Privacy Policy

Last Updated: March 8, 2026

Tax Orator ("we," "us," or "our") operates the taxorator.com platform. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered tax research service.

1. Information We Collect

Account Data

Name and email address (provided during registration)
Authentication credentials (managed securely via Supabase Auth)
Subscription tier and billing status

Usage Data

Tax research queries you submit
Feedback you provide on responses (thumbs up/down)
Query count and usage metrics per billing cycle

Analytics Data

Page views, session recordings, and interaction events (collected via PostHog)
Session recordings automatically mask password fields and sensitive inputs
Analytics are only collected from authenticated (logged-in) users

Payment Data

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full card details on our servers
We receive only transaction confirmations and subscription status from Stripe

2. How We Use Your Information

Provide and improve the Tax Orator tax research service, including generating citation-backed answers to your queries
Improve search result quality and relevance based on aggregate usage patterns
Enforce subscription usage limits and manage your account tier
Send transactional emails (welcome, usage warnings, billing notifications) via Resend
Detect and prevent abuse, fraud, or violations of our Terms of Service

3. Third-Party Services

We use the following third-party services to operate Tax Orator. Each service has its own privacy policy governing data handling:

Supabase — Authentication and database hosting. Your account data and query history are stored in Supabase's infrastructure with row-level security policies
Stripe — Payment processing. Handles all credit card and billing information directly. We never see or store your full card details
PostHog — Product analytics and session replay. Collects usage events and session recordings from authenticated users. Password inputs are automatically masked
Resend — Transactional email delivery. Receives your email address to send account-related notifications
Anthropic (Claude API) — AI query processing. Your tax research queries are sent to Anthropic's Claude API to generate answers. Per Anthropic's API terms, your queries are not used to train their models

4. Data Retention

Account data is retained for as long as your account is active
Query history is retained based on your subscription tier: 7 days (Discovery), 30 days (Solo Practitioner), 90 days (Firm Growth Engine), unlimited (Practice Command Center)
Analytics data is retained per PostHog's standard retention policy
You may request deletion of your data at any time (see Your Rights below)

5. Your Rights

You have the right to:

Access your personal data and query history
Correct inaccurate account information
Delete your account and all associated data
Export your data in a portable format

To exercise any of these rights, contact us at [email protected]. We will respond to requests within 30 days.

6. Security

All data in transit is encrypted via TLS (HTTPS)
Database access is protected by Supabase row-level security (RLS) policies
Passwords are never stored in plaintext — authentication is managed by Supabase Auth with industry-standard hashing
Session replay recordings automatically mask password fields and sensitive form inputs

7. Children's Privacy

Tax Orator is a professional tool designed for licensed tax practitioners. We do not knowingly collect information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users via email. The "Last Updated" date at the top of this page reflects the most recent revision.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at [email protected].