TL;DR: We collect only what's necessary to scan your transactions and process your subscription. We never sell your data. Your financial documents are processed and discarded — not stored permanently.
Introduction
TaxLoot ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect information when you use our mobile application and website ("App").
By using TaxLoot, you agree to the collection and use of information as described in this policy.
Information We Collect
Information You Provide
- Email Address: Used to manage your subscription and process cancellation requests.
- Financial Documents: Bank statements or transaction files you upload for analysis. These are processed to identify potential tax deductions and are not stored permanently after analysis.
- Bank Connection (Optional): If you connect a bank account via Plaid, we access read-only transaction data to identify deductible expenses. We do not store your banking credentials.
Information We Do NOT Collect
- Your Social Security Number or tax ID
- Your banking passwords or login credentials
- Your location data
- Your contacts or address book
- Any data from your device beyond what is needed for the App
Automatically Collected Information
- Device Information: Anonymous device identifiers for subscription management via RevenueCat.
- Analytics: Anonymous usage statistics (screens viewed, features used) via Google Analytics to improve the App. No personally identifiable information is collected.
How We Use Information
We use the information we collect to:
- Analyze your transactions and identify potential tax deductions
- Process subscriptions and restore purchases
- Respond to cancellation and support requests
- Improve the App based on anonymous usage patterns
- Fix bugs and technical issues
Data Storage
Your email address and subscription status are stored securely in our database (Supabase) to manage your account. Uploaded financial documents are processed in memory and are not retained after your report is generated.
Your email address and subscription records are retained for the duration of your active subscription plus 12 months after cancellation for billing dispute resolution, after which they are deleted.
If you request account deletion, contact us at support@taxloot.app and we will remove your data within 30 days.
International Data Transfers
Our services are hosted in the United States. If you access TaxLoot from outside the US, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses and our service providers' data processing agreements to ensure adequate protection of your data.
Third-Party Services
We use the following third-party services:
- Plaid: For optional bank account connections (read-only). Privacy Policy
- RevenueCat: For subscription management. Privacy Policy
- Supabase: For secure data storage. Privacy Policy
- Google Analytics: For anonymous usage analytics. Privacy Policy
- Resend: For transactional email delivery. Privacy Policy
Children's Privacy
TaxLoot is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
Data Security
We implement appropriate security measures to protect your information, including encrypted connections (HTTPS) and secure storage. However, no method of electronic storage is 100% secure. We cannot guarantee absolute security but strive to use commercially acceptable means to protect your data.
Your Rights
You have the right to:
- Request a copy of the data we hold about you
- Request deletion of your account and associated data
- Opt out of analytics via your browser or device settings
- Disconnect your bank account at any time through Plaid's portal
To request erasure of your data under GDPR or applicable law, email support@taxloot.app with "Data Erasure Request" in the subject line. We will respond within 30 days.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you additional rights regarding your personal information:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Opt-Out: We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. We share data only with service providers (Plaid, RevenueCat, Supabase, Resend) solely to provide the Service, not for advertising purposes.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
TaxLoot does not sell or share your personal information for advertising purposes. To exercise your rights, contact us at support@taxloot.app.
California "Shine the Light" Requests
California Civil Code Section 1798.83 allows California residents to request information about personal data we share with third parties for their direct marketing purposes. TaxLoot does not share personal information with third parties for direct marketing purposes. If you have questions, contact us at support@taxloot.app and we will respond within 30 days.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
Contact Us
If you have questions about this Privacy Policy, please contact us at: