Data Usage Policy

1. Overview

This Data Usage Policy explains how Taxu collects, processes, stores, and uses your data to provide our AI-powered tax filing services. We are committed to transparency about our data practices.

2. Data Collection

Tax Information

We collect tax-related data including:

• Personal identification information (SSN, name, address)
• Income information (W-2s, 1099s, business income)
• Deduction and credit information
• Prior year tax returns
• Supporting documents and receipts

Financial Information

• Bank account details for refund deposits
• Payment information for service fees
• Investment and retirement account information

Usage Data

• How you interact with our platform
• Features and tools you use
• Time spent on different sections
• Device and browser information

3. AI and Machine Learning

How We Use AI

Taxu uses artificial intelligence and machine learning to:

• Automatically extract information from uploaded tax documents
• Identify potential deductions and credits you may qualify for
• Provide personalized tax recommendations
• Answer tax questions through our AI assistant Sophie
• Detect errors and inconsistencies in tax returns
• Estimate refund amounts and tax liabilities

Training Data

We use aggregated, anonymized data to improve our AI models:

• Personal identifying information is removed before training
• Data is aggregated across thousands of users
• Individual tax returns cannot be reconstructed from training data
• You can opt out of having your data used for model training

4. Data Processing

Automated Processing

We use automated systems to:

• Process and categorize uploaded documents
• Calculate tax obligations and refunds
• Generate tax forms and schedules
• Validate information for accuracy
• Flag potential audit risks

Human Review

In certain situations, trained tax professionals may review your information:

• Complex tax situations requiring expert judgment
• Quality assurance and accuracy checks
• Customer support inquiries
• Audit assistance requests

5. Data Storage

Storage Infrastructure

• Data is stored in SOC 2 Type II certified data centers
• Multiple geographic regions for redundancy
• Encrypted at rest using 256-bit AES encryption
• Regular backups with 99.99% durability

Data Segregation

• Each user's data is logically isolated
• Sensitive data (SSN, bank accounts) stored in separate encrypted vaults
• Access controls based on least privilege principle
• Audit logs for all data access

6. Data Sharing

Third-Party Services

We share data with trusted partners for:

• IRS e-file: Transmitting tax returns to tax authorities
• Payment processors: Processing service fees and refunds
• Cloud providers: Hosting and infrastructure (AWS, Google Cloud)
• Analytics: Understanding usage patterns (anonymized data only)

Data Sharing Controls

• All third parties sign data processing agreements
• Regular security audits of partner systems
• Minimum necessary data shared for each purpose
• You can request a list of all data processors

7. Data Retention

Retention Periods

• Tax returns: 7 years (IRS statute of limitations)
• Supporting documents: 7 years
• Account information: Duration of account + 7 years
• Payment records: 7 years for tax purposes
• Usage logs: 90 days (operational), 2 years (security)

Data Deletion

You can request deletion of your data, subject to:

• Legal requirements to retain tax records
• Ongoing tax filing or audit processes
• Outstanding payment obligations
• Fraud prevention and security needs

8. Data Access and Control

Your Rights

• Access: View all data we have about you
• Correction: Update inaccurate information
• Export: Download your data in portable format
• Deletion: Request removal of your data
• Opt-out: Exclude data from AI training

Exercising Your Rights

To exercise these rights:

• Log in to your account and visit Settings → Privacy
• Email privacy@taxu.ai with your request
• Call 1-800-TAXU-HELP and speak with support

9. Data Security

Technical Safeguards

• End-to-end encryption for data in transit (TLS 1.3)
• 256-bit AES encryption for data at rest
• Multi-factor authentication required for access
• Regular penetration testing and security audits
• Intrusion detection and prevention systems
• 24/7 security monitoring and incident response

Organizational Safeguards

• Background checks for all employees
• Regular security training and awareness programs
• Strict access controls and audit logging
• Incident response and breach notification procedures

10. Compliance

Our data practices comply with:

• IRS Publication 1075 (Safeguarding Tax Information)
• Gramm-Leach-Bliley Act (GLBA)
• California Consumer Privacy Act (CCPA)
• General Data Protection Regulation (GDPR) where applicable
• SOC 2 Type II standards
• PCI DSS for payment card data

11. Changes to This Policy

We may update this Data Usage Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or prominent notice on our platform.

12. Contact Us

Questions about our data usage practices? Contact our Data Protection Officer:

Email: privacy@taxu.ai
Address: 123 Innovation Drive, San Francisco, CA 94105
Phone: 1-800-TAXU-HELP