Privacy Policy

This Privacy Policy (“Policy”) applies to the websites, applications, and services offered by TaxOikos LLC (“TaxOikos,” “we,” “us,” or “our”) that link to this Policy. By using our services, you agree to this Policy. If you do not agree, please do not use TaxOikos.

1. Who we are

TaxOikos LLC operates TaxOikos, an AI-assisted personal finance and tax document organization and analysis platform. We are based in the United States. For privacy inquiries: support@taxoikos.com.

2. Information we collect

We collect information in the following categories, depending on how you use TaxOikos:

2.1 Account and profile information

When you register or update your account, we may collect your name, email address, password (stored only in hashed form), phone number if you provide it, and preferences you set in the product.

2.2 Financial and tax-related content you upload or enter

You may upload documents (for example PDF tax returns, W-2s, 1099s, receipts, bank or card statements) or enter income, expense, and planning data. This content may include Social Security numbers, employer identification numbers, account identifiers, income figures, deductions, and similar sensitive data only because you choose to provide it to use the service.

2.3 Usage and technical data

We collect information such as IP address, device type, browser type, approximate location derived from IP, pages or features accessed, timestamps, and diagnostic logs needed to operate and secure the service.

2.4 Payment information

Payments are processed by our payment partners (see Section 8). We do not store full payment card numbers on TaxOikos servers; our partners collect and process card data according to their terms and privacy policies.

2.5 Communications

If you contact support or subscribe to emails, we retain the content of those communications and your contact details as needed to respond and improve service.

3. How we use your information

We use the information above to:

• Provide, maintain, and improve TaxOikos features (including document parsing, dashboards, and analysis outputs);
• Authenticate your account and prevent fraud or abuse;
• Process transactions and communicate about billing or account status;
• Send service-related and, where permitted, marketing communications (you may opt out of marketing as described in your account or via unsubscribe links);
• Comply with legal obligations and enforce our Terms of Service;
• Generate aggregated or de-identified statistics that do not identify you.

4. Artificial intelligence and Anthropic

Certain features use large language and vision models provided by Anthropic, PBC (“Anthropic”) to interpret documents and generate suggestions or summaries. When you use those features:

• Relevant portions of your content (for example text extracted from an uploaded PDF or images of document pages) may be transmitted to Anthropic’s API for processing;
• Anthropic processes such data under Anthropic’s agreements and policies applicable to API customers;
• We configure our integration to use TaxOikos for business purposes only and do not sell your personal information to Anthropic.

You should not upload information you are not authorized to share with an AI subprocessors. For more on limitations of AI output, see our Disclaimer and Terms of Service.

5. Security and encryption

We employ administrative, technical, and organizational measures designed to protect your information, including:

• Encryption at rest: Uploaded files and related storage may be protected using AES-256-GCM (or comparable standards we describe in-product) where implemented in our stack;
• Encryption in transit: Data is transmitted over TLS (HTTPS);
• Access controls: Authentication, least-privilege access for personnel, and database protections including row-level security where deployed;
• Column-level encryption for certain sensitive database fields where implemented.

No method of storage or transmission is 100% secure. You are responsible for maintaining the confidentiality of your password and for activity under your account.

6. Data retention

We retain personal and tax-related information for as long as your account is active and as needed to provide the service, comply with law, resolve disputes, and enforce agreements.

Unless you delete content earlier or we agree otherwise, tax-related documents and associated records are retained for at least seven (7) years where consistent with IRS recordkeeping recommendations and our product design. After retention periods end, we delete or de-identify information where feasible.

You may request deletion subject to legal exceptions and technical limits; see Section 7.

7. Your rights (including Colorado residents)

If you are a resident of Colorado or another U.S. state with applicable privacy laws, you may have rights including:

• Access: Request a copy of categories and specific pieces of personal data we hold about you;
• Correction: Request correction of inaccurate personal data;
• Deletion: Request deletion of personal data, subject to exceptions (for example records we must retain for legal or security reasons);
• Export / portability: Request a machine-readable copy of certain data you provided, where technically feasible;
• Opt-out of sale: We do not sell personal information as defined under the Colorado Privacy Act (see Section 9);
• Appeal: If we deny a request, you may appeal by contacting us at the email below with “Privacy Appeal” in the subject line.

Colorado Privacy Act: Colorado residents may exercise these rights free of discrimination for exercising them. We will verify your identity before fulfilling requests. Authorized agents may submit requests on your behalf with proper documentation.

To submit a request: support@taxoikos.com. We will respond within the timeframes required by applicable law.

8. Third parties (limited)

We share personal information only with the categories of third parties necessary to operate TaxOikos. As of the Last updated date, the only categories of third-party service providers we use for core processing (beyond generic infrastructure such as hosting/DNS/email delivery that does not by default access tax document content) are:

• Anthropic — AI document analysis and text generation (API);
• ThriveCart — checkout, subscriptions, and customer portal for purchases;
• Stripe — payment processing (often used directly or indirectly with ThriveCart).

We may also use standard infrastructure providers (e.g., cloud hosting, logging, email delivery) under contracts that restrict use of data. We do not allow these providers to use your tax documents for their own marketing. If we add material new subprocessors, we will update this Policy or notify you as required by law.

9. We do not sell your personal information

TaxOikos does not sell your personal information to third parties for money or other valuable consideration. We do not share personal information for cross-context behavioral advertising as a “sale” under the Colorado Privacy Act.

10. Children’s privacy

TaxOikos is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have done so, contact us and we will delete it.

11. International users

TaxOikos is operated in the United States. If you access the service from outside the U.S., you consent to transfer and processing of your information in the U.S., which may have different data protection rules than your country.

12. Changes to this Policy

We may update this Policy from time to time. We will post the revised version with a new “Last updated” date. If changes are material, we will provide additional notice as required by law (for example email or in-app banner).

13. Contact

TaxOikos LLC
Email: support@taxoikos.com