Privacy Policy

Last updated: March 25, 2026

1. Information We Collect

When you use TaxRosetta, we may collect:

  • Account information: Email address and password when you create an account.
  • Usage data: Questions you ask, documents you upload for scanning, and calculator inputs.
  • Payment information: Processed securely by Stripe. We never store your card number, CVC, or full payment details on our servers.
  • Device information: IP address, browser type, and operating system for security and rate limiting.

2. How We Use Your Information

  • To provide AI-powered tax education responses grounded in IRS publications.
  • To analyze uploaded IRS letters and generate plain-English translations.
  • To process payments and manage your subscription via Stripe.
  • To enforce rate limits and prevent abuse of our AI services.
  • To improve our service based on aggregated, anonymized usage patterns.

3. Third-Party Services

We use the following third-party services that process your data:

  • Supabase: Database and authentication. Your account data and conversation history are stored in Supabase's cloud infrastructure with encryption at rest.
  • Anthropic (Claude AI): Your questions and uploaded documents are sent to Anthropic's API for AI processing. Anthropic does not use your data for model training. See Anthropic's privacy policy.
  • Stripe: Payment processing. Stripe handles all payment data under PCI DSS Level 1 compliance. See Stripe's privacy policy.
  • Vercel: Hosting and content delivery.

4. Data Retention

  • Conversations: Stored as long as your account is active. Deleted upon account deletion request.
  • Uploaded documents: IRS letter images are processed and stored temporarily for your scan history. You can request deletion at any time.
  • Payment records: Retained as required by financial regulations (up to 7 years).

5. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your data ("right to be forgotten").
  • Opt out of the sale or sharing of your personal information (we do not sell your data).
  • Limit the use of sensitive personal information.

California residents have additional rights under the CCPA/CPRA. We do not sell personal information to third parties.

6. Security

We use encryption in transit (TLS/HTTPS) and at rest. Authentication is managed via Supabase with secure session handling. Payment data is handled exclusively by Stripe under PCI compliance. However, no method of transmission over the internet is 100% secure.

7. Children's Privacy

TaxRosetta is not intended for users under 18. We do not knowingly collect information from children.

8. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email.

9. Contact

For privacy-related inquiries, contact us at privacy@taxrosetta.com.