Privacy Policy

Last updated: February 1, 2025

1. Introduction

Upstaxx, Inc. ("Upstaxx," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Platform").

By accessing or using the Platform, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, and login credentials when you create an account.
  • Profile & Tax Information: Filing status, income details, dependents, business entities, and other tax-related data you enter into the Platform.
  • Financial Account Credentials: When you connect bank accounts, brokerage accounts, or other financial services through third-party providers (such as Plaid), we receive account information, transaction history, and balance data. We do not store your bank login credentials directly.
  • Documents: Receipts, tax forms, invoices, and other documents you upload.
  • Communications: Messages you send through our AI assistant (Mr. Green), customer support inquiries, and feedback.
  • Payment Information: Billing details processed through our payment provider (Stripe). We do not store full credit card numbers on our servers.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the Platform, clicks, and navigation patterns.
  • Device Information: Browser type, operating system, device identifiers, IP address, and screen resolution.
  • Location Data: Approximate location based on IP address. If you use mileage tracking, GPS data with your explicit permission.
  • Cookies & Tracking Technologies: We use cookies, pixel tags, and similar technologies to enhance your experience and analyze usage. See Section 7 for more details.

2.3 Information from Third Parties

  • Financial Data Providers: Transaction data, account balances, and account details from Plaid, Coinbase, Robinhood, QuickBooks, and similar services you authorize.
  • Authentication Providers: Identity verification data from our authentication partner (Clerk).
  • Public Records: Publicly available business registration data relevant to tax strategy recommendations.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Platform and its features.
  • Generate personalized tax strategies, deduction recommendations, and savings estimates.
  • Auto-categorize transactions and identify potential tax deductions.
  • Power the Mr. Green AI assistant with context about your financial situation.
  • Pre-fill tax forms and generate CPA-ready documentation.
  • Send notifications about tax deadlines, savings opportunities, and account activity.
  • Process payments and manage your subscription.
  • Provide customer support and respond to inquiries.
  • Detect, prevent, and address fraud, security issues, and technical problems.
  • Comply with legal obligations, including tax reporting requirements.
  • Conduct analytics and research to improve our services.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: Third-party vendors who help us operate the Platform (e.g., cloud hosting, payment processing, analytics, email delivery). These providers are contractually obligated to protect your data.
  • Financial Data Partners: Plaid and similar providers, only as necessary to retrieve and update your financial data at your direction.
  • CPA Professionals: If you choose to share a CPA package or grant CPA access, the designated tax professional will receive the specific data you authorize.
  • Legal Requirements: When required by law, subpoena, court order, or to protect our rights, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
  • With Your Consent: When you explicitly authorize sharing with other parties.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256).
  • Secure cloud infrastructure hosted on Amazon Web Services (AWS).
  • Regular security audits and vulnerability assessments.
  • Access controls limiting employee access to personal data on a need-to-know basis.
  • Multi-factor authentication for account access.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Tax-related data is retained for a minimum of seven (7) years to comply with IRS record-keeping recommendations. You may request deletion of your account and associated data at any time, subject to our legal retention obligations.

7. Cookies & Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for the Platform to function (authentication, security, preferences).
  • Analytics Cookies: Help us understand how users interact with the Platform to improve our services.
  • Functional Cookies: Remember your preferences and settings.

You can control cookie settings through your browser. Disabling certain cookies may affect Platform functionality.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request your data in a portable, machine-readable format.
  • Opt-Out: Opt out of marketing communications at any time.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@upstaxx.com.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt out of the sale of your personal information. As noted above, we do not sell personal information.

10. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last updated" date. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Upstaxx, Inc.

Email: privacy@upstaxx.com

Website: www.upstaxx.com