Legal

Privacy Policy

Last updated: February 22, 2026

TaxPilot (“we,” “us,” or “our”) is operated by Small Pond Productions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application, Chrome extension, and related services (collectively, the “Service”).

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored as a bcrypt hash). If you sign in with Google, we receive your name, email, and profile picture from Google OAuth.

Expense Data

You may manually enter expense information including vendor names, amounts, dates, descriptions, and categories. In the future, if you connect a bank account via Plaid, we will receive read-only transaction data (we will never have access to your banking credentials or the ability to move your money).

Chrome Extension Data

If you install the TaxPilot Chrome extension, it may detect purchase information on supported e-commerce websites (such as merchant name, amount, and date). This data is only sent to our servers when you explicitly choose to save a detected purchase as an expense.

Usage Data

We collect standard usage data such as IP address, browser type, pages visited, and feature usage to improve the Service.

Payment Information

Payment processing is handled entirely by Stripe. We never receive, store, or have access to your full credit card number. We receive only the information necessary to manage your subscription (last four digits, expiration date, and billing address).

2. How We Use Your Information

  • Expense categorization: We use AI (powered by Anthropic Claude) to automatically categorize your expenses against IRS Schedule C deduction categories.
  • Tax calculations: We use your expense data to calculate estimated tax savings, deductions, and quarterly estimated tax payments.
  • Service improvement: We use aggregated, de-identified data to improve our AI categorization accuracy and product features.
  • Communications: We send transactional emails (account verification, billing confirmations) and, if you opt in, marketing emails (tax tips, product updates). You can unsubscribe from marketing emails at any time.
  • Account management: We use your information to manage your account, process payments, and provide customer support.

3. AI Data Processing

We use Anthropic's Claude AI to categorize expenses and identify potential tax deductions. When processing your expenses through AI:

  • Only the expense description, amount, and vendor name are sent to the AI — not your personal identity or account details.
  • Anthropic does not use your data to train their models (per their commercial API terms).
  • AI categorization results are stored in our database and associated with your account.
  • You can override any AI categorization at any time.

4. How We Share Your Information

We do not sell your personal information. We share data only with:

  • Stripe: For payment processing and subscription management.
  • Anthropic: For AI expense categorization (limited data as described above).
  • Plaid: For bank account connectivity (coming soon — if you choose to connect accounts).
  • QuickBooks: For accounting software sync (only if you enable integration).
  • Law enforcement: Only when required by law, subpoena, or court order.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Passwords are hashed with bcrypt (never stored in plaintext).
  • OAuth tokens for third-party integrations are encrypted before storage.
  • Bank connections (coming soon) will use read-only access — we will never be able to move your money.
  • Our infrastructure is hosted on Vercel and Neon (PostgreSQL), both of which maintain SOC 2 compliance.

6. Cookies

We use cookies for authentication (session management) and to remember your preferences. We do not use third-party advertising cookies. You can configure your browser to reject cookies, but some features of the Service may not function properly without them.

7. Your Rights and Choices

You have the right to:

  • Access your personal data — view all data we hold about you from your account settings.
  • Correct inaccurate data — update your account information at any time.
  • Delete your account and all associated data — contact us at support@gettaxpilot.com or use the delete account option in settings.
  • Export your data in a portable format (CSV).
  • Opt out of marketing communications at any time.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect and how it is used.
  • The right to delete personal information we hold about you.
  • The right to opt out of the sale of personal information. Note: we do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

To exercise these rights, email us at support@gettaxpilot.com.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all associated personal data within 30 days, except where we are required to retain it by law (e.g., billing records for tax purposes).

10. Children's Privacy

TaxPilot is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

TaxPilot (Small Pond Productions)

Email: support@gettaxpilot.com

Terms of Service|Back to Home