Effective Date: November 6, 2025

This Privacy Policy describes how Tax AI, Inc (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information about users of our websites, applications, and related online products and services (collectively, the “Services”). This Policy applies to information we process in the United States and is intended to comply with applicable U.S. federal and state privacy laws,
including, as applicable, restrictions on the use and disclosure of “tax return information” under 26 U.S.C. § 7216 and related regulations, the FTC Safeguards Rule, and state consumer privacy statutes. By using the Services, you acknowledge that you have read and understand this Privacy Policy.

This Privacy Policy should be read together with our Terms of Use.

This Privacy Policy is provided for informational purposes only and does not constitute a contract or create legal rights or obligations beyond those required by applicable law.

1. Scope and Audience

This Policy applies to personal information we collect from or about individuals and entities in connection with the Services across all 50 states and the District of Columbia. The Services are intended for U.S. use only and are not directed to individuals under age 13. If you are using the Services on behalf of a business, this Policy applies to information we collect about your authorized users and contacts.

2. Key Definitions

For purposes of this Policy:

• “Personal Information” means information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
• “Tax Return Information” means any information furnished in any form or manner for, or in connection with, tax assistance, payment arrangement workflows, or related features (including IRS transcripts and account data) to the extent such information is subject to 26 U.S.C. § 7216 and its implementing regulations.

3. Information We Collect

We collect the following categories of information, which may be collected directly from you, automatically, and from third parties as described below:

a. Identifiers and Contact Information. Name, alias, postal address, email address, phone number, date of birth, and similar identifiers.

b. Government and Tax Identifiers. Social Security Number, Taxpayer Identification Number, Employer Identification Number, state ID/driver’s license, and related government identifiers to the extent necessary to provide the Services.

c. Account and Profile Information. Account credentials and settings, role/permission data, preferences, communications, and support requests.

d. Tax, Financial, and Payment Information. Information you input or upload (e.g., balances, payment plan details, income and liability data), IRS transcripts and account data you authorize us to retrieve, bank account or card details provided to payment processors, and payment history.

e. Device, Internet, and Usage Information. IP address, device identifiers, browser/app type and version, operating system, log files, analytics data, diagnostic and crash data, cookie and similar technology identifiers, and interaction data regarding your use of the Services.

f. Inferences and Derived Data. Inferences drawn from other information to create a profile reflecting preferences, usage patterns, or Service-related propensity scores for security, fraud prevention, and product improvement.

g. Sensitive Personal Information. Where strictly necessary for the Services and permitted by law, we may process sensitive personal information such as government identifiers, financial account numbers (tokenized or limited elements), and biometric information. We do not use or disclose sensitive personal information to infer characteristics or for cross-context behavioral advertising.

h. Photos. You may be asked to submit photos (for example, a “selfie” and/or images of a government-issued ID) for identity verification and security. We may receive and store such photos. We do not create, derive, or process geometric facial measurements (including facial geometry, facial vectors, or faceprints) from these photos, and we do not use them for facial recognition. We use photos only for identity verification, security, and compliance purposes, and retain them only as long as reasonably necessary for those purposes and as required by law.

We may partner with third-party identity verification providers who collect and process biometric information, such as facial imagery and government-issued identification, for fraud prevention and identity verification purposes. This information is collected directly by the third-party provider and is governed by their privacy policy. We do not collect, access, store, or control biometric information or images used in these workflows, and such data does not pass through our systems.

4. Sources of Information

We collect information from:

• You, when you create an account, use the Services, upload documents, interact with features, communicate with us, or otherwise provide information.
• Third parties, at your direction or as needed to provide the Services (e.g., IRS transcripts and account data with your authorization; identity verification and knowyour-customer providers; payment processors and financial institutions).
• Automatically, via cookies, pixels, SDKs, APIs, and similar technologies when you access or use the Services.

5. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, security, fraud prevention, session management, preferences, analytics, and to help improve the Services. You can manage cookie preferences via your browser or device settings; however, certain cookies are essential to the Services and disabling them may impair functionality. We do not honor “Do Not Track” signals at this time.

6. How We Use Information

We process Personal Information for the following purposes:

• Providing the Services. To operate, maintain, and deliver the Services, including workflows for evaluating and arranging tax payment options; retrieving IRS data with your authorization; storing documents; facilitating payments; and providing customer support.
• Account Administration and Security. To authenticate users, prevent fraud and abuse, secure accounts, protect Company, and manage Service integrity.
• Identity Verification. To verify identity and prevent fraud, including through third-party providers who may collect and process biometric data with required consent (provided that we do no directly collect or access such biometric data).
• Communications. To send transactional messages, notices, updates, and respond to inquiries.
• Analytics and Service Improvement. To monitor usage, fix bugs, perform quality assurance, and improve features and user experience, including through de-identified or aggregated analyses.
• Compliance and Risk Management. To comply with law and regulation (including IRS and NACHA rules), respond to lawful requests, enforce our terms, and protect our rights and the rights of others.
• With Your Consent. For any additional purposes disclosed to you at the time of collection or through feature-specific notices, with your consent where required.

7. Automated and AI-Enabled Features

We may use automated systems and machine learning/artificial intelligence functionality to provide suggestions, summarize content, estimate potential outcomes, pre-populate fields, and support your self-directed use of the Services. Outputs are for informational purposes only and may be incomplete or not current. You are responsible for reviewing and verifying all outputs before relying on them. To operate certain features, we may transmit prompts, documents, or other content, as well as associated metadata, to third-party model and infrastructure providers engaged under written agreements requiring confidentiality and security. These features are subject to change, suspension, or removal at any time without notice. We do not guarantee the accuracy, completeness, or reliability of any automated or AI-generated output and disclaim any liability arising from reliance on such features.

8. How We Share Information

We share Personal Information as described below:

• Service Providers and Vendors. With third parties under contract to perform services on our behalf, such as cloud hosting, data storage, analytics, customer support, identity verification and know-your-customer, payment processing, communications delivery, security and fraud prevention, and AI/ML processing. For example, we may share limited information (such as your name, email address, account ID, or other identifiers) with a third-party identity verification provider so they can associate your verification attempt with your Platform account. We are not responsible for their independent practices.
• IRS and Tax Authorities. With your authorization and as necessary to provide the Services, such as initiating payment arrangements, retrieving IRS data, or responding to communications.
• Financial Institutions and Payment Processors. With banks, card networks, and payment processors to facilitate payments and address chargebacks, reversals, or disputes.
• Corporate Transactions. In connection with or during negotiations of any merger, financing, acquisition, bankruptcy, dissolution, reorganization, or sale of all or a portion of our assets, subject to appropriate protections and ongoing confidentiality obligations.
• Legal and Safety. To comply with law, regulation, legal process, and governmental requests; to enforce our terms; and to protect the rights, property, security, or safety of Company, our users, or others.
• De-Identified and Aggregated Data. We may use and share de-identified and/or aggregated information that does not identify individuals for analytics, research, benchmarking, marketing, or product development.

We do not sell Personal Information and we do not share Personal Information for cross-context behavioral advertising. We do not permit our Service Providers to use Personal Information for their own marketing purposes.

9. Biometric Information

We may partner with third-party identity verification providers who collect and process images of government-issued identification and facial imagery for fraud prevention or identity verification purposes. This information is collected directly by the third-party provider and is subject to their privacy policy. We do not collect, access, or store biometric information or images used in these workflows.

10. Restrictions on Tax Return Information

To the extent we receive, use, or disclose Tax Return Information subject to 26 U.S.C. § 7216 and its implementing regulations, we will do so only as permitted by law, including IRS rules and guidance such as Publication 1075. Where required, we will obtain your informed consent before using or disclosing Tax Return Information for purposes not otherwise permitted. Certain features may be limited or unavailable unless and until appropriate consent is obtained.

11. Data Security

We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect Personal Information, including:

• Encryption in transit and at rest where appropriate;
• Access controls, least-privilege principles, and multifactor authentication for administrative access;
• Network monitoring, logging, and intrusion detection;
• Secure development practices, vulnerability management, and periodic third-party testing;
• Vendor due diligence and contractual security requirements.

The examples of safeguards provided are for illustrative purposes and may not apply to all systems or data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Retention and Deletion

We retain Personal Information for as long as reasonably necessary to provide the Services, comply with legal and regulatory obligations (including IRS and recordkeeping requirements), resolve disputes, protect our rights, and enforce agreements. Where specific retention periods are mandated by law, those periods will govern. When retention is no longer required, we will delete or de-identify information in the ordinary course of business, consistent with our data retention schedules and applicable law.

If you request deletion, we will take steps to delete Personal Information, subject to legal exceptions and our need to retain certain records (e.g., to comply with IRS obligations, investigate or defend legal claims, or maintain security logs).

13. Your Choices and Rights

a. Access, Correction, and Portability. You may access certain account information through the Services and request corrections where permitted by law. Subject to verification and applicable law, you may request a copy of certain information in a portable format.

b. Deletion. You may request deletion of Personal Information, subject to legal and regulatory constraints and applicable exceptions (e.g., IRS recordkeeping, security incident investigation, or compliance).

c. Opt-Outs and Preferences. You may manage certain communication preferences in your account or by using unsubscribe mechanisms in emails. We do not sell Personal Information and do not share it for cross-context behavioral advertising; accordingly, we do not offer a “Do Not Sell or Share” link.

d. Verification and Authorized Agents. We may require reasonable verification to process rights requests and may deny requests where we cannot verify identity or authority. You may designate an authorized agent to make requests on your behalf where permitted by law.

We will respond to verified requests in accordance with applicable law and the nature of the request, subject to our legal and operational obligations. Our ability to fulfill a request may be limited by our obligations under tax and other applicable laws.

14. U.S. State Disclosures (Including California)

Depending on your state of residence, you may have certain rights under state privacy laws (e.g., CA, CO, CT, UT, VA), including to request access, correction, deletion, and information about our data practices. We describe our data collection, use, and disclosure in Sections 3, 4, 6, and 8. We do not sell Personal Information and do not share it for cross-context behavioral advertising. We process sensitive Personal Information only as necessary to provide the Services and for security and compliance, and not to infer characteristics.

• California Residents. You have rights under the California Consumer Privacy Act (as amended by the CPRA) to access, correct, and delete certain Personal Information, subject to exceptions. We will not discriminate against you for exercising your rights. If we offer any financial incentives related to Personal Information, we will describe the material terms at the point of collection; currently, we do not offer such programs.
• Nevada Residents. We do not sell “covered information” as defined under Nevada law.
• Appeals. Residents of certain states (e.g., Colorado, Virginia, Connecticut) may have the right to appeal a decision regarding a privacy request. Appeal instructions will be provided in our response.

To exercise state law rights, contact us as described in Section 18.

Certain rights described in this section may apply only if we meet specific legal thresholds under applicable state law.

15. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect Personal Information from children under 13. If we learn that we have collected Personal Information from a child under 13, we will delete it in accordance with applicable law.

16. Third-Party Links and Services

The Services may include links to, or integrations with, third-party services. We are not responsible for the privacy practices of third parties, which are governed by their own policies. You should review such policies before providing information to third parties.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Policy and update the “Effective Date” above, and we may provide additional notice as required by law. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

18. How to Contact Us

If you have questions about this Privacy Policy or our privacy practices, or if you wish to exercise your rights, please contact us at:

Email: legal@tax-ai.us
Address: Tax AI, Inc, 8000 Avalon Blvd, 2nd Floor, Alpharetta, GA 30009
Phone: (833) 367-6691

You may also contact us through your account or the in‑product help center. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may have the right to contact your state attorney general or other regulator.

19. Notice of Financial Incentives

We currently do not offer programs that provide financial incentives or price or service differences in exchange for Personal Information. If we offer such programs in the future, we will provide a description of the material terms at enrollment and obtain any required consent.

20. Non-Discrimination

We will not discriminate against you for exercising your privacy rights under applicable law, subject to lawful differences based on your voluntary participation in any financial incentives (if offered in the future).