1.1 Account Information

When you create a TaxMaker account, we collect basic information necessary to identify you and provide our services:

• Email Address: Used as your unique identifier, for account recovery, and to send important notifications about your tax returns and account security
• Password: Stored using industry-standard bcrypt hashing with salt. We never store your password in plain text and cannot retrieve it
• Name: Used to personalize your experience and pre-fill tax return information where applicable
• Account Preferences: Your chosen currency, language preferences, and notification settings

1.2 Tax Return Information (For Tax Filing Services)

If you use our tax filing services for Canadian T1 (personal) or T2 (corporate) returns, we collect detailed financial information required by the Canada Revenue Agency:

• Personal Identifiers: Social Insurance Number (SIN), date of birth, current and previous addresses, marital status, and citizenship status
• Income Information: Employment income (T4 slips), self-employment income, investment income (T3, T5 slips), rental income, pension income, government benefits, and other sources of income
• Deductions and Credits: RRSP contributions, childcare expenses, medical expenses, charitable donations, tuition fees, home office expenses, and other eligible deductions
• Banking Information: If you opt for direct deposit of refunds, we collect your banking institution number, transit number, and account number
• Dependent Information: Names, dates of birth, and relationships of dependents claimed on your return
• Corporate Information (T2): Business number, corporation name, fiscal year end, shareholder information, financial statements, and corporate tax elections

1.3 Calculator Usage (No Collection)

Our financial calculators are designed with privacy in mind. When you use our compound interest calculator, budget calculator, retirement calculator, or any other financial tool:

• All calculations are performed entirely in your browser using JavaScript
• Your inputs are never transmitted to our servers
• We do not track, store, or analyze any numbers you enter
• Clearing your browser or closing the tab completely erases your calculations
• We have no technical capability to access your calculator inputs

1.4 Automatically Collected Information

Like most websites, we automatically collect certain technical information when you visit TaxMaker:

• Device Information: Browser type and version, operating system, screen resolution, and device type (desktop, mobile, tablet)
• Usage Data: Pages visited, time spent on pages, links clicked, and general navigation patterns (anonymized)
• IP Address: Used for security monitoring, fraud prevention, and approximate geographic location (country/region level only)
• Referral Source: How you arrived at our website (search engine, direct link, referral)

2.1 Providing Our Services

• Calculate your tax obligations and potential refunds accurately
• Generate completed tax return forms (T1, T2, and supporting schedules)
• Enable NETFILE electronic filing with the Canada Revenue Agency
• Store your tax returns securely for future reference and prior-year data import
• Provide year-over-year comparisons and tax planning insights

2.2 Account Management and Security

• Authenticate your identity when you log in
• Send password reset emails when requested
• Alert you to suspicious account activity or unauthorized access attempts
• Maintain audit logs for security and compliance purposes
• Protect against fraud, abuse, and unauthorized transactions

2.3 Communication

• Send transactional emails (account confirmations, tax filing receipts, password resets)
• Notify you of important tax deadlines relevant to your returns
• Inform you of changes to our services or policies that affect you
• Respond to your support requests and inquiries
• Send our newsletter if you have explicitly opted in (you can unsubscribe anytime)

2.4 Service Improvement

• Analyze anonymized, aggregated usage patterns to improve our platform
• Identify and fix bugs, errors, and usability issues
• Develop new features based on user needs and feedback
• Optimize website performance and load times

3.1 Encryption

• In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure transport protocol
• At Rest: Your stored data is encrypted using AES-256 encryption, the same standard used by banks and government agencies
• Sensitive Fields: Social Insurance Numbers and banking information receive additional encryption with separate encryption keys

3.2 Infrastructure Security

• Our application is hosted on Vercel with enterprise-grade security certifications (SOC 2 Type II)
• Database services are provided by Supabase with automatic backups and point-in-time recovery
• All infrastructure is located in secure data centers with physical access controls
• Regular security audits and penetration testing by independent third parties
• DDoS protection and Web Application Firewall (WAF) to prevent attacks

3.3 Access Controls

• Strict role-based access control limits employee access to user data
• All access to production systems is logged and monitored
• Multi-factor authentication required for all administrative access
• Regular access reviews to ensure employees only have necessary permissions
• Automatic session timeouts and secure session management

3.4 Incident Response

We maintain a comprehensive incident response plan. In the unlikely event of a security breach affecting your personal information, we will notify you within 72 hours as required by law and provide guidance on protective steps you can take.

4.1 Essential Cookies

These cookies are strictly necessary for the website to function and cannot be disabled:

• Session Cookie: Keeps you logged in while using our service
• Security Cookie: Helps prevent cross-site request forgery (CSRF) attacks
• Preference Cookie: Remembers your selected currency and region

4.2 Analytics (Optional)

We use privacy-focused analytics to understand how our website is used. This helps us improve our services:

• Analytics are anonymized and do not track individual users
• We do not use Google Analytics or similar invasive tracking tools
• No data is shared with advertising networks
• You can opt out of analytics in your account settings

4.3 What We Do Not Use

• No third-party advertising cookies or pixels
• No social media tracking pixels (Facebook Pixel, etc.)
• No cross-site tracking or fingerprinting
• No sale of tracking data to data brokers