Privacy Policy

Effective Date: March 16, 2026
Last Updated: March 16, 2026

1. Introduction

H1B TaxFile ("H1B TaxFile," "we," "us," or "our") operates a tax return preparation platform specifically designed for H-1B visa holders and their families filing Form 1040 with the United States Internal Revenue Service (IRS). We are committed to protecting the privacy and security of every piece of information you entrust to us. This Privacy Policy describes in detail how we collect, use, disclose, store, retain, and protect your personal information and tax return information when you use our website, applications, and services (collectively, the "Service").

We are classified as a "tax return preparer" under Internal Revenue Code Section 7216 and its implementing regulations at 26 CFR 301.7216-1(b)(2)(i)(B), which means that the information you provide to us in connection with the preparation of your tax return is subject to federal criminal protections governing its disclosure and use. We take these obligations seriously, and this Privacy Policy is designed to clearly explain our practices in compliance with all applicable federal and state laws.

This Privacy Policy applies to all users of the Service, including visitors to our public website, registered account holders, and individuals who use our tax return preparation features. It covers information collected through:

• Our website at h1btaxfile.com and all associated subdomains
• Our tax return preparation wizard and all related features
• Our document upload and AI-assisted extraction features (when you opt in)
• Our payment processing integration with Stripe
• Our account creation and authentication systems
• Any communications between you and our support team, including email correspondence

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, you should not use the Service. We encourage you to read this Privacy Policy in its entirety before providing any personal information to us.

This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of the Service and include important disclaimers, limitations of liability, and other terms.

2. Information We Collect

We collect various categories of information to provide, maintain, and improve the Service. The specific information we collect depends on how you interact with the Service and which features you use. Below is a detailed breakdown of each category of information we may collect.

2.1 Personal Identification Information

When you create an account and use the Service to prepare your tax return, we collect personal identification information necessary for completing Form 1040 and its associated schedules. This includes:

• Full legal name (first name, middle initial, and last name) as it appears on your Social Security card or ITIN letter, for both the primary taxpayer and spouse (if filing jointly)
• Date of birth for the primary taxpayer, spouse (if applicable), and all dependents claimed on the return
• Current mailing address including street address, apartment or unit number, city, state, and ZIP code, as required by the IRS for Form 1040
• Filing status (Single, Married Filing Jointly, Married Filing Separately, Head of Household, or Qualifying Surviving Spouse)
• Visa and immigration status including current visa type (H-1B, H-4, L-1, L-2, F-1, etc.), visa start and end dates, and any changes of status during the tax year
• Citizenship and residency information including country of citizenship, country of tax residence, and whether you are a U.S. citizen, resident alien, or nonresident alien
• Dependent information including each dependent's full name, date of birth, relationship to the taxpayer, number of months lived with the taxpayer, and whether they are a qualifying child or qualifying relative under IRC Section 152

2.2 Tax Identification Numbers (SSN and ITIN)

We collect Social Security Numbers (SSNs) and Individual Taxpayer Identification Numbers (ITINs) because the IRS requires these on Form 1040 and virtually every supporting schedule and form. However, we implement a strict "late-binding SSN" architecture designed to minimize the time your SSN exists in our systems:

• Late-binding collection: Your SSN or ITIN is collected only at Step 6 of our 7-step wizard (the "Review & SSN" step), not during account creation, not during income entry, and not during any earlier step. Steps 1 through 5 of the wizard do not request, accept, or store your SSN in any form. This means your SSN is not present in our database for the majority of the preparation process.
• Immediate encryption: When you enter your SSN at Step 6, it is encrypted at the application level before being stored in the database. We use field-level encryption (via pgcrypto), which means the SSN is encrypted as an individual field rather than relying solely on database-level or disk-level encryption. Even our own database administrators cannot read your SSN without the application-level decryption key.
• Purpose limitation: Your SSN is used exclusively for populating the SSN fields on your tax return PDF. It is never used as a database key, account identifier, or for any purpose other than generating your tax return documents.
• Dependent SSNs/ITINs: SSNs and ITINs for your spouse and dependents are collected and handled with the same late-binding, encrypted approach. For dependents with ITINs (rather than SSNs), the system automatically adjusts eligibility for certain credits such as the Child Tax Credit, which may be downgraded to the Other Dependent Credit per IRC Section 24(h)(4)(A).

2.3 Income and Financial Data

To accurately compute your federal tax return, we collect comprehensive income and financial information. This data may be entered manually by you or extracted from documents you upload (with your consent for AI-assisted extraction). The income data we collect includes:

• W-2 wage and tax statements: Employer name and address, Employer Identification Number (EIN), federal wages (Box 1), Social Security wages (Box 3), Medicare wages (Box 5), federal income tax withheld (Box 2), Social Security tax withheld (Box 4), Medicare tax withheld (Box 6), state wages and withholding, and all other boxes reported on your W-2
• Form 1099-INT (Interest Income): Payer name and TIN, interest income, early withdrawal penalties, U.S. savings bond interest, federal tax withheld, and tax-exempt interest
• Form 1099-DIV (Dividends and Distributions): Ordinary dividends, qualified dividends, total capital gain distributions, unrecaptured Section 1250 gain, Section 1202 gain, collectibles (28%) gain, nondividend distributions, federal tax withheld, foreign tax paid, and foreign country or U.S. possession
• Form 1099-B (Proceeds from Broker Transactions): Date acquired, date sold, proceeds, cost basis, gain or loss, wash sale loss disallowed, type of gain (short-term or long-term), and whether cost basis was reported to the IRS. For RSU and ESPP dispositions common among H-1B holders, we capture the basis adjustment needed to correct the common $0 cost basis reporting error
• Form 1099-R (Retirement Distributions): Gross distribution, taxable amount, distribution code, and federal/state tax withheld
• Form 1099-NEC (Nonemployee Compensation): Payer name and TIN, nonemployee compensation amount, and federal tax withheld, including amounts relevant for H-4 EAD spouse self-employment income
• Form 1099-MISC (Miscellaneous Income): Various income types including rents, royalties, other income, fishing boat proceeds, and substitute payments in lieu of dividends
• Schedule K-1 data: Distributive share items from partnerships (Form 1065), S corporations (Form 1120-S), and trusts/estates (Form 1041), including ordinary income, rental income, interest, dividends, capital gains, Section 179 deductions, and self-employment earnings
• Self-employment income: Gross receipts, business expenses, and net profit or loss for Schedule C activities, particularly relevant for H-4 EAD spouses with freelance or consulting income
• Rental income and expenses: Gross rent received, mortgage interest, property taxes, depreciation, insurance, repairs, and other expenses for rental properties
• Other income: Gambling winnings, jury duty pay, prizes and awards, cancellation of debt, and any other income reportable on Schedule 1

2.4 Foreign Financial Information

As a platform specifically designed for H-1B visa holders, we collect additional information related to foreign financial assets and accounts that are subject to U.S. tax reporting requirements. This includes:

• FATCA (Form 8938) accounts: Details of specified foreign financial assets reported under the Foreign Account Tax Compliance Act, including account type (deposit, custodial, or other financial account), name and address of the foreign financial institution, account number, maximum account value during the tax year, and income earned from the account. The reporting thresholds are $50,000 at the end of the year or $75,000 at any time during the year for single filers, and $100,000 at the end of the year or $150,000 at any time during the year for married filing jointly
• Indian retirement accounts (EPF/PPF): Account details for the Employees' Provident Fund (EPF) and Public Provident Fund (PPF), including contribution amounts, interest earned (reportable on Schedule B), withdrawal amounts (reportable on Schedule 1), Tax Deducted at Source (TDS) by the Indian government (which may qualify for the Foreign Tax Credit), and year-end balances for FATCA reporting
• NRE and NRO account details: Non-Resident External (NRE) and Non-Resident Ordinary (NRO) account information maintained with Indian banks, including interest earned, account balances, and any tax withheld by Indian authorities
• PFIC holdings (Form 8621): Information about Passive Foreign Investment Companies, which commonly include Indian mutual funds. This includes the PFIC name, address, country of incorporation, reference ID number, election type (Mark-to-Market or QEF), fair market value at the beginning and end of the tax year, and any excess distributions
• Foreign Tax Credit information (Form 1116): Taxes paid or accrued to foreign governments, organized by income category (passive, general limitation, Section 901(j), etc.), including the foreign country or U.S. possession, date paid, amount in foreign currency, exchange rate used, and U.S. dollar equivalent
• Foreign income: Any income earned from sources outside the United States, including foreign wages, foreign interest, foreign dividends, foreign rental income, and foreign self-employment income, with applicable INR-to-USD conversions calculated using IRS-published average exchange rates
• Treaty election information: If applicable, information related to income tax treaty positions between the United States and India (or other countries), including the applicable treaty article, the type of income affected, and the claimed benefit

2.5 Immigration and Visa Data

We collect immigration-related information because visa status directly affects tax filing requirements and eligibility for certain tax benefits. The immigration data we collect includes:

• Current visa type: H-1B, H-4, L-1, L-2, F-1, J-1, O-1, or other visa categories, including any changes of status that occurred during the tax year
• Substantial Presence Test (SPT) data: The dates of your physical presence in the United States during the current and two preceding calendar years, which we use to determine whether you qualify as a U.S. tax resident under the Substantial Presence Test (IRC Section 7701(b))
• Exempt individual days: If you transitioned from F-1 or J-1 status to H-1B status, the days you were exempt from the SPT as a student or teacher/researcher, which affects your residency start date
• Date of entry to the United States: Your most recent entry date and any periods of absence during the tax year, relevant for determining your residency start date and eligibility for dual-status filing
• Residency start and end dates: For taxpayers with mid-year changes in residency status, the specific dates that determine the dual-status boundary
• H-4 EAD status: Whether your spouse holds an H-4 Employment Authorization Document, which affects their ability to earn income and the applicable tax treatment of that income

2.6 Uploaded Documents

You may upload documents to the Service for the purpose of extracting tax information. We support the upload of the following document types:

• W-2 forms (images, scanned PDFs, or electronic PDFs)
• 1099 forms (1099-INT, 1099-DIV, 1099-B, 1099-R, 1099-NEC, 1099-MISC, 1099-DA)
• Brokerage statements showing RSU/ESPP transaction details
• Schedule K-1 forms from partnerships, S corporations, or trusts
• Foreign bank statements showing interest earned and tax withheld
• Indian retirement account (EPF/PPF) statements
• Any other tax-related documents you choose to upload

Uploaded documents are stored in encrypted cloud storage (Supabase Storage) hosted in the United States. If you opt into AI-assisted document extraction, your documents are sent to Google Cloud Document AI for optical character recognition (OCR) processing. This requires your explicit consent under our IRC 7216 consent framework, as described in Section 5 of this Privacy Policy. If you decline AI-assisted extraction, you may enter all data manually and your documents will not be sent to any third-party processor.

When documents are sent to Google Cloud Document AI for processing, only the document image bytes and a document type hint (e.g., "W-2" or "1099-INT") are transmitted. No user account information, session tokens, email addresses, or other metadata are sent alongside the document. Processing occurs exclusively in Google Cloud's United States regions.

2.7 Payment Information

All payment processing for the Service is handled by Stripe, Inc. ("Stripe"), a PCI DSS Level 1 certified payment processor. We use Stripe Checkout, a redirect-based payment flow in which you are redirected to a Stripe-hosted page to enter your payment details. This means:

• We never see, collect, process, transmit, or store your credit card number, debit card number, bank account number, CVV/CVC code, or expiration date. This information is entered directly on Stripe's servers and never touches our infrastructure.
• We receive from Stripe only a payment confirmation, the transaction amount, a Stripe payment intent ID, and the payment status (succeeded, failed, or pending). We store this information to maintain your payment history and provide receipts.
• We also receive your billing name and billing email address from Stripe for receipt and communication purposes.
• By using the Stripe Checkout redirect model, we qualify for PCI DSS Self-Assessment Questionnaire A (SAQ A), the least burdensome PCI compliance tier, which confirms that cardholder data is handled entirely by a PCI DSS Level 1 certified third party.

2.8 Account and Authentication Data

When you create an account with the Service, we collect and store the following authentication-related information:

• Email address: Used as your primary account identifier for login, password reset, and transactional communications
• Password: If you sign up with email and password, your password is cryptographically hashed using industry-standard algorithms (bcrypt) before storage. We never store your password in plain text and cannot retrieve it.
• OAuth tokens: If you sign in using Google or Apple authentication, we receive an OAuth access token and basic profile information (name and email) from the identity provider. We do not receive or store your Google or Apple password.
• Multi-factor authentication (MFA) data: Multi-factor authentication (MFA) is required for all users before accessing tax return information, in compliance with the FTC Safeguards Rule (16 CFR 314.4(c)(5)). We store the encrypted seed for your authenticator app.
• Session tokens: Temporary authentication tokens that identify your active session. These expire after the session ends or after a configurable timeout period.

2.9 Device and Technical Data

When you access the Service, we automatically collect certain technical information from your device and browser. This information is used for security, fraud prevention, and ensuring the proper functioning of the Service. It includes:

• IP address: Collected for security purposes, including detecting unauthorized access attempts and complying with our obligations under the GLBA Safeguards Rule
• Browser type and version: Used to ensure compatibility with our Service and for security monitoring
• Operating system: Used for compatibility and security purposes
• Device type: Whether you are accessing the Service from a desktop computer, laptop, tablet, or mobile device
• Screen resolution: Used to optimize the display of our wizard interface and PDF previews
• Referring URL: The web address you visited before arriving at our site (collected only on public marketing pages, not on authenticated tax filing pages)
• Timestamp and timezone: The date, time, and timezone of your access, used for security audit logging

Important: Device and technical data collected on authenticated tax filing pages (the wizard and all /app/* routes) is never shared with any third-party analytics service. See Section 6 (Zero-Tracker Pledge) for details.

2.10 Usage Data

We collect limited usage data to understand how the Service is used and to identify areas for improvement. Usage data may include:

• Pages and features you visit or interact with on the Service
• Your progress through the 7-step tax filing wizard (e.g., which step you are on, whether you completed a particular section)
• Time spent on each step of the wizard (aggregated for service improvement, not individually profiled)
• Error messages encountered during the filing process (with all tax return information redacted before logging)
• Feature usage patterns (e.g., whether you used document upload, manual entry, or a combination of both)

Usage data on authenticated tax pages is collected using first-party, server-side mechanisms only. We do not use any third-party analytics scripts, session recording tools, or heatmap services on pages where tax return information is present. Any analytics on public marketing pages (where no tax data is present) is handled by a self-hosted, privacy-respecting solution. See Section 6 for our complete Zero-Tracker Pledge.

3. How We Use Your Information

We use the information we collect for the following specific purposes, each of which is directly related to providing, maintaining, or securing the Service. We do not use your information for any purpose not described in this section.

3.1 Tax Return Computation and PDF Generation

The primary purpose of collecting your information is to compute your federal tax return and generate a printable PDF tax return package. This includes:

• Processing your personal information, income data, deductions, and credits through our stateless tax computation engine to calculate your federal tax liability or refund
• Generating Form 1040 and all applicable schedules and forms, including but not limited to Schedule 1, Schedule 2, Schedule 3, Schedule A, Schedule B, Schedule C, Schedule D, Schedule SE, Form 1116 (Foreign Tax Credit), Form 8938 (FATCA), Form 8621 (PFIC), Form 8959 (Additional Medicare Tax), Form 8960 (Net Investment Income Tax), Form 8995 (QBI Deduction), and Form 2441 (Child and Dependent Care Expenses)
• Populating IRS-standard PDF forms with your data, flattening the fields for clean printing, and merging all applicable forms into a single downloadable PDF package
• Performing H-1B-specific tax calculations, such as RSU/ESPP cost basis correction, INR-to-USD conversion for foreign income and accounts, PFIC Mark-to-Market calculations, and Foreign Tax Credit optimization across multiple income categories

Your tax return is computed entirely server-side. No tax data is ever exposed in browser-side JavaScript or client-side code. The computation engine receives JSON input, performs all calculations, and returns JSON output, which is then used to fill PDF templates server-side.

3.2 AI-Assisted Document Extraction

If you choose to upload documents and consent to AI-assisted extraction, we use Google Cloud Document AI to perform optical character recognition (OCR) on your uploaded documents. This extracts structured data (such as wages, withholding amounts, and employer information) from your W-2 images, 1099 PDFs, and other uploaded documents. This feature:

• Is entirely optional. You may always choose to enter all data manually instead.
• Requires your explicit, informed consent under our IRC 7216 compliance framework (see Section 5). You will be presented with a clear consent form that explains exactly what data is being sent, to whom, and for what purpose.
• Processes documents exclusively in Google Cloud's United States regions (us-central1). No document data is sent to servers outside the United States.
• Transmits only the document image bytes and a document type hint. No user metadata, session tokens, or account information accompanies the extraction request.

3.3 Payment Processing

We use your billing information (name and email) in conjunction with Stripe to process your one-time payment for the tax return preparation service. Payment data is used to:

• Initiate and complete payment for the Service via Stripe Checkout
• Send you a payment receipt and confirmation
• Process refund requests if you are eligible under our refund policy
• Maintain records of transactions for accounting and regulatory compliance

3.4 Account Management and Security

We use your account and authentication data to:

• Create and maintain your account, including authenticating your identity when you log in
• Enforce Row Level Security (RLS) to ensure you can access only your own tax data and no other user's information
• Detect and prevent unauthorized access, fraud, and other suspicious activity
• Enforce multi-factor authentication (MFA), which is required for all users before accessing tax return information
• Maintain audit logs for security monitoring and compliance purposes (audit logs contain no personally identifiable information or tax return information)

3.5 Transactional Communications

We use your email address to send you transactional communications directly related to the Service. These communications are limited to:

• Payment receipts and confirmation of your purchase
• Notifications about the status of your tax return (e.g., when your PDF is ready for download)
• Account security alerts (e.g., password reset requests, new device login notifications)
• Important updates about the Service that directly affect your tax filing (e.g., IRS deadline changes, tax law updates that affect your return)
• Responses to your support inquiries

We do not send marketing emails, promotional offers, newsletters, or any communication that is not directly related to your use of the Service or the security of your account. You cannot opt out of transactional communications because they are necessary for the provision of the Service, but you will never need to opt out of marketing emails because we do not send them.

3.6 Service Improvement

We may use non-tax-return-derived operational metrics (such as page load times, HTTP status codes, server performance data, and aggregate feature usage counts that contain no taxpayer-derived data) to improve the Service. We do not use any data derived from tax return information -- even in aggregated or anonymized form -- for service improvement purposes without obtaining separate IRC 7216-compliant consent.

3.7 Legal Compliance and Fraud Prevention

We may use your information to:

• Comply with applicable laws, regulations, legal processes, and governmental requests, including IRS record-keeping requirements and state data protection laws
• Detect, prevent, and investigate fraud, identity theft, or other illegal activities
• Enforce our Terms of Service and protect the rights, property, and safety of H1B TaxFile, our users, and the public
• Respond to lawful requests from law enforcement, courts, or regulatory agencies, subject to the strict protections of IRC 7216 governing disclosure of tax return information (see Section 8)

4. How We Do NOT Use Your Information

We believe it is equally important to clearly state what we do not do with your information. The following practices are expressly prohibited under our internal policies, and many are also prohibited by federal law (IRC Section 7216). As of the effective date of this policy, we do not:

• Use your tax data for marketing. We do not use your income level, refund amount, filing status, deductions, credits, or any other tax return information to target you with marketing messages, promotional offers, or personalized advertising. This includes both our own marketing and third-party marketing.
• Cross-sell financial products using your financial data. We do not use your W-2 data, investment income, foreign account balances, or any other financial information to recommend investment products, insurance, banking services, loan products, remittance services, or any other financial product or service. There are no "invest your refund" features, no partner offers, and no affiliate links on any page that has access to your tax data.
• Sell or rent your personal information. We do not sell, rent, lease, trade, or otherwise make available your personal information or tax return information to any third party for monetary or other valuable consideration. This applies to all categories of personal information we collect.
• Share your information with advertisers. We do not share any information, whether tax-related or otherwise, with advertising networks, ad exchanges, demand-side platforms, data brokers, or any entity in the advertising ecosystem.
• Profile you for ad targeting. We do not create advertising profiles, interest categories, audience segments, or lookalike audiences based on your information. Your use of the Service is not used to serve you targeted advertisements on any platform, including but not limited to Google, Facebook, Instagram, TikTok, LinkedIn, or any other advertising network.
• Send your data to social media platforms. We do not transmit any data to Facebook/Meta, Google Ads, TikTok, X (formerly Twitter), LinkedIn, Pinterest, or any other social media or advertising platform. No conversion pixels, tracking pixels, or SDKs from these platforms are present on our Service.
• Use your data for AI/ML model training. We do not use your personal information, tax return information, or uploaded documents to train machine learning models, large language models, or any other artificial intelligence system. When we use Google Cloud Document AI for document extraction, Google's standard terms confirm that customer data is not used for model training.
• Share your tax data with your employer. Your tax return information, including any data extracted from your W-2, is not shared with your current or former employer, even if they are also a user of the Service.

5. IRC Section 7216 Compliance

This section explains our compliance with Internal Revenue Code Section 7216, the federal statute that provides the strongest legal protection for your tax return information. We believe this section is one of the most important parts of our Privacy Policy, and we encourage you to read it carefully.

5.1 What Is IRC Section 7216?

IRC Section 7216 (26 U.S.C. 7216) is a federal criminal statute enacted in 1971 that specifically governs the disclosure and use of tax return information by tax return preparers. Unlike most privacy regulations, which impose civil penalties, IRC Section 7216 makes unauthorized disclosure or use of tax return information a federal misdemeanor, prosecutable by the United States Department of Justice. The statute provides:

Any person who is engaged in the business of preparing, or providing services in connection with the preparation of, returns of the tax imposed by chapter 1, or any person who for compensation prepares any such return for any other person, and who knowingly or recklessly (1) discloses any information furnished to him for, or in connection with, the preparation of any such return, or (2) uses any such information for any purpose other than to prepare, or assist in preparing, any such return, shall be guilty of a misdemeanor.
-- 26 U.S.C. 7216(a)

The Treasury Regulations implementing Section 7216 are found at 26 CFR 301.7216-1 through 26 CFR 301.7216-3. Additional guidance on electronic consent is provided in IRS Revenue Procedure 2013-14.

5.2 How IRC 7216 Applies to H1B TaxFile

H1B TaxFile qualifies as a "tax return preparer" under 26 CFR 301.7216-1(b)(2)(i)(B), which includes persons who develop software that is used to prepare or file tax returns. Because our platform uses information you provide to compute and generate completed Form 1040 returns, every piece of information you furnish to us in connection with the preparation of your return is classified as "tax return information" (TRI) under 26 CFR 301.7216-1(b)(3) and is subject to the full protections of the statute.

This means we are legally prohibited from disclosing your tax return information to any third party, or using it for any purpose other than preparing your tax return, unless a specific statutory exception applies (26 CFR 301.7216-2) or we have obtained your explicit, informed consent in compliance with the requirements of 26 CFR 301.7216-3 and Revenue Procedure 2013-14.

5.3 Criminal Penalties

Violations of IRC Section 7216 carry the following penalties:

• Criminal penalty (IRC 7216(a)): Fine of up to $1,000 and/or imprisonment of up to one year for each unauthorized disclosure or use. Each individual act of unauthorized disclosure or use is a separate count.
• Civil penalty (IRC 6713(a)): $250 per unauthorized disclosure or use, up to a maximum of $10,000 per calendar year, stacked on top of the criminal penalties.
• Enhanced penalties for identity theft: If unauthorized disclosure of tax return information (including SSNs) facilitates identity theft, additional penalties under 18 U.S.C. 1028A may apply, including mandatory consecutive imprisonment of two years.

The mental state required for a violation is "knowingly or recklessly" -- this is a lower bar than the "willfulness" standard used in many tax statutes. Reckless disregard for the requirements of the statute is sufficient for criminal prosecution. There is no de minimis exception; even a single unauthorized disclosure of a single taxpayer's name is a violation.

5.4 Our Consent Architecture

When we need to disclose your tax return information to a third party for a purpose related to your tax preparation (currently, only Google Cloud Document AI for document extraction), we obtain your consent in strict compliance with the requirements of Revenue Procedure 2013-14 and 26 CFR 301.7216-3. Our consent process includes the following safeguards:

• Clear and conspicuous presentation: The consent form is displayed as a dedicated modal dialog, separate from any other terms or agreements, in a readable font size with clear language explaining exactly what data will be disclosed, to whom, and for what purpose.
• Mandatory disclosure statements: The consent form includes the following verbatim statements required by Revenue Procedure 2013-14, Section 5.04:
  • "You are not required to consent to the disclosure of your tax return information."
  • "If you consent to the disclosure of your tax return information, Federal law may not protect your tax return information from further use or distribution."
  • The consent form identifies the specific data that will be disclosed and the specific purpose for the disclosure.
  You may decline and still use the Service by entering data manually.
• Affirmative action with electronic signature: Consent requires your electronic signature, which you provide by typing your full legal name into a signature field that is never pre-filled. You must also check a consent checkbox and click a clearly labeled consent button. Pre-checked boxes are never used. This process satisfies the electronic signature requirements of Revenue Procedure 2013-14, Section 7.02. You are given an equally prominent option to decline.
• Granular consent: Consent is obtained separately for each distinct use or disclosure of your tax return information. Consenting to document AI extraction does not constitute consent for any other use.
• Duration and scope: Each consent specifies the duration for which it is valid and the scope of the data covered. Consent does not persist indefinitely; it is specific to the current tax filing session and the specific documents you choose to upload.

5.5 Immutable Consent Records

Every consent decision you make (whether you grant or deny consent) is recorded in an immutable audit trail. These consent records:

• Are stored as INSERT-only database records. Once a consent record is created, it cannot be updated, modified, or deleted by any user, administrator, or system process.
• Include the timestamp of the consent decision, the type of consent requested, the decision made (granted or denied), the specific version of the consent language presented, and a unique identifier for audit purposes.
• Are retained for a minimum of seven (7) years from the date of the associated tax filing to comply with IRS audit requirements. If the IRS ever inquires about our data handling practices, we can produce a complete, tamper-proof record of every consent decision.
• Are accessible to you upon request. You may contact us to obtain a copy of all consent records associated with your account.

5.6 What Constitutes "Tax Return Information"

Under 26 CFR 301.7216-1(b)(3), "tax return information" includes any information furnished to a tax return preparer in connection with the preparation of a tax return. For our purposes, this includes, but is not limited to:

• Your name, address, SSN, and ITIN
• Your filing status, number of dependents, and dependent information
• All income information (wages, interest, dividends, capital gains, rental income, self-employment income, foreign income, etc.)
• All deduction and credit information (itemized deductions, education credits, child care credits, foreign tax credits, etc.)
• Foreign account and asset information (FATCA accounts, PFIC holdings, EPF/PPF accounts, NRE/NRO accounts)
• Immigration and visa status information provided for tax purposes
• Any documents uploaded for the purpose of tax preparation (W-2 images, 1099 PDFs, etc.)
• The computed tax return itself, including total income, total tax, refund amount, or balance due
• Even anonymized or aggregated derivatives of the above data, to the extent they were derived from information furnished for tax preparation

6. Zero-Tracker Pledge

6.1 Why This Matters

In 2022 and 2023, it was publicly revealed that major tax preparation platforms -- including TaxAct ($23.25 million settlement), H&R Block ($7 million FTC action), and TurboTax -- had deployed Meta (Facebook) tracking pixels on pages where taxpayers entered sensitive tax return information. These pixels transmitted filing status, income data, refund amounts, and other tax return information to Meta for advertising purposes. This resulted in multiple congressional investigations, Department of Justice referrals, class action lawsuits, and FTC enforcement actions.

The root cause in every case was the same: marketing teams deployed tracking pixels site-wide using tag managers, and no engineering control prevented those pixels from loading on tax preparation pages. A third-party JavaScript library loading on a page where tax return information is present in the DOM can capture and transmit that information to a third-party server, constituting an unauthorized "disclosure" under IRC Section 7216 regardless of whether the platform intended the disclosure.

6.2 Our Technical Controls

We implement the following technical measures to enforce our Zero-Tracker Pledge:

• No third-party analytics on tax pages: Pages under our authenticated routes (/app/*) do not load Google Analytics (GA4), Meta Pixel, Facebook SDK, TikTok Pixel, Google Ads conversion tracking, X (Twitter) Pixel, LinkedIn Insight Tag, Pinterest Tag, or any other advertising tracker.
• No session recording tools anywhere: FullStory, Hotjar, LogRocket, Microsoft Clarity, and all similar session recording and replay tools are prohibited on all pages of the Service, including marketing pages. These tools reconstruct full user sessions including all page content and form inputs, creating unacceptable risk of capturing tax return information.
• No Google Tag Manager: We do not use Google Tag Manager (GTM) anywhere on the Service. GTM creates an uncontrollable surface area where any team member could add any tracking tag via the GTM interface without code review, bypassing all engineering controls. This was the exact failure mode in the Meta pixel scandal.
• Content Security Policy (CSP) enforcement: All authenticated routes serve strict Content Security Policy headers that instruct the browser to block the loading and execution of scripts from unauthorized domains. Even if a tracking script tag were accidentally added to the HTML, the browser would refuse to execute it. Our CSP for tax pages allows only scripts from our own domain ('self') and essential services (Supabase for database operations).
• Self-hosted analytics on marketing pages only: If we use any analytics on our public marketing pages (homepage, pricing, blog), it will be a self-hosted, privacy-respecting solution such as Plausible or Umami that runs on our own infrastructure. These tools do not use cookies, do not collect personally identifiable information, and do not transmit any data to third-party servers. Even so, they are restricted to pages where no tax return information is present.
• No Vercel Analytics or Speed Insights on tax pages: While Vercel is our hosting provider, Vercel Analytics and Speed Insights transmit page view data to Vercel's servers. Because page URLs on tax wizard pages may contain path segments that constitute tax return information, these services are restricted to marketing pages only.

6.3 How We Compare to Other Tax Platforms

We believe transparency requires not just stating what we do, but comparing it to industry practices. As of the effective date of this policy:

• Many major tax preparation platforms continue to use Google Analytics, Facebook/Meta marketing tools, and other third-party tracking technologies on pages where taxpayers enter sensitive information, despite the 2022-2023 revelations and enforcement actions.
• Session recording tools (which capture every keystroke, mouse movement, and page interaction) remain in widespread use across the tax preparation industry.
• Tag managers, which allow non-engineering team members to deploy arbitrary tracking scripts without code review, are common on tax preparation websites.
• H1B TaxFile was built from the ground up with the Zero-Tracker Pledge as a core architectural constraint. This is not a policy we adopted after an incident; it is a design principle that informed every engineering decision from day one.

7. Third-Party Services

We use a limited number of carefully selected third-party services to operate the Service. Each third-party service is subject to strict contractual, legal, and technical controls. We do not use any advertising networks, data brokers, or marketing technology vendors. The following is a comprehensive list of every third-party service that may process your data:

7.1 Stripe (Payment Processing)

• Purpose: Processing your one-time payment for the tax return preparation service ($49.99 per standard filing; $79.99 for CPA-assisted filing, coming soon; free for OPT/CPT students, coming soon)
• Data shared: Your billing name, billing email address, and payment amount. No tax return information is shared with Stripe.
• Security certification: Stripe is PCI DSS Level 1 certified, the highest level of certification in the payment card industry. Stripe undergoes annual audits by a Qualified Security Assessor (QSA).
• Integration model: We use Stripe Checkout (redirect model), which means you are redirected to a Stripe-hosted page to enter your payment details. Your credit card number, CVV, and expiration date are entered directly on Stripe's servers and never pass through our infrastructure.
• IRC 7216 analysis: No tax return information is disclosed to Stripe. Only billing data is shared, which falls under the payment processing exception at 26 CFR 301.7216-2(h). No taxpayer consent is required.
• Privacy policy: Stripe's privacy policy is available at stripe.com/privacy

7.2 Supabase (Database, Authentication, and Storage)

• Purpose: Secure database storage for your tax return data, user authentication, and encrypted document storage
• Data stored: All information you provide to the Service is stored in Supabase PostgreSQL, including your account information, wizard progress, income data, and computed tax return data. SSNs are stored with field-level encryption (pgcrypto).
• Hosting location: Our Supabase project is provisioned in a United States region, in compliance with the IRC 7216 offshore disclosure prohibition (26 CFR 301.7216-3(b)(4))
• Security measures: Row Level Security (RLS) is enabled on all tables, ensuring that each user can access only their own data. Database connections are encrypted with TLS. SSNs are encrypted at the application level before storage using pgcrypto, providing field-level encryption independent of disk-level or connection-level encryption.
• IRC 7216 analysis: Supabase functions as our data processor and infrastructure provider. Under 26 CFR 301.7216-2(b), storing data within the firm's own infrastructure (which includes contracted cloud infrastructure) is an internal use that does not constitute a "disclosure" requiring taxpayer consent.
• SOC 2 compliance: Supabase maintains SOC 2 Type II certification covering security, availability, and confidentiality trust service criteria

7.3 Google Cloud Document AI (Optional Document Extraction)

• Purpose: AI-powered optical character recognition (OCR) to extract structured data from uploaded tax documents (W-2 images, 1099 PDFs, etc.)
• Data shared: Document image bytes (base64 encoded) and a document type hint. No user metadata, account information, email addresses, session tokens, or pre-associated SSNs are sent with the extraction request.
• Processing location: All Document AI API calls are routed to the 'us' region endpoint. Processing occurs exclusively in Google Cloud's United States data centers.
• Data retention by Google: Per our Data Processing Addendum (DPA) with Google Cloud, customer data is not retained by Google after processing is complete and is not used by Google for model training or any other purpose beyond providing the contracted OCR service.
• Consent requirement: This is the only third-party service for which we request your explicit IRC 7216 consent. You may decline AI-assisted extraction and enter all data manually without any reduction in service quality.
• IRC 7216 analysis: Document extraction involves disclosing document content (which constitutes tax return information) to Google Cloud as an auxiliary service contractor under 26 CFR 301.7216-2(d)(2). While the regulatory exception may technically apply without consent, we obtain your explicit consent as a belt-and-suspenders safeguard.
• SSN exposure disclosure: Uploaded tax documents such as W-2 forms typically contain your Social Security Number printed on the form. When you consent to AI-assisted extraction, the document image -- including any SSN printed on it -- is transmitted to Google Cloud for processing. Google Cloud does not retain this data after processing is complete per our data processing agreement. If you prefer that your document images not be transmitted to Google Cloud, you may decline AI-assisted extraction and enter all data manually.

7.4 Vercel (Hosting and Deployment)

• Purpose: Hosting and deploying the Service (website and serverless API functions)
• Data processed: Vercel serves our web application and executes our server-side API functions. Web requests pass through Vercel's infrastructure, but Vercel does not independently access, analyze, or store tax return information from these requests.
• Deployment region: Our Vercel deployment is configured for United States regions only (iad1 -- Washington, DC area), in compliance with the IRC 7216 offshore processing prohibition. Non-US regions are explicitly excluded from our configuration.
• Analytics restriction: Vercel Analytics and Speed Insights are not enabled on authenticated tax filing pages to prevent page view data (which may contain tax-related URL segments) from being transmitted to Vercel's analytics infrastructure.
• IRC 7216 analysis: Vercel functions as our infrastructure host. Similar to Supabase, this is an internal use under 26 CFR 301.7216-2(b) and does not constitute a third-party disclosure.

7.5 What We Do NOT Use

For the avoidance of doubt, we do not use or integrate with any of the following categories of third-party services:

• Advertising networks: Google Ads, Meta/Facebook Ads, TikTok Ads, LinkedIn Ads, Pinterest Ads, X/Twitter Ads, or any other advertising network
• Data brokers: Acxiom, Oracle Data Cloud, LiveRamp, Experian Marketing Services, or any data broker that buys, sells, or shares consumer data
• Session recording / heatmap services: FullStory, Hotjar, LogRocket, Microsoft Clarity, Mouseflow, Lucky Orange, or any similar tool
• Third-party analytics platforms on tax pages: Google Analytics (GA4), Mixpanel, Amplitude, Heap, Pendo, or any similar tool on authenticated pages
• Customer data platforms: Segment, mParticle, Rudderstack, or any CDP that aggregates user data across sources
• Marketing automation: HubSpot, Marketo, ActiveCampaign, Mailchimp (for marketing campaigns), or any tool that would process tax data for marketing purposes

8. Data Sharing

We share your information only in the limited circumstances described below. Any sharing of tax return information is subject to the strict requirements of IRC Section 7216 and its implementing regulations.

8.1 Service Providers (Limited, Contractual)

We share information with the third-party service providers described in Section 7, strictly for the purposes of providing the Service to you. Each service provider:

• Receives only the minimum data necessary to perform its contracted function
• Is contractually prohibited from using your data for any purpose other than providing the contracted service
• Is required to maintain appropriate security safeguards as required by our obligations under the GLBA Safeguards Rule (16 CFR 314.4(f))
• Processes data exclusively within the United States, in compliance with IRC 7216 offshore disclosure restrictions

8.2 Legal Requirements

We may disclose your information if we are required to do so by law, or if we believe in good faith that such disclosure is reasonably necessary to:

• Comply with a valid subpoena, court order, warrant, or other legal process issued by a court of competent jurisdiction
• Comply with applicable laws, regulations, or governmental requests from federal, state, or local authorities
• Cooperate with law enforcement investigations into fraud, identity theft, or other criminal activity
• Protect the rights, property, or safety of H1B TaxFile, our users, or the public

Important IRC 7216 limitation: Even in response to legal process, the disclosure of tax return information is subject to the protections of IRC Section 7216. Under 26 CFR 301.7216-2(g), a tax return preparer may disclose tax return information pursuant to a court order or in compliance with a federal or state statute. However, we will review all legal requests carefully, limit our response to the minimum information required, notify you of the request to the extent legally permitted, and seek to narrow the scope of any overly broad requests.

8.3 Business Transfers

If H1B TaxFile is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. In such an event:

• We will provide notice to you before your information is transferred and becomes subject to a different privacy policy
• The acquiring entity will be required to honor the commitments made in this Privacy Policy with respect to your existing data
• The transfer of tax return information will be subject to the requirements of IRC Section 7216, which governs the transfer of tax return information when a tax return preparation business changes ownership (26 CFR 301.7216-2(n))
• If you do not wish your data to be transferred, you may request deletion of your account and data before the transfer is completed, subject to our legal retention requirements

8.4 What We Do Not Share

Regardless of any other provision in this Privacy Policy, we do not share the following information with third parties (except pursuant to valid compulsory legal process as described in Section 8.2):

• Your tax return information with advertising networks, social media platforms, or data brokers
• Your SSN or ITIN with any party other than the entities described in this Privacy Policy (Supabase for encrypted storage, and the PDF generation process itself)
• Your income, deduction, credit, or refund information with any third party for marketing, advertising, or profiling purposes
• Your foreign financial account information with any entity not directly involved in preparing your tax return
• Your tax data with your employer, your spouse's employer, or any other employer

8.5 Immigration Data and Government Requests

We do not voluntarily report immigration or visa status information to any government agency, including U.S. Immigration and Customs Enforcement (ICE), U.S. Citizenship and Immigration Services (USCIS), or the Department of Homeland Security (DHS). However, we may be compelled to disclose information, including immigration data, in response to a valid subpoena, court order, administrative summons, or other compulsory legal process. In such cases, we will: (1) carefully review the legal validity of the request, (2) challenge the request if we believe it is overbroad or legally deficient, (3) limit our response to the minimum information required, and (4) notify the affected user unless prohibited by law or court order.

9. Data Security

We implement comprehensive administrative, technical, and physical safeguards to protect your personal information and tax return information from unauthorized access, disclosure, alteration, and destruction. Our security program is designed to comply with the FTC Safeguards Rule (16 CFR 314), which classifies tax preparation firms as "financial institutions" subject to the information security requirements of the Gramm-Leach-Bliley Act (GLBA).

9.1 SSN Encryption

Social Security Numbers and ITINs receive the highest level of protection in our system:

• Field-level encryption: SSNs are encrypted at the application level using pgcrypto before being stored in the database. This means the SSN is encrypted as a specific database field, not relying solely on database-level transparent data encryption (TDE) or disk-level encryption.
• Separate key management: The encryption key used for SSN encryption is stored separately from the database and managed through environment variables with restricted access.
• Late-binding architecture: SSNs are collected only at Step 6 of the wizard and exist in the system for the minimum time necessary. They are not collected during account creation, income entry, or any earlier step.
• No SSN in logs: SSN values are never written to application logs, error logs, audit logs, or any other logging mechanism. Log entries are scrubbed of SSN patterns before storage.
• No SSN as identifier: SSNs are never used as database keys, user identifiers, or for any purpose other than populating the SSN fields on your generated tax return PDF.

9.2 Encryption in Transit

All data transmitted between your browser and our servers is encrypted using HTTPS/TLS (Transport Layer Security). We enforce HTTPS on all pages of the Service, including marketing pages. We use modern TLS versions (TLS 1.2 and TLS 1.3) and strong cipher suites. HSTS (HTTP Strict Transport Security) headers are served on all pages to prevent protocol downgrade attacks.

9.3 Encryption at Rest

All data stored in our database is encrypted at rest using AES-256 encryption provided by our database hosting provider (Supabase/AWS). This provides a baseline layer of protection for all stored data. SSNs receive additional field-level encryption on top of this baseline, as described above.

9.4 Row Level Security (RLS)

Our database implements Row Level Security (RLS) on all tables containing user data. RLS is a PostgreSQL feature that enforces access control at the database level, ensuring that each user can query, view, and modify only their own data. Even if an application-level bug were to attempt to access another user's data, the database itself would reject the query. This provides a critical defense-in-depth layer independent of application logic.

9.5 Server-Side Only Engine Execution

The tax computation engine and PDF generation code execute exclusively on the server. No tax return information is exposed in client-side JavaScript, browser local storage, browser session storage, or any other client-accessible mechanism. The engine processes JSON input server-side, computes the tax return, and returns JSON output to the server-side PDF generator. The only client-side interaction is through form inputs (which are validated against Zod schemas) and the final PDF download.

9.6 GLBA Safeguards Rule Compliance

As a tax preparation firm, we are classified as a "financial institution" under the Gramm-Leach-Bliley Act (GLBA) and are subject to the FTC Safeguards Rule (16 CFR 314, as amended June 2023). Our compliance includes:

• Designation of a Qualified Individual responsible for overseeing and implementing the information security program
• Maintenance of a Written Information Security Program (WISP) containing administrative, technical, and physical safeguards
• Periodic risk assessments identifying reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information
• Encryption of customer information both at rest and in transit
• Multi-factor authentication (MFA) is required for all users before accessing tax return information, in compliance with 16 CFR 314.4(c)(5)
• Access controls limiting access to customer information to authorized individuals with a legitimate business need
• Service provider oversight, including selecting providers capable of maintaining appropriate safeguards and requiring those safeguards by contract

9.7 Security Assessments

We conduct regular security assessments of our systems and practices, including:

• Automated vulnerability scanning of our codebase and infrastructure
• Dependency auditing to identify and remediate known vulnerabilities in third-party libraries
• Code review with a security-focused checklist for all changes that touch tax return information or authentication logic
• As our user base grows beyond 5,000 customers, we will implement annual penetration testing and biannual vulnerability assessments as required by the tiered provisions of the FTC Safeguards Rule (16 CFR 314.4(d)(2))

9.8 Incident Response

In the event of a security incident involving unauthorized access to or disclosure of your personal information or tax return information, we will:

• Promptly investigate the scope, cause, and impact of the incident
• Take immediate steps to contain the breach and prevent further unauthorized access
• Notify affected users within 30 days of discovering a breach involving their personal information or tax return information, or sooner if required by applicable state law (e.g., Washington requires 30 days under RCW 19.255.010)
• Notify the FTC within 60 days as required by 16 CFR 314.4(m) for breaches affecting 500 or more consumers
• Cooperate with law enforcement investigations as appropriate
• Conduct a post-incident review and implement remedial measures to prevent recurrence

10. GLBA Financial Privacy Notice

H1B TaxFile is classified as a "financial institution" under the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. Section 6801 et seq., because we are significantly engaged in providing financial products or services, specifically tax return preparation. This section constitutes our GLBA Financial Privacy Notice.

10.1 Categories of Nonpublic Personal Information (NPI) Collected

We collect the following categories of nonpublic personal information in connection with providing the Service:

• Social Security Numbers (SSNs) and Individual Taxpayer Identification Numbers (ITINs)
• Income information from all sources (wages, interest, dividends, capital gains, rental income, self-employment income, foreign income)
• Financial account information (bank account numbers, brokerage account details, foreign financial account details for FATCA reporting)
• Tax return data, including computed tax liability, refund amounts, deductions, and credits

10.2 Categories Disclosed to Non-Affiliated Third Parties

We do not disclose your nonpublic personal information to non-affiliated third parties except under the service provider exception (16 CFR 313.13). The service providers who may receive NPI in the course of providing services to us are:

• Stripe: Receives billing name, email, and payment amount for payment processing only. No tax return information is shared with Stripe.
• Supabase: Functions as our infrastructure and data processor. Stores all user data in encrypted form with Row Level Security.
• Google Cloud Document AI: Receives uploaded document images only (with your explicit consent) for OCR extraction. No user metadata or account information is shared.

Each service provider is contractually prohibited from using your NPI for any purpose other than performing its contracted function.

10.3 Opt-Out Notice

Because we do not share your nonpublic personal information with non-affiliated third parties outside the service provider exception, no opt-out is required. If this practice changes, we will provide you with an opt-out notice before any such sharing.

10.4 Notice Delivery

This GLBA Financial Privacy Notice is provided to you at account creation and annually thereafter via email to the address associated with your account. The most current version of this notice is always available in this Privacy Policy.

11. Data Retention and Deletion

We retain your information only for as long as necessary to provide the Service and comply with our legal obligations. The following table summarizes our retention periods for each category of data:

11.1 Tax Return Data

Your tax return data (all information provided during the wizard, computed tax results, and generated PDF returns) is retained for seven (7) years from the date of filing. This retention period is based on:

• The IRS general statute of limitations for tax return examination, which is three (3) years from the date of filing under IRC Section 6501(a)
• The extended six (6) year statute of limitations for substantial understatements of income (over 25% of gross income) under IRC Section 6501(e)(1)(A)
• The need to support prior-year data lookup for future filings and potential IRS correspondence
• Our obligations under the GLBA Safeguards Rule and IRS Publication 4557 ("Safeguarding Taxpayer Data") to maintain records of tax return information for a reasonable period

11.2 Uploaded Documents

Documents you upload (W-2 images, 1099 PDFs, etc.) are stored in encrypted cloud storage for the duration of your tax return preparation. Uploaded documents are retained for 90 days after your return is finalized to allow for corrections and verification. After 90 days, uploaded document images are automatically deleted. The structured data extracted from your documents is retained as part of your tax return data for the 7-year retention period.

• You may request immediate deletion of uploaded documents at any time through your account settings or by contacting us
• Documents are stored in encrypted form and subject to the same Row Level Security controls as all other user data

11.3 Consent Records

Consent records (documenting your decisions regarding IRC 7216 consent for document AI extraction) are retained for a minimum of seven (7) years from the date of the associated tax filing, or as long as required by applicable law, whichever is longer. This retention period is based on:

• IRC 7216 consent records must be available for IRS audit
• Revenue Procedure 2013-14 requires retention of consent documentation for at least three years after the consent is obtained
• The seven-year retention period aligns with our tax return data retention and the extended IRS statute of limitations
• Consent records are immutable (INSERT-only) and contain no tax return information themselves (only the consent decision, timestamp, and type)

11.4 Payment Records

Records of your payment transactions (payment amount, date, Stripe payment intent ID, and status) are retained in accordance with:

• Stripe's own data retention policies, which govern data stored on Stripe's infrastructure
• Applicable financial record-keeping requirements, including IRS requirements for business records (generally 7 years)
• State consumer protection laws that may require retention of transaction records

11.5 Account Data

Your account information (email, authentication data, profile information) is retained for as long as your account is active. If you request deletion of your account:

• Your account credentials and profile information will be deleted within 30 days of your verified request
• Tax return data subject to legal retention requirements (7-year period) will be anonymized or retained in a non-identifiable form until the retention period expires, then permanently deleted
• Consent records will be retained for the 7-year retention period as described above
• Payment records will be retained per financial record-keeping requirements

11.6 Anonymized Analytics Data

Anonymized, aggregated analytics data (e.g., aggregate form usage statistics, average wizard completion times) that cannot be traced back to any individual taxpayer may be retained indefinitely. However, consistent with the conservative interpretation of IRC 7216, we treat even anonymized derivatives of tax return information with the same care as the source data and do not share them with third parties.

12. Your Rights

We respect your rights regarding your personal information and tax return information. Depending on your state of residence and applicable law, you may have some or all of the following rights:

12.1 Right to Access

You have the right to request a copy of all personal information and tax return information we hold about you. This includes your account information, wizard data, uploaded documents, computed tax return results, generated PDFs, payment records, and consent records. We will provide your data in a structured, commonly used, and machine-readable format (such as JSON or PDF) within 30 days of receiving your verified request.

12.2 Right to Correction

You have the right to request correction of inaccurate personal information at any time. During the active tax return preparation process, you may correct any data directly through the wizard interface. After your return is finalized, you may request corrections by contacting us. We will update inaccurate information within 30 days of receiving your verified request and supporting documentation.

12.3 Right to Deletion

You have the right to request deletion of your personal information and account, subject to the following retention caveats:

• Tax return data that is within the 7-year legal retention period cannot be fully deleted until the retention period expires, but it may be anonymized or disassociated from your account
• Consent records are retained for the 7-year retention period for audit compliance and cannot be deleted before the retention period expires
• Payment records subject to financial record-keeping requirements may be retained per applicable law
• All other data, including your account credentials, profile information, and uploaded documents, will be deleted within 30 days of your verified request

12.4 Right to Data Portability

You have the right to receive your tax return data in a structured, machine-readable format that allows you to transmit the data to another service. Upon request, we will provide your data in JSON format (matching our internal TaxPayload and TaxResult schemas) and/or as the PDF tax return package we generated. You may download your completed PDF at any time through your account.

12.5 Right to Consent Withdrawal

If you granted consent for AI-assisted document extraction (IRC 7216 consent), you may withdraw that consent at any time. Withdrawal of consent:

• Takes effect immediately for future document extraction requests
• Does not retroactively affect documents that were already processed before your withdrawal (as the processing has already occurred)
• Does not affect your ability to use the Service; you may continue to enter all data manually
• Is recorded as a new immutable consent record documenting the withdrawal

12.6 Right to Opt Out of Marketing

We do not send marketing communications, so there is no marketing to opt out of. If we ever introduce optional, non-tax-related communications in the future (such as a blog newsletter on public marketing pages), they will be strictly opt-in and will not reference or be based on your tax return information.

12.7 How to Exercise Your Rights

To exercise any of the above rights, contact us at:

• Email: privacy@h1btaxfile.com
• Subject line: "Privacy Rights Request -- [Type of Request]" (e.g., "Privacy Rights Request -- Data Access")

We will acknowledge your request within 5 business days and respond substantively within 30 calendar days. If we need additional time to fulfill your request (up to an additional 60 days for complex requests), we will notify you of the extension and the reason. To protect your privacy, we will verify your identity before processing any request by confirming your email address and, for requests involving sensitive data (such as SSN access or data deletion), requiring additional verification such as confirming information from your account.

We do not currently operate a customer service telephone line. All privacy requests should be submitted via email to privacy@h1btaxfile.com. If you require telephone assistance, email us and we will arrange a callback within 2 business days.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA). This section provides the disclosures required by California law.

13.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information (as defined by Cal. Civ. Code Section 1798.140(v)):

• Identifiers: Name, address, email address, SSN, ITIN, account name, IP address
• Customer records information (Cal. Civ. Code Section 1798.80(e)): Name, SSN, address, telephone number, financial information (income, assets, liabilities)
• Protected classification characteristics: Citizenship, immigration status (visa type), date of birth, marital status (filing status)
• Commercial information: Records of services purchased (payment history)
• Internet or electronic network activity: Browsing history on marketing pages, interaction with the Service (wizard progress)
• Professional or employment-related information: Employer name, occupation (from W-2), self-employment status
• Non-public education information: Education credit information (Form 8863), if applicable
• Sensitive personal information: SSN, ITIN, financial account information (account numbers for FATCA reporting), tax return information

13.2 Categories of Personal Information Disclosed

In the preceding 12 months, we have disclosed the following categories of personal information to service providers for business purposes:

• To Stripe (payment processor): Identifiers (name, email), commercial information (payment amount)
• To Supabase (infrastructure provider): All categories listed above (as our data processor/infrastructure)
• To Google Cloud Document AI (with consent): Uploaded document contents (which may include identifiers, customer records information, and financial information)

13.3 Your California Privacy Rights

As a California resident, you have the following rights:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it. You may make up to two verifiable requests per 12-month period.
• Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (including legal retention requirements described in Section 11).
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale: You have the right to opt out of the "sale" of your personal information. However, we do not sell personal information as defined by the CCPA. We have not sold personal information in the preceding 12 months and have no plans to do so.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to only what is necessary to perform the Service. We already limit the use of your sensitive personal information (SSN, ITIN, financial accounts) to tax return preparation only.
• Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you the Service, charge you different prices, provide a different level of quality, or retaliate in any way for exercising your privacy rights.

13.4 Authorized Agent Requests

You may designate an authorized agent to submit a CCPA/CPRA request on your behalf. To do so, you must provide the authorized agent with written permission signed by you, and the agent must submit a copy of that signed permission along with the request. We may also require you to verify your own identity directly with us before processing the request. If the authorized agent has a power of attorney under Probate Code Sections 4121 to 4130, we may accept the request without your direct verification, but we will still confirm the power of attorney.

13.5 Verification Process

To protect your privacy, we must verify your identity before fulfilling any access, deletion, or correction request. Our verification process includes:

• Confirming the email address associated with your account by sending a verification email
• For requests involving sensitive data (SSN, full tax return data, or account deletion), requiring you to confirm two or more pieces of information from your account (such as date of birth, filing status, or the last four digits of your SSN)
• Logging all verification attempts for audit purposes

13.6 "Do Not Sell or Share My Personal Information"

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months. In accordance with CCPA/CPRA requirements, you may submit an opt-out request by clicking the "Do Not Sell or Share My Personal Information" link in our website footer or by emailing privacy@h1btaxfile.com. We also honor Global Privacy Control (GPC) browser signals as valid opt-out requests.

14. State-Specific Privacy Rights

In addition to the California-specific rights described in Section 13, several other states have enacted comprehensive privacy laws that may apply to you depending on your state of residence. We respect and comply with all applicable state privacy laws.

14.1 Virginia (VCDPA)

If you are a Virginia resident, the Virginia Consumer Data Protection Act (VCDPA, Va. Code Section 59.1-575 et seq., effective January 1, 2023) provides you with the following rights:

• Right to confirm whether we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to delete your personal data
• Right to obtain a portable copy of your personal data in a readily usable format
• Right to opt out of the processing of personal data for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. Note: We do not engage in targeted advertising, sale of personal data, or profiling.

To exercise your Virginia privacy rights, contact us at privacy@h1btaxfile.com. If we decline your request, you may appeal our decision by responding to our denial email with the subject line "VCDPA Appeal." We will respond to appeals within 60 days.

14.2 Colorado (CPA)

If you are a Colorado resident, the Colorado Privacy Act (CPA, C.R.S. Section 6-1-1301 et seq., effective July 1, 2023) provides you with similar rights to access, correct, delete, and port your personal data, as well as the right to opt out of targeted advertising, sale of personal data, and profiling. We do not engage in any of these practices. To exercise your Colorado privacy rights, contact us at privacy@h1btaxfile.com.

14.3 Connecticut (CTDPA)

If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA, Public Act No. 22-15, effective July 1, 2023) provides you with the right to access, correct, delete, and obtain a portable copy of your personal data, and the right to opt out of the processing of personal data for targeted advertising, sale, or profiling. We do not engage in any of these practices. To exercise your Connecticut privacy rights, contact us at privacy@h1btaxfile.com.

14.4 Utah (UCPA)

If you are a Utah resident, the Utah Consumer Privacy Act (UCPA, Utah Code Section 13-61-101 et seq., effective December 31, 2023) provides you with the right to access and delete your personal data, and the right to opt out of the sale of personal data and targeted advertising. We do not sell personal data or engage in targeted advertising. To exercise your Utah privacy rights, contact us at privacy@h1btaxfile.com.

14.5 Texas (TDPSA)

If you are a Texas resident, the Texas Data Privacy and Security Act (TDPSA, H.B. 4, effective July 1, 2024) provides you with rights to access, correct, delete, and obtain a portable copy of your personal data. Texas also has specific SSN protection requirements under Bus. and Com. Code Section 501.001, which prohibit public display of SSNs and require proper disposal of records containing SSNs. Our late-binding SSN architecture and field-level encryption comply with these requirements.

14.6 Other States

Additional state privacy laws, including those in Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Indiana (IDPA), Tennessee (TIPA), and others, may provide you with similar rights. As new state privacy laws take effect, we will update this Privacy Policy to reflect applicable rights. Regardless of your state of residence, we apply the same high standard of privacy protection to all users as described throughout this Privacy Policy.

14.7 State SSN Protection Laws

Many states where H-1B visa holders are concentrated have enacted specific SSN protection statutes that impose requirements beyond federal law. These include:

• California (Civ. Code Section 1798.85): Prohibits printing SSN on mailings and requires encryption for internet transmission
• New York (Gen. Bus. Law Section 399-ddd): Prohibits public display of SSN and requires encryption for internet transmission
• Connecticut (CGS Section 42-470): Requires encryption for internet transmission of SSNs
• Illinois (815 ILCS 505/2RR): Restricts employee access to SSN on a need-to-know basis
• Texas (Bus. and Com. Code Section 501.001): Requires proper disposal of records containing SSNs
• Washington (RCW 19.215): Prohibits using SSN as a primary account identifier and requires safe disposal

Our SSN handling practices (late-binding collection, field-level encryption, no use as identifier, secure deletion) are designed to comply with the most restrictive of these state statutes, ensuring compliance regardless of your state of residence.

14.8 Biometric Information

We do not collect biometric information as defined by the Illinois Biometric Information Privacy Act (740 ILCS 14) or similar state laws. If this practice changes, we will provide notice and obtain consent as required by applicable law.

15. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. The Service is designed for adult taxpayers (18 years or older) who are filing federal tax returns with the IRS.

We collect information about dependents (including minor children) solely for the purpose of completing the taxpayer's tax return, as required by the IRS. Dependent information (name, date of birth, SSN/ITIN, and relationship) is provided by the adult taxpayer, not collected directly from the minor child. This information is used exclusively for populating the dependent section of Form 1040 and determining eligibility for tax credits (such as the Child Tax Credit or Other Dependent Credit).

In compliance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. Sections 6501-6506), we do not:

• Knowingly collect personal information directly from children under 13
• Allow children under 13 to create accounts or use the Service
• Use dependent information for any purpose other than tax return preparation
• Disclose dependent information to third parties except as described in this Privacy Policy for the purpose of tax return preparation

If we become aware that we have inadvertently collected personal information directly from a child under 13 (as opposed to dependent information provided by a parent/taxpayer), we will take immediate steps to delete that information from our systems. If you believe a child under 13 has provided us with personal information directly, please contact us at privacy@h1btaxfile.com.

16. Cookie Policy

This section describes how we use cookies and similar technologies on the Service.

16.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser when you visit a website. They are widely used to make websites work, improve efficiency, and provide information to site operators. Cookies may be "session cookies" (which expire when you close your browser) or "persistent cookies" (which remain until they expire or you delete them).

16.2 Cookies We Use

We use only the following categories of cookies, all of which are strictly necessary for the functioning of the Service:

• Authentication cookies (essential): Used to maintain your authenticated session after you log in. These cookies identify your session so that you do not need to re-enter your credentials on each page. These are first-party, secure, HttpOnly cookies set by our authentication provider (Supabase Auth).
• CSRF protection cookies (essential): Cross-Site Request Forgery protection tokens stored as cookies to prevent unauthorized actions on your behalf. These are security cookies required for safe form submissions.
• User preference cookies (functional): Cookies that store your interface preferences, such as dark mode/light mode selection or wizard sidebar collapse state. These cookies do not contain personal information or tax data.

16.3 Cookies We Do NOT Use

Consistent with our Zero-Tracker Pledge (Section 6), we do not use:

• Advertising cookies: No cookies from Google Ads, Meta/Facebook, TikTok, LinkedIn, or any advertising network
• Analytics cookies from third parties: No Google Analytics cookies (_ga, _gid, _gat), no Meta Pixel cookies (_fbp, _fbc), no Hotjar cookies, no FullStory cookies on tax pages
• Cross-site tracking cookies: No third-party cookies that track your browsing activity across different websites
• Social media cookies: No cookies from Facebook, Twitter/X, LinkedIn, or other social media platforms

16.4 How to Manage Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete specific cookies, or clear all cookies when you close your browser. However, if you block or delete our essential authentication cookies, you will not be able to stay logged in to the Service and will need to re-authenticate on each visit.

Instructions for managing cookies in common browsers:

• Chrome: Settings > Privacy and security > Cookies and other site data
• Firefox: Settings > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Manage Website Data
• Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data

17. International Data

H1B TaxFile is a United States-based service, and all of your data is processed and stored exclusively within the United States. We do not transfer, route, process, or store your personal information or tax return information on servers located outside of the United States.

17.1 US-Only Infrastructure Requirement

Under IRC 7216 and its implementing regulations (26 CFR 301.7216-3(b)(4)), the transfer of tax return information outside of the United States constitutes an offshore "disclosure" that triggers additional consent and safeguard requirements. To eliminate this risk entirely, we maintain a strict US-only infrastructure policy:

• Hosting (Vercel): Deployed exclusively in US regions (iad1). All non-US regions are explicitly excluded from our deployment configuration.
• Database (Supabase): Provisioned in a US region (us-east-1). Global CDN is not enabled for database queries.
• Document processing (Google Cloud): Document AI API calls are routed exclusively to the 'us' region endpoint.
• Payment processing (Stripe): Stripe processes payments in the US for US-incorporated entities by default.

17.2 No Offshore Outsourcing

We do not outsource any tax preparation, data entry, customer support, or data processing functions to offshore entities or individuals. All personnel who may access tax return information are US-based. This is a deliberate architectural decision driven by IRC 7216 compliance, not merely a business preference.

17.3 Users Outside the United States

While our Service is designed for individuals physically present in or residing in the United States (H-1B visa holders), some users may access the Service while temporarily traveling abroad. If you access the Service from outside the United States, please be aware that:

• Your data is still processed and stored exclusively in the United States
• Your use of the Service is governed by United States law, not the laws of the country from which you access the Service
• By using the Service from abroad, you consent to the transfer of your information to the United States for processing
• We do not specifically target or market to individuals outside the United States, and the Service is intended for US federal tax return preparation only

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes to this Privacy Policy:

18.1 Material Changes

If we make material changes to this Privacy Policy (including changes to how we collect, use, or share your tax return information), we will:

• Send an email notification to the address associated with your account at least 30 days before the changes take effect
• Post a prominent notice on the Service indicating that the Privacy Policy has been updated
• Update the "Last Updated" date at the top of this page
• Provide a summary of the material changes in the notification

A "material change" includes, but is not limited to: adding a new category of personal information we collect, changing the purpose for which we use your information, adding a new third-party service provider that processes tax return information, or modifying our data retention periods.

18.2 Non-Material Changes

For non-material changes (such as clarifications, formatting updates, or corrections to typographical errors), we will update the "Last Updated" date but may not send individual notifications. We encourage you to review this Privacy Policy periodically.

18.3 Continued Use

Your continued use of the Service after the effective date of any changes to this Privacy Policy constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, you should stop using the Service and may request deletion of your account and data as described in Section 12.

18.4 IRC 7216 Consent and Policy Changes

Changes to this Privacy Policy do not modify, replace, or supersede any IRC 7216 consent you have previously granted or denied. IRC 7216 consent is governed by separate, immutable consent records (see Section 5). If a policy change would require a new type of IRC 7216 consent, we will seek that consent separately through our consent framework, not through a Privacy Policy update.

19. Contact Information

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, you may contact us through the following channels:

19.1 Privacy Inquiries and Rights Requests

Email: privacy@h1btaxfile.com
Subject line: "Privacy Inquiry" or "Privacy Rights Request -- [Type]"
Response time: We will acknowledge your inquiry within 5 business days and provide a substantive response within 30 calendar days.

19.2 General Support

Email: support@h1btaxfile.com
Note: For privacy-specific requests (data access, correction, deletion, or consent-related inquiries), please use the privacy@h1btaxfile.com address to ensure your request is routed to the appropriate team.

19.3 Telephone

We do not currently operate a customer service telephone line. All privacy requests should be submitted via email to privacy@h1btaxfile.com. If you require telephone assistance, email us and we will arrange a callback within 2 business days.

19.4 Legal Inquiries

Email: legal@h1btaxfile.com
Purpose: For legal process (subpoenas, court orders), regulatory inquiries, or attorney correspondence.

19.5 Mailing Address

H1B TaxFile Inc.
Attn: Privacy Officer
Seattle, WA 98101
United States

Physical mailing address will be updated upon incorporation.

19.6 Complaints

If you are not satisfied with our response to your privacy inquiry, you may have the right to lodge a complaint with your state attorney general or the Federal Trade Commission (FTC):

• Federal Trade Commission: ftc.gov/complaint
• California Attorney General: oag.ca.gov/privacy
• Your state attorney general: Contact information is available at naag.org/find-my-ag