies and procedures designed to protect your financial information
Access Controls: We implement strict access controls to ensure only authorized personnel can access customer information
Encryption: All financial information is encrypted in transit (TLS 1.3) and at rest (AES-256)
Vendor Oversight: We ensure that third-party service providers who have access to customer information maintain appropriate security safeguards
Regular Reviews: We conduct regular security reviews and assessments to identify and address potential vulnerabilities
Incident Response: We maintain documented incident response procedures to address any security incidents promptly

Important: No method of transmission or storage is 100% secure. While we strive to protect your information using industry-standard security measures, we cannot guarantee absolute security.

6. Data Retention and Deletion

6.1 How Long We Keep Your Data

We retain your information as follows:

Active Accounts: All data retained while your account is active and your subscription is current
Tax Records: Retained for 7 years after account closure or data deletion request (IRS statute of limitations for audit)
Financial Transaction Records: Retained for 7 years to comply with tax and financial regulations
Backup Data: Retained for 30 days in encrypted backups, then permanently deleted
Access Logs: Retained for 90 days for security monitoring
Marketing Communications: Retained until you unsubscribe or request deletion
Anonymized Analytics: May be retained indefinitely as it cannot identify you

6.2 Account Deletion

You may request deletion of your account and data at any time through:

Account settings (Delete Account option)
Email to privacy@alphatax.com
Written request to our mailing address

Upon deletion request:

Your account access is immediately suspended
All personal data is permanently deleted within 30 days
Tax records may be retained for 7 years where legally required
Anonymized data may be retained for analytics
Backup copies are purged within 30 days

Important: Deletion is permanent and cannot be undone. You will not be able to recover any data after deletion is complete.

6.3 Data Portability

Before deleting your account, you can download your data in machine-readable formats (CSV, PDF, JSON) through your account settings.

6.4 Legal Retention Requirements

We may retain data longer than requested if:

Required by law or court order
Necessary to resolve disputes or enforce agreements
Needed for legitimate business purposes (e.g., preventing fraud)
Subject to ongoing IRS audit or investigation

7. Data Breach Notification

7.1 Our Commitment

We take data security seriously and have implemented comprehensive measures to protect your information. However, in the unlikely event of a security incident affecting your personal information, we commit to:

Immediate Response:

Contain and investigate the incident
Assess the scope and impact
Take corrective action to prevent recurrence
Engage security experts as needed

Timely Notification: We will notify you within 72 hours of discovering a breach that affects your personal information via:

Email to your registered email address
Prominent notice on our Service
Direct communication for high-risk incidents

7.2 What We'll Tell You

Our breach notification will include:

Nature of the security incident
Types of information potentially affected
What we've done to address the breach
Steps you can take to protect yourself
Contact information for questions
Resources for credit monitoring (if applicable)

7.3 Regulatory Compliance

In addition to notifying you, we will:

Report the breach to relevant authorities as required by law
Cooperate with law enforcement investigations
Document the incident and our response
Conduct a post-incident review to improve security

7.4 Your Role in Security

You can help protect your account by:

Using a strong, unique password
Enabling multi-factor authentication
Not sharing your credentials
Reporting suspicious activity immediately
Keeping your contact information current

8. Your Privacy Rights

8.1 Access and Portability

Request a copy of your personal information
Export your data in machine-readable formats (CSV, PDF, JSON)
Download tax forms, receipts, and financial records

8.2 Correction

Update or correct inaccurate information through account settings
Request correction of incomplete data
Modify your tax profile, deductions, and expenses

8.3 Deletion

Request deletion of your personal information
Delete your account and all associated data
Note: We may retain data as required by law (7-year IRS retention) or for legitimate business purposes

8.4 Restriction

Request restriction of processing for specific purposes
Object to certain data processing activities
Withdraw consent for optional features

8.5 Opt-Out

Unsubscribe from marketing emails (via link in emails or account settings)
Disable non-essential cookies (may affect Service functionality)
Disconnect third-party integrations (Plaid, QuickBooks, etc.)
Opt out of data sales (note: we do not sell data)

8.6 Access Logs

Request information about who has accessed your data
Review login history and account activity
Monitor API access (if applicable)

To exercise these rights, contact us at:

Email: privacy@alphatax.com
Account Settings: Privacy & Security section
Phone: 1-800-ALPHATAX

Response Time: We will respond to privacy requests within 30 days (45 days for complex requests). We may require identity verification before processing requests.

9. State-Specific Privacy Rights

9.1 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your Rights:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell)
Right to non-discrimination for exercising CCPA rights
Right to correct inaccurate personal information
Right to limit use and disclosure of sensitive personal information

Categories of Personal Information We Collect:

Identifiers (name, email, SSN, IP address)
Financial information (income, expenses, bank accounts)
Internet activity (browsing history, feature usage)
Professional information (business details, industry)
Inferences (tax optimization recommendations, deduction suggestions)

Business Purposes for Collection:

Providing tax calculation and optimization services
Processing payments and managing subscriptions
Customer support and communication
Fraud prevention and security
Legal compliance
Service improvement and analytics

Third Parties We Share With:

Service providers (Stripe, Plaid, Supabase, Anthropic, Resend)
E-filing partners (April or Column Tax)
Analytics providers (anonymized data only)
Legal authorities (when required by law)

Sensitive Personal Information: We collect and use SSN and financial account information solely for tax calculation purposes. We do not use or disclose sensitive information for purposes other than those permitted under CCPA.

Do Not Sell: We do not sell your personal information and have not sold personal information in the preceding 12 months.

To Submit a Request:

Email: privacy@alphatax.com
Phone: 1-800-ALPHATAX
Online: Account Settings > Privacy Requests

We will verify your identity before processing requests. You may designate an authorized agent to submit requests on your behalf with proper documentation.

9.2 Virginia, Colorado, Connecticut, Utah Residents

Residents of Virginia, Colorado, Connecticut, and Utah have similar rights under their respective state privacy laws:

Your Rights:

Access your personal information
Correct inaccurate personal information
Delete your personal information
Obtain a copy of your data
Opt out of targeted advertising (we do not engage in targeted advertising)
Opt out of sale of personal information (we do not sell)

To Exercise Rights: Contact privacy@alphatax.com or call 1-800-ALPHATAX

Appeals Process: If we deny your privacy request, you may appeal by contacting privacy@alphatax.com within 30 days. We will respond to appeals within 45 days.

9.3 Other US States

We extend similar privacy rights to residents of all US states, even where not legally required. Contact us at privacy@alphatax.com to exercise your rights.

10. Children's Privacy

AlphaTax is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we learn we have collected information from a child under 18, we will:

Delete the information immediately
Terminate the account
Notify the parent or guardian (if possible)

If you believe we have collected information from a child, contact us immediately at privacy@alphatax.com.

11. Third-Party Links and Services

11.1 External Links

Our Service may contain links to third-party websites, including:

IRS.gov for tax forms and publications
State tax authority websites
Financial institutions
Professional tax services

We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal information.

11.2 Third-Party Integrations

When you connect third-party services (Plaid, QuickBooks, Google Drive, etc.), you authorize us to access data from those services as specified during connection. Your use of third-party services is governed by their terms and privacy policies.

11.3 E-filing Partners

When we launch e-filing functionality, your tax returns will be transmitted to our e-filing partners (April or Column Tax) for IRS submission. These partners are IRS Authorized e-file Providers and maintain their own privacy policies and security measures.

12. International Data Transfers

AlphaTax operates in the United States and is designed for US residents only. Your information is processed and stored on servers located in the United States.

If you access the Service from outside the US, please note:

Your data will be transferred to and stored in the US
US privacy laws may differ from your country's laws
By using the Service, you consent to transfer of your data to the US

We use SOC 2 Type II certified infrastructure providers (Supabase, Vercel) that maintain appropriate security safeguards for international data transfers.

13. Do Not Track Signals

Our Service does not currently respond to "Do Not Track" (DNT) browser signals or similar mechanisms. You can manage cookies and tracking through your browser settings. Note that disabling cookies may affect Service functionality.

14. Changes to This Privacy Policy

14.1 Updates

We may update this Privacy Policy periodically to reflect:

Changes in our practices
New features or services
Legal or regulatory requirements
User feedback

14.2 Notification

We will notify you of material changes by:

Email notification to your registered email address (at least 30 days before changes take effect)
Prominent notice on our Service
Update to the "Last Updated" date at the top of this policy
In-app notification for significant changes

14.3 Acceptance

Continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy. If you do not agree to changes, you must stop using the Service and may delete your account.

14.4 Previous Versions

You may request previous versions of this Privacy Policy by contacting privacy@alphatax.com.

15. Contact Us

For questions, concerns, or to exercise your privacy rights:

Privacy Inquiries:

Email: privacy@alphatax.com
Response time: Within 30 days (45 days for complex requests)

General Support:

Email: support@alphatax.com
Help Center: https://getalphatax.com/help

Data Protection Officer:

Email: dpo@alphatax.com

Mailing Address: AlphaTax, Inc.
Attn: Privacy Department
[Your Business Address]

Phone: 1-800-ALPHATAX

16. Definitions

Personal Information: Information that identifies, relates to, or could reasonably be linked to you, including name, email, SSN, financial data, and usage information.

Service: The AlphaTax platform, website (getalphatax.com), mobile applications (when available), and all related services and features.

Sensitive Information: Social Security Number, financial account information, precise geolocation data, and other data requiring enhanced protection.

Anonymized Data: Data that has been processed to remove all personally identifiable information and cannot reasonably be used to identify an individual.

Third Party: Any entity other than you or AlphaTax, including service providers, business partners, and other organizations.

Federal Tax Information (FTI): Tax return information you provide to AlphaTax, including income, deductions, and personal details used for tax calculations.

AlphaTax, Inc.
Committed to protecting your privacy and securing your financial data.

Last Updated: December 6, 2025

Privacy Policy

Last Updated: December 6, 2025

1. Introduction

By using AlphaTax, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account and use our Service, we collect:

Account Information: Name, email address, phone number, password (encrypted)
Tax Information: Social Security Number (SSN), filing status, state of residence, business structure, industry, dependent information, spouse information (if applicable)
Financial Information: Income details, deductions, expenses, bank account information (through Plaid), payment card information (processed by Stripe), tax calculations and results
Business Information: Business entity details, EIN (Employer Identification Number), business address, business income and expenses
Communication Data: Support inquiries, feedback, email correspondence

2.2 Information Collected Automatically

When you access our Service, we automatically collect:

Usage Data: Pages visited, features used, time spent on Service, clickstream data
Device Information: IP address, browser type, operating system, device identifiers
Log Data: Access times, error logs, performance data
Cookies and Tracking Technologies: Session information, preferences, analytics data (see our Cookie Policy for details)

2.3 Information from Third-Party Sources

We may receive information from:

Plaid: Bank account data, transaction information (with your authorization)
QuickBooks/Xero: Business accounting data (with your authorization)
Google Drive/Dropbox: Tax documents you upload (with your authorization)
Payment Processors: Stripe for payment processing and transaction history
Identity Verification Services: To verify your identity and prevent fraud

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

Calculate tax liability and identify potential deductions
Generate IRS Form 1040 and related schedules
Provide tax optimization recommendations
Track expenses and categorize deductions
Store and organize tax documents
Generate quarterly tax estimates

3.2 Account Management

Create and maintain your account
Authenticate your identity
Process subscription payments
Provide customer support
Send service-related notifications

3.3 Service Improvement

Analyze usage patterns to improve features
Develop new tax optimization algorithms
Train AI models (using anonymized data only)
Conduct research and analytics
Test new features and functionality

3.4 Communication

Send tax deadline reminders
Notify you of identified deductions
Provide quarterly estimate reminders
Send product updates and newsletters (with your consent)
Respond to your inquiries

3.5 Legal and Security

Comply with legal obligations
Prevent fraud and abuse
Enforce our Terms of Service
Protect our rights and property
Respond to legal requests
Maintain audit logs for security purposes

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

Plaid: Secure bank account connections and transaction data retrieval
Stripe: Payment processing (they never receive your full payment card information)
Supabase/Vercel: Cloud hosting and data storage (SOC 2 Type II certified)
Anthropic: AI-powered expense categorization using Claude API
Resend: Email delivery services
Analytics Providers: Google Analytics, PostHog (anonymized data)
E-filing Partners: April or Column Tax for IRS e-filing services (when feature is launched)

All service providers are contractually obligated to protect your data and may only use it for specified purposes.

4.2 Business Transfers

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Valid legal processes (subpoena, court order)
Government or regulatory requests
To protect our rights, property, or safety
To prevent fraud or security threats

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4.5 Aggregated or Anonymized Data

We may share aggregated or anonymized data that cannot identify you individually for research, marketing, or analytics purposes.

5. Data Security

We implement robust security measures to protect your information:

5.1 Technical Safeguards

Encryption: All data transmitted using TLS 1.3 encryption; sensitive data encrypted at rest using AES-256
Access Controls: Row-level security ensuring each user can only access their own data, multi-factor authentication available
Infrastructure Security: Hosted on SOC 2 Type II compliant platforms (Supabase, Vercel)
HTTPS Enforcement: All traffic uses HTTPS with HSTS (HTTP Strict Transport Security)
Automated Backups: Daily encrypted backups stored securely in Cloudflare R2
Rate Limiting: Protection against brute force attacks and DDoS
Intrusion Detection: Real-time monitoring for suspicious activity

5.2 Organizational Safeguards

Data Access Policies: Strict data access policies and procedures are documented and enforced to ensure only authorized personnel can access user data
Security Reviews: Regular security reviews and updates are conducted quarterly to identify and address potential vulnerabilities
Incident Response Procedures: We maintain a documented incident response plan to address security incidents promptly and effectively. Our incident response procedures include detection, containment, eradication, recovery, and post-incident review processes
Data Breach Notification: We have established procedures for notifying affected users and relevant authorities in the event of a data breach, in accordance with applicable state and federal laws. Our breach notification procedures ensure timely notification (typically within 30-60 days as required by law) and provide users with clear information about the incident and steps they can take to protect themselves

5.3 Access Logging

We maintain logs of data access for security and troubleshooting purposes. Access logs are retained for 90 days and include:

Login attempts and authentication events
Data access patterns
Administrative actions
API requests

5.4 SSN Protection

Social Security Numbers are encrypted with AES-256 encryption and accessible only for legitimate tax calculation purposes. SSN data is never displayed in full and is masked in all user interfaces.

5.5 GLBA Safeguards Rule Compliance

Security Program: We maintain a comprehensive information security program with documented policies and procedures designed to protect your financial information
Access Controls: We implement strict access controls to ensure only authorized personnel can access customer information
Encryption: All financial information is encrypted in transit (TLS 1.3) and at rest (AES-256)
Vendor Oversight: We ensure that third-party service providers who have access to customer information maintain appropriate security safeguards
Regular Reviews: We conduct regular security reviews and assessments to identify and address potential vulnerabilities
Incident Response: We maintain documented incident response procedures to address any security incidents promptly

Important: No method of transmission or storage is 100% secure. While we strive to protect your information using industry-standard security measures, we cannot guarantee absolute security.

6. Data Retention and Deletion

6.1 How Long We Keep Your Data

We retain your information as follows:

Active Accounts: All data retained while your account is active and your subscription is current
Tax Records: Retained for 7 years after account closure or data deletion request (IRS statute of limitations for audit)
Financial Transaction Records: Retained for 7 years to comply with tax and financial regulations
Backup Data: Retained for 30 days in encrypted backups, then permanently deleted
Access Logs: Retained for 90 days for security monitoring
Marketing Communications: Retained until you unsubscribe or request deletion
Anonymized Analytics: May be retained indefinitely as it cannot identify you

6.2 Account Deletion

You may request deletion of your account and data at any time through:

Account settings (Delete Account option)
Email to privacy@alphatax.com
Written request to our mailing address

Upon deletion request:

Your account access is immediately suspended
All personal data is permanently deleted within 30 days
Tax records may be retained for 7 years where legally required
Anonymized data may be retained for analytics
Backup copies are purged within 30 days

Important: Deletion is permanent and cannot be undone. You will not be able to recover any data after deletion is complete.

6.3 Data Portability

Before deleting your account, you can download your data in machine-readable formats (CSV, PDF, JSON) through your account settings.

6.4 Legal Retention Requirements

We may retain data longer than requested if:

Required by law or court order
Necessary to resolve disputes or enforce agreements
Needed for legitimate business purposes (e.g., preventing fraud)
Subject to ongoing IRS audit or investigation

7. Data Breach Notification

7.1 Our Commitment

Immediate Response:

Contain and investigate the incident
Assess the scope and impact
Take corrective action to prevent recurrence
Engage security experts as needed

Timely Notification: We will notify you within 72 hours of discovering a breach that affects your personal information via:

Email to your registered email address
Prominent notice on our Service
Direct communication for high-risk incidents

7.2 What We'll Tell You

Our breach notification will include:

Nature of the security incident
Types of information potentially affected
What we've done to address the breach
Steps you can take to protect yourself
Contact information for questions
Resources for credit monitoring (if applicable)

7.3 Regulatory Compliance

In addition to notifying you, we will:

Report the breach to relevant authorities as required by law
Cooperate with law enforcement investigations
Document the incident and our response
Conduct a post-incident review to improve security

7.4 Your Role in Security

You can help protect your account by:

Using a strong, unique password
Enabling multi-factor authentication
Not sharing your credentials
Reporting suspicious activity immediately
Keeping your contact information current

8. Your Privacy Rights

8.1 Access and Portability

Request a copy of your personal information
Export your data in machine-readable formats (CSV, PDF, JSON)
Download tax forms, receipts, and financial records

8.2 Correction

Update or correct inaccurate information through account settings
Request correction of incomplete data
Modify your tax profile, deductions, and expenses

8.3 Deletion

Request deletion of your personal information
Delete your account and all associated data
Note: We may retain data as required by law (7-year IRS retention) or for legitimate business purposes

8.4 Restriction

Request restriction of processing for specific purposes
Object to certain data processing activities
Withdraw consent for optional features

8.5 Opt-Out

Unsubscribe from marketing emails (via link in emails or account settings)
Disable non-essential cookies (may affect Service functionality)
Disconnect third-party integrations (Plaid, QuickBooks, etc.)
Opt out of data sales (note: we do not sell data)

8.6 Access Logs

Request information about who has accessed your data
Review login history and account activity
Monitor API access (if applicable)

To exercise these rights, contact us at:

Email: privacy@alphatax.com
Account Settings: Privacy & Security section
Phone: 1-800-ALPHATAX

Response Time: We will respond to privacy requests within 30 days (45 days for complex requests). We may require identity verification before processing requests.

9. State-Specific Privacy Rights

9.1 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your Rights:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell)
Right to non-discrimination for exercising CCPA rights
Right to correct inaccurate personal information
Right to limit use and disclosure of sensitive personal information

Categories of Personal Information We Collect:

Identifiers (name, email, SSN, IP address)
Financial information (income, expenses, bank accounts)
Internet activity (browsing history, feature usage)
Professional information (business details, industry)
Inferences (tax optimization recommendations, deduction suggestions)

Business Purposes for Collection:

Providing tax calculation and optimization services
Processing payments and managing subscriptions
Customer support and communication
Fraud prevention and security
Legal compliance
Service improvement and analytics

Third Parties We Share With:

Service providers (Stripe, Plaid, Supabase, Anthropic, Resend)
E-filing partners (April or Column Tax)
Analytics providers (anonymized data only)
Legal authorities (when required by law)

Do Not Sell: We do not sell your personal information and have not sold personal information in the preceding 12 months.

To Submit a Request:

Email: privacy@alphatax.com
Phone: 1-800-ALPHATAX
Online: Account Settings > Privacy Requests

We will verify your identity before processing requests. You may designate an authorized agent to submit requests on your behalf with proper documentation.

9.2 Virginia, Colorado, Connecticut, Utah Residents

Residents of Virginia, Colorado, Connecticut, and Utah have similar rights under their respective state privacy laws:

Your Rights:

Access your personal information
Correct inaccurate personal information
Delete your personal information
Obtain a copy of your data
Opt out of targeted advertising (we do not engage in targeted advertising)
Opt out of sale of personal information (we do not sell)

To Exercise Rights: Contact privacy@alphatax.com or call 1-800-ALPHATAX

Appeals Process: If we deny your privacy request, you may appeal by contacting privacy@alphatax.com within 30 days. We will respond to appeals within 45 days.

9.3 Other US States

We extend similar privacy rights to residents of all US states, even where not legally required. Contact us at privacy@alphatax.com to exercise your rights.

10. Children's Privacy

AlphaTax is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we learn we have collected information from a child under 18, we will:

Delete the information immediately
Terminate the account
Notify the parent or guardian (if possible)

If you believe we have collected information from a child, contact us immediately at privacy@alphatax.com.

11. Third-Party Links and Services

11.1 External Links

Our Service may contain links to third-party websites, including:

IRS.gov for tax forms and publications
State tax authority websites
Financial institutions
Professional tax services

We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal information.

11.2 Third-Party Integrations

11.3 E-filing Partners

12. International Data Transfers

AlphaTax operates in the United States and is designed for US residents only. Your information is processed and stored on servers located in the United States.

If you access the Service from outside the US, please note:

Your data will be transferred to and stored in the US
US privacy laws may differ from your country's laws
By using the Service, you consent to transfer of your data to the US

We use SOC 2 Type II certified infrastructure providers (Supabase, Vercel) that maintain appropriate security safeguards for international data transfers.

13. Do Not Track Signals

14. Changes to This Privacy Policy

14.1 Updates

We may update this Privacy Policy periodically to reflect:

Changes in our practices
New features or services
Legal or regulatory requirements
User feedback

14.2 Notification

We will notify you of material changes by:

Email notification to your registered email address (at least 30 days before changes take effect)
Prominent notice on our Service
Update to the "Last Updated" date at the top of this policy
In-app notification for significant changes

14.3 Acceptance

14.4 Previous Versions

You may request previous versions of this Privacy Policy by contacting privacy@alphatax.com.

15. Contact Us

For questions, concerns, or to exercise your privacy rights:

Privacy Inquiries:

Email: privacy@alphatax.com
Response time: Within 30 days (45 days for complex requests)

General Support:

Email: support@alphatax.com
Help Center: https://getalphatax.com/help

Data Protection Officer:

Email: dpo@alphatax.com

Mailing Address: AlphaTax, Inc.
Attn: Privacy Department
[Your Business Address]

Phone: 1-800-ALPHATAX

16. Definitions

Personal Information: Information that identifies, relates to, or could reasonably be linked to you, including name, email, SSN, financial data, and usage information.

Service: The AlphaTax platform, website (getalphatax.com), mobile applications (when available), and all related services and features.

Sensitive Information: Social Security Number, financial account information, precise geolocation data, and other data requiring enhanced protection.

Anonymized Data: Data that has been processed to remove all personally identifiable information and cannot reasonably be used to identify an individual.

Third Party: Any entity other than you or AlphaTax, including service providers, business partners, and other organizations.

Federal Tax Information (FTI): Tax return information you provide to AlphaTax, including income, deductions, and personal details used for tax calculations.

AlphaTax, Inc.
Committed to protecting your privacy and securing your financial data.

Last Updated: December 6, 2025