📍 New OrleansMeet TaxSQR at NAEA & the IRS Nationwide Tax ForumBook a meeting

TaxSQR
§ Legal

Privacy Policy.

This policy explains what data TaxSQR collects, why, how we protect it, and the choices you have. Tax data is sensitive, and we treat it that way.

Last updated 3 June 2026

Who controls your data

TaxSQR LLC (Wyoming, USA) provides the platform and services. For account and marketing data, we are the controller. For the taxpayer information your firm uploads, you are the controller and we are your processor, handling it only to provide the service and on your instructions.

What we collect

  • Account data — name, work email, firm, role, and authentication data (including TOTP secrets).
  • Taxpayer & return data — the documents and figures your firm or its clients upload (1040s, W-2s, K-1s, FBAR backup, organizer entries).
  • Usage data — log entries, IP address, and the immutable audit trail of actions in the app.
  • Billing data — handled by our payment processor; we don’t store full card numbers.

How we use it

To operate the platform, prepare returns you engage us for, secure the service, support you, comply with law, and communicate about your account. We do not sell personal data, and we do not use your clients’ tax information to train AI models. The AI prior-year extract processes a document you upload to return structured fields; it is not used to improve a shared model.

Where it lives & how it’s protected

Documents are stored on AWS S3 with server-side encryption (SSE-KMS); enterprise plans support customer-managed keys, so you hold the key and we never see plaintext. Data is encrypted in transit (TLS 1.3). Access is multi-tenant-isolated at the database layer, gated by role, and protected by TOTP multi-factor authentication. Every consequential action is written to a tamper-evident audit log.

Sub-processors

We use a small set of vetted providers to run the service:

  • Amazon Web Services — document storage and infrastructure (US).
  • Render & Vercel — application and site hosting.
  • SendGrid — transactional email.
  • Anthropic — the AI prior-year extract feature, on a no-training basis.

Retention

We keep account data while your account is active. Taxpayer and return data is retained per your instructions and applicable record-keeping rules; after termination you have 30 days to export, after which data is deleted or anonymized on a defined schedule unless the law requires us to keep it longer.

Your rights

Depending on where you and your clients are located, you may have rights to access, correct, export, or delete personal data, and to object to certain processing. For account data, contact us below. For taxpayer data your firm controls, we’ll assist you in responding to your own clients’ requests.

GDPR

For individuals in the EU/EEA and UK, we process personal data under lawful bases (contract, legitimate interests, and consent where required). You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority. Where we act as a processor for your firm, we process only on your documented instructions and offer a Data Processing Addendum on request at privacy@taxsqr.com.

GLBA safeguards

Tax data is non-public personal information under the Gramm-Leach-Bliley Act. TaxSQR maintains an information-security program with administrative, technical, and physical safeguards — encryption at rest and in transit, access controls, multi-factor authentication, audit logging, and vendor diligence — designed to help tax-preparer customers meet their GLBA Safeguards Rule and IRS Publication 4557 obligations. A Written Information Security Plan summary is available to customers on request.

Do not sell or share my personal information

We do not sell personal information, and we do not share it for cross-context behavioral advertising — so there is nothing to opt out of in that sense. California (CCPA/CPRA) and similar-state residents retain the rights to know, delete, correct, and to non-discrimination. To exercise any of these, email privacy@taxsqr.com with “Privacy request” in the subject and we’ll verify and respond within the statutory window.

Cookies

We use only essential cookies — see our Cookie Policy.

Contact

Privacy questions or requests: privacy@taxsqr.com. Security matters: security@taxsqr.com.