Back Tax Cleanup

Privacy Policy

Last updated: May 8, 2026

1. Overview

Back Tax Cleanup ("we", "us", "our", "the Service") respects your privacy. This Privacy Policy explains what information we collect, why we collect it, how we share it, how long we keep it, and the choices you have. It applies to backtaxcleanup.com and our related products.

2. Information we collect

  • Account information: name, email, phone, password (stored hashed), and contact details.
  • Tax and financial information: bank statements, income records, expenses, prior tax returns, IRS notices, SSN/EIN, and other documents you upload.
  • Bank-connection data via Plaid: when you choose to link a bank or credit card account, Plaid Inc. ("Plaid") accesses your account on a read-only basis and shares with us account identifiers, account and routing numbers, balances, account holder name, and historical transactions. We never see, receive, or store your bank login credentials — they are entered directly into Plaid.
  • Payment information: handled by Stripe; we receive only the last four digits, brand, and expiration of cards.
  • Identity & verification: when required by law or our partners, we may collect government ID, date of birth, and address to verify your identity.
  • Usage data: log data, IP address, device information, browser type, and analytics events used to operate, secure, and improve the Service.
  • Communications: messages you send us and our support responses.

3. How we use your information

  • Prepare your tax returns and provide CPA review and filing.
  • Categorize transactions, reconcile books, and identify deductions.
  • Verify your identity and comply with IRS, GLBA, and state requirements.
  • Communicate about your case, billing, scheduling, and service updates.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Maintain audit logs and meet legal recordkeeping obligations.

We do not use your bank-connection data for advertising, marketing, or model training.

4. Plaid disclosure

By linking a financial account through our Service, you authorize Plaid to access your account information on our behalf and you agree to Plaid's End User Privacy Policy. Plaid acts as a data-access provider and processes your information in accordance with its own privacy policy. We use Plaid's data solely to:

  • Verify the bank account belongs to you;
  • Import historical transactions to reconstruct books for back-tax filings;
  • Categorize income and expenses for the tax year(s) you engage us for; and
  • Detect and prevent fraud.

You can disconnect a linked account at any time from Account → Connected accounts, or by emailing privacy@backtaxcleanup.com. Disconnection stops further data refresh; previously imported data is retained per Section 8 below.

5. We do not sell your data

We do not sell, rent, or trade your personal or financial information, and we do not share it with third parties for cross-context behavioral advertising. We do not share Plaid-sourced data with anyone other than the service providers and licensed CPAs listed below, and only as necessary to deliver the Service to you.

6. Service providers and sub-processors

We share data only with vetted providers under written contracts, strictly to operate the Service:

  • Supabase — encrypted database, authentication, and file storage hosting (US region).
  • Plaid — read-only bank account connections; subject to Plaid's End User Privacy Policy.
  • Stripe — PCI-DSS Level 1 payment processing.
  • Resend — transactional email delivery.
  • Google AI / OpenAI (via Lovable AI Gateway) — automated transaction categorization and document review. These providers are contractually prohibited from training models on customer data.
  • Cloudflare — content delivery, DDoS protection, and edge runtime.
  • Licensed CPAs — your assigned CPA accesses your case to review and file returns under §7216 confidentiality rules.

7. Security

We follow the controls described in our Information Security Policy. Highlights:

  • TLS 1.2+ in transit, AES-256 at rest.
  • Row-Level Security and least-privilege access on every customer table.
  • TOTP-based multi-factor authentication required for all accounts and enforced again before connecting a bank.
  • Audit logging of access to sensitive data.
  • Annual review and continuous monitoring of security controls.

8. Data retention and deletion

We retain tax records for at least seven (7) years as required by IRS recordkeeping rules (26 CFR §1.6001-1) and applicable state law. You may request deletion of non-required data — including disconnecting Plaid and removing imported transaction history — at any time by emailing privacy@backtaxcleanup.com. We will respond within 30 days. Some records (filed returns, payment receipts, audit logs) must be retained for legal, tax, or fraud-prevention purposes even after deletion requests.

9. Your privacy rights

Depending on your state of residence (including California, Colorado, Connecticut, Virginia, Utah, and others), you may have the right to:

  • Know what personal information we have collected about you;
  • Access or receive a portable copy of that information;
  • Correct inaccurate information;
  • Delete personal information, subject to legal retention exceptions;
  • Opt out of sale or sharing for cross-context behavioral advertising — note we do not do either; and
  • Be free from discrimination for exercising these rights.

To exercise any of these rights, email privacy@backtaxcleanup.com. We will verify your identity before fulfilling the request.

10. Cookies and analytics

We use essential cookies for authentication and session management, and limited first-party analytics to understand usage. We do not use cookies for cross-site advertising. You can control cookies through your browser settings.

11. International users

The Service is operated from and intended for users in the United States. Information you provide is processed and stored in the U.S.

12. Children

The Service is not directed to children under 18. We do not knowingly collect data from children.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and in-app at least 7 days before they take effect. The "Last updated" date at the top reflects the most recent version.

14. Contact

Privacy questions or requests: privacy@backtaxcleanup.com
Security concerns: security@backtaxcleanup.com