Privacy Policy

When you create an account, we collect your email address and any profile information you provide, such as your full name and business type.

When you upload invoices, we store the extracted metadata — vendor name, invoice amount, invoice date, and invoice number. We do not store the original invoice files indefinitely; raw files are processed and may be retained temporarily in secure cloud storage.

We collect your business settings including state, city, fiscal year start month, and estimated tax preferences so we can calculate quarterly estimates on your behalf.

We collect standard server logs including IP addresses, browser type, and page views for security and performance monitoring.

Your invoice metadata and business settings are used exclusively to generate estimated tax calculations, quarterly summaries, and year-over-year comparisons shown in your dashboard.

Your email address is used to send you account-related communications, and optionally, quarterly tax reminders if you enable them in Settings.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Aggregated, anonymised usage data may be used to improve the product. This data cannot be traced back to any individual user.

Your account data and invoice metadata are stored in Supabase, a managed PostgreSQL database hosted on AWS infrastructure. Data is encrypted at rest and in transit.

TaxTrack is hosted on Vercel. Application logs and edge function data are processed on Vercel's infrastructure.

Invoice files uploaded for extraction are sent to Anthropic's API for AI-powered field extraction. Anthropic processes these files according to their data handling policies. Files are not used to train Anthropic's models under our current API agreement.

Payment processing, when available, will be handled by Stripe. TaxTrack does not store payment card details.

Your account data is retained for as long as your account is active. If you delete your account, your personal data and invoice records will be permanently deleted within 30 days.

You can delete all invoices at any time from the Settings page without deleting your account.

Backup copies of data may persist in encrypted backups for up to 90 days after deletion as part of standard disaster recovery procedures.

Supabase — database, authentication, and file storage. Privacy policy at supabase.com/privacy.

Vercel — application hosting and edge network. Privacy policy at vercel.com/legal/privacy-policy.

Anthropic — AI invoice extraction via Claude API. Privacy policy at anthropic.com/privacy.

Stripe — payment processing (coming soon). Privacy policy at stripe.com/privacy.

Each service processes only the data necessary for their function. We encourage you to review their privacy policies.

You have the right to access the personal data we hold about you. You can view and edit most of it directly in your account settings.

You have the right to delete your data. Use the Settings page to delete invoices, or contact us to delete your account entirely.

You have the right to export your data. Contact us at the email below and we will provide a copy of your invoice metadata in a machine-readable format within 30 days.

If you are based in the European Economic Area, you may have additional rights under GDPR including the right to object to processing and the right to data portability.

If you have questions or concerns about this privacy policy or how your data is handled, please contact us at privacy@taxtrack.app.

We will respond to all privacy inquiries within 10 business days.