Privacy Policy
1. Introduction
Welcome to X.TAX ("X.TAX," "we," "our," or "us"). We are dedicated to protecting your personal information and ensuring compliance with applicable privacy laws and regulations. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our income tax return filing services. By using our services, you consent to the practices outlined in this Privacy Policy.
2. Information We Collect
We collect the following types of personal data when you interact with our services, which may include sensitive personal data grouped as follows:
2.1 Personal Information
Full name, date of birth, address, and contact details (email, phone number); Social Security Number (SSN) or Taxpayer Identification Number (TIN); Employer and income details, financial records, and tax-related data; Payment information for processing service fees; Any other personal details necessary for tax return preparation and filing.
2.2 Financial Information
Bank account and routing numbers for direct deposit or payment processing; Tax deductions, credits, and refund details; Documents and forms, including W-2, 1099, and other tax-related files.
2.3 Document Data
Files you upload for tax return processing, including PDF documents; Optical Character Recognition (OCR) processed data extracted from uploaded documents.
2.4 Technical Information
IP address, browser type, operating system, and access times; Device identifiers and cookies used for security, fraud prevention, and analytics.
3. How We Collect and Use Your Information
3.1 Collection Methods
We use different methods to collect data from and about you including through direct interactions, automated technologies or interactions, and third parties or publicly available sources.
Direct Interactions: You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email, chatbot or otherwise. This includes applying for our products or services, creating an account on our website, uploading files, connecting via API or other integrations, subscribing to our service or publications, requesting marketing to be sent to you, interacting with us at conferences or events, entering a competition, promotion, or survey, or providing us with feedback or contacting us.
Automated Technologies or Interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
Third Parties or Publicly Available Sources: We will receive personal data about you from various third parties and public sources. Technical Data is received from analytics providers such as Convertkit to analyse the use of and improve the functionality of our website.
3.2 How We Use Information
We use the information collected to prepare and file tax returns with the IRS and relevant state agencies; verify your identity and prevent fraud; process payments and send billing-related communications; provide customer support and respond to inquiries; comply with legal and regulatory requirements; allow tax professionals to assist you with questions or tax preparation; obtain, manage, or market services in connection with the preparation of tax returns; and provide you with our tax preparation products and services.
Except as necessary to provide you with tax preparation services or as authorized by law, we will not use or disclose your Tax Preparation Information including to our affiliates and subsidiaries, if any without your consent.
3.3 Lawful Basis
X.TAX generally acts as a processor on behalf of our Customers. When we process Personal Data as a data controller, we do so on the following legal bases: to perform our contract with you for the use of the Services; in reliance on our legitimate interests in administering, operating, and supporting the Services; in reliance on our legitimate interests in enforcing our terms of service agreement and applicable law; in reliance on our legitimate interests in preventing fraud and abuse; for compliance with legal obligations; in reliance on our legitimate interests in improving the Services; in reliance on our legitimate interests in supporting our marketing activities; in reliance on our legitimate interests in providing network and information security; and when you provided us with your consent.
4. Data Retention Policy
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with You.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
X.TAX will securely delete or, at your option, return all personal data to customer, and securely delete any existing copies of the personal data, unless further storage of the personal data is required by applicable law, in which case X.TAX will continue to ensure the privacy, security and confidentiality of the personal data; will not process the personal data further except to maintain it for three (3) years and securely store it for four (4) years in archive; will continue to comply with the obligations under the terms of the Agreement with the customer; and will securely delete the personal data immediately after X.TAX's duty under applicable law to retain it expires.
5. Data Storage and Security
Your data is stored securely within our environment and is not transferred outside the United States. We employ technical and organizational security measures, including encryption, access controls, and secure servers to protect your information. Regular audits and security assessments are conducted to ensure data integrity and compliance. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
That said, regardless of our continuous efforts to protect your privacy, we cannot guarantee that our Services will be immune from any wrongdoings, malfunctions, bugs, unlawful interceptions or access, or other kinds of abuse and misuse which may compromise your privacy. As the security of information depends in part on the security of the computer, device, or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
6. Legal Rights with Respect to Your Personal Information
Depending on your location and applicable privacy laws, you may have the following rights regarding your personal information, which you may exercise by contacting us at info@x.tax:
Right to Access: You may request a copy of your personal information that we hold in an understandable format. You may also inquire about the categories of personal information processed, the purposes of processing, the categories of third parties to whom your data may be disclosed, retention periods, and other related rights.
Right to Correction: You may request that we correct any inaccurate personal information. If your personal information is processed by a third party on our behalf, we will notify them of your request.
Right to Data Portability: You may request that we transfer your personal information to another entity, provided that we process the data based on your consent or under contract and that processing is automated.
Right to Deletion: You may request that we delete your personal information from our systems. We will make commercially reasonable efforts to remove your information, including from partner systems. However, some data may need to be retained due to legal or regulatory obligations.
Right to Object or Restrict Processing: In certain circumstances, you may object to or request restrictions on our processing of your personal information. If legal exceptions apply, we will inform you of the basis for continued processing. You may also ask us to suspend the processing of your personal data if you want us to establish the data's accuracy, where our use of the data is unlawful but you do not want us to erase it, where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to Withdraw Consent: If we have collected and processed your personal information with your consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing prior to withdrawal.
Right to Lodge a Complaint: You have the right to file a complaint regarding our use of your personal information with a relevant data protection authority.
To protect your privacy and security, we may require you to verify your identity before processing your request. We will endeavour to respond within 30 days and notify you if additional time is required.
If you are a Nevada Resident and wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: info@x.tax
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
7. Use of AI and OCR Technology
We use Optical Character Recognition (OCR) technology to read and process PDF documents submitted for tax filing. However, no artificial intelligence (AI)-based decision-making is applied to user data.
8. Data Sharing and Disclosure
We may use some tools, apps and third-party services to help us manage our business, including managing customer interactions, communicating with you, and storing data (including personal information). If these tools are provided by third-party vendors, we perform due diligence and use contractual measures to safeguard your data. Categories of third-party vendors with whom we share your personal information, include Stripe for payment processing and external third-party software for assistance with tax return filing.
We do not sell or share your personal data with third parties except as specified above and for when required to file your tax return with the IRS or state tax agencies; when mandated by law, court order, or regulatory compliance; and to protect the rights, property, or safety of our company, users, or the public.
9. Data Transfer Outside the United States
We do not transfer user data outside of the United States. All data processing and storage occur within domestic, secure environments.
10. Data Deletion and Account Deactivation
You may request account deactivation and deletion of your data by sending an email to info@x.tax. We will process such requests in accordance with applicable laws and IRS retention requirements.
11. California Privacy Rights
As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
11.1 Access
You may request that we provide information about how we have collected and used your Personal Information during the past 12 months, including the categories of Personal Information we have collected about you, the sources from which that information was collected, the business or commercial purpose for collecting, selling, and/or sharing your Personal Information, the categories of Personal Information we shared or sold about you, the categories of third parties to whom we shared or sold Personal Information about you, and the categories of Personal Information we disclosed for a business purpose.
11.2 Request a Copy of Your Personal Information
You may request a copy of the Personal Information by sending an email to info@x.tax.
11.3 Correction
You can edit and correct your Personal Information at any time by changing it directly in our products and services.
11.4 Deletion
You may have the right, under certain circumstances, to request that we delete the personal information you have provided to us. You may delete your Personal Information by sending us an email at info@x.tax. Once we receive and confirm your legitimate request, we will delete your Personal Information from our records within one month, unless an exception applies or as may be required under applicable laws.
11.5 Opt-out of Sales and/or Sharing
We may use services that help deliver interest-based ads to you. The California Consumer Privacy Act ("CCPA") may classify our use of some of these services as "sharing" your Personal Information with the advertising partners that provide the services. You can opt-out of the "sharing" of your personal information by sending an email to the designated email address (info@x.tax). We do not knowingly sell Personal Information under the CCPA.
11.6 California Shine the Light
Customers who are California residents may request certain information concerning the categories of personal information (if any) we disclose to third parties or affiliates for their direct marketing purposes. If you would like more information, please submit a written request to us using the contact information provided below.
11.7 Non-discrimination
You have the right to be free from discrimination or retaliation related to your exercise of any of your California privacy rights.
11.8 Verification
You must submit a Verifiable Consumer Request. In order to protect your personal information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect your account has been accessed without your authorization, we may ask you to provide additional personal information for verification. If we are unable to confirm your identity, we may refuse your rights request.
11.9 Authorized Agent
You may designate an authorized agent to submit a request on your behalf and to exercise your rights for you. Your agent may contact us at info@x.tax to make a request on your behalf. Even if you choose to use an agent, we will require documentation demonstrating your agent's authority to submit requests on your behalf (e.g., a valid power of attorney or other documentation, including a letter, signed by you (the California resident) authorizing the agent to submit your requests).
12. Opt out of Marketing Communication and Contact Information
12.1 E-mail
You can opt out of marketing communications from X.TAX at any time by clicking "unsubscribe" at the bottom of the e-mail or sending us a note at the designated email address. We will stop sending you marketing and promotional emails, but we will still respond to questions or requests and communicate with you about your account. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
12.2 Queries
For questions or concerns about this Privacy Policy, please contact us at Email: info@x.tax or Mailing Address: 5900 Balcones Drive #22662, Austin, TX, 78731
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. By using our services, you acknowledge and agree to the terms of this Privacy Policy.
14. Additional Information
Our Services are not designed to attract children under the age of 16. We do not knowingly collect personal data from children and do not wish to do so. If we learn that a person under the age of 16 is using the Services, we will attempt to prohibit and block such use and will make our best efforts to promptly delete any personal data stored by us about such child. If you believe that we might have any such data, please contact us by e-mail at info@x.tax.