Privacy Policy
Effective Date: February 27, 2026 | Last Updated: February 27, 2026
Web Tax AI ("we," "us," or "our") operates a web-based tax document processing platform that classifies, extracts, and organizes data from tax forms for use with professional tax preparation software. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services at webtaxai.com (the "Service").
Our Core Commitment: We collect only the information necessary to prepare your tax return. Your Social Security Number (SSN) and other sensitive data are encrypted with AES-256-GCM at rest and are never sold, rented, or shared with third parties for marketing purposes.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address (used as your login identifier)
- Password (stored only as an irreversible bcrypt hash — we never see or store your actual password)
- First and last name (optional)
1.2 Tax Profile Information
To configure your tax return, we collect:
- Filing status (e.g., Single, Married Filing Jointly)
- Tax year
- State of residence
- Date of birth (optional — used for IRS Form 1040)
1.3 Taxpayer Identification Number (TIN)
You may optionally provide your SSN or Individual Taxpayer Identification Number (ITIN). This information is:
- Collected solely for the purpose of filing your tax return with the IRS
- Encrypted immediately upon receipt using AES-256-GCM encryption
- Stored in encrypted form only — the full number is never visible in our database
- Displayed to you only as a masked value (e.g., ***-**-1234)
1.4 Tax Documents
When you upload documents for processing, we receive and analyze:
- Tax forms (W-2, 1099 series, K-1, Schedules A/C/D/E/F, and 100+ other IRS form types)
- Financial data contained in those forms (income, deductions, credits, withholdings)
- Personal information appearing on those forms (names, addresses, employer information)
1.5 Technical Information
We automatically collect:
- IP address and approximate location (for security and fraud prevention)
- Browser type and device information (User-Agent)
- Login timestamps and session activity
1.6 Payment Information
We use Stripe as our payment processor. When you make a payment, your credit card number and billing details are entered directly on Stripe's secure checkout page. We never receive, process, or store your credit card number. We only receive a payment confirmation (transaction ID, amount, and status) from Stripe.
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Tax document classification and data extraction | Uploaded tax documents |
| Tax return preparation and export to tax software | Tax profile, TIN, extracted financial data |
| Account creation and authentication | Email, password hash |
| Payment processing | Order details sent to Stripe (no card data) |
| Security monitoring and fraud prevention | IP address, login activity, device info |
| Customer support and service improvement | Account info, order history |
We do not use your information for:
- Advertising or marketing to third parties
- Selling or renting to data brokers
- Profiling for non-tax-related purposes
3. How We Protect Your Information
3.1 Encryption
| Data Type | Protection Method |
|---|---|
| SSN / ITIN | AES-256-GCM encryption at rest (industry gold standard) |
| Passwords | bcrypt with 12 rounds (one-way hash, unrecoverable) |
| Session tokens | SHA-256 hashed storage; 15-minute access token expiry |
| Data in transit | HTTPS / TLS 1.2+ on all connections |
3.2 Access Controls
- Multi-tenant isolation: Your data is logically separated from all other users. Every database query is scoped to your account.
- Role-based access: Only authorized administrators can access account data, and all access is logged.
- Account lockout: After 5 failed login attempts, your account is temporarily locked for 15 minutes to prevent brute-force attacks.
3.3 Audit Trail
We maintain a comprehensive audit log of all sensitive operations, including logins, data access, TIN operations, and payment events. These logs are retained permanently and are used exclusively for security monitoring and compliance purposes.
4. Third-Party Services
We use the following third-party services to operate the platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Gemini API | AI-powered document classification and data extraction | Images/content of uploaded tax documents. No SSN, name, or personal identifiers are included in AI prompts. |
| Stripe | Payment processing | Order amount and currency. Card details are entered directly on Stripe's hosted page — never on our servers. |
Each third-party provider operates under its own privacy policy and data protection standards. We select providers that meet or exceed industry-standard security practices.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Uploaded tax documents | 90 days after processing, then automatically deleted |
| Extraction results and export files | 1 year (to support the tax filing season and amendments) |
| Account information | Until you request account deletion |
| Encrypted TIN (SSN/ITIN) | Until you delete it or request account deletion |
| Payment records | 7 years (IRS record-keeping requirement) |
| Audit logs | Retained permanently for security and compliance |
6. Your Rights
You have the right to:
- Access: View the personal information we hold about you through your account dashboard.
- Correction: Update your account information, tax profile, or TIN at any time.
- Deletion: Request deletion of your account and all associated data. We will process your request within 30 days, except where retention is required by law (e.g., payment records for tax compliance).
- Data Portability: Download your extracted tax data in standard formats (Excel, JSON).
- Withdraw Consent: Remove your SSN/ITIN from our system at any time via your account settings.
To exercise any of these rights, contact us at the address listed in Section 10.
7. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request a detailed list of the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- No Sale of Personal Information: We do not sell your personal information to any third party. We have not sold personal information in the preceding 12 months.
To submit a CCPA request, email us at the address listed in Section 10 with the subject line "CCPA Request." We will verify your identity before processing any request.
8. Children's Privacy
Our Service is not directed to individuals under the age of 18. Only adults (age 18 or older) may create an account and use our platform.
8.1 Dependent Minor Information
In the course of tax preparation, we may process personal information of minors who are claimed as dependents on a tax return. This information — which may include the minor's name, SSN/ITIN, date of birth, and relationship to the taxpayer — is:
- Provided by the parent or legal guardian who holds the account
- Collected solely for the purpose of preparing and filing the tax return as required by the IRS
- Subject to the same encryption and security protections as all other sensitive data (see Section 3)
- Never used for marketing, profiling, or any purpose unrelated to tax preparation
Parents and legal guardians may request access to, correction of, or deletion of their dependent's information at any time by contacting us (see Section 10).
8.2 Direct Collection from Minors
We do not knowingly allow individuals under 18 to create accounts or directly submit personal information. If we become aware that a minor has created an account without parental consent, we will take steps to delete that account and associated data promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email or a prominent notice on our Service
- Obtain your consent again if the changes affect how we use your TIN or other sensitive data
Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.
10. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or have a complaint about how we handle your data, please contact us:
Web Tax AI
Email: privacy@webtaxai.com
Subject Line: "Privacy Inquiry"
We aim to respond to all privacy-related inquiries within 10 business days.