Last updated: March 18, 2026

Privacy Policy

Veritas Tax Engine (“Veritas,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tax computation platform and related services (collectively, the “Service”).

Data Controller: Veritas Tax Engine
Contact: [email protected]

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, professional credentials, and firm affiliation when you register for an account.
• Tax data: financial information, income figures, deduction details, and other tax-related data you enter into the computation engine.
• Communications: messages, support requests, and feedback you send to us.
• Payment information: billing address and payment method details (processed by our PCI-compliant payment processor; we do not store full card numbers).

1.2 Information Collected Automatically

• Usage data: pages visited, features used, computation requests, timestamps, and session duration.
• Device information: browser type, operating system, device identifiers, and screen resolution.
• Network data: IP address, approximate geolocation (city/region level), and referring URL.
• Cookies and similar technologies: as described in our Cookie Policy.

2. GDPR Compliance (European Economic Area)

2.1 Lawful Bases for Processing (Art. 6 GDPR)

We process your personal data on the following lawful bases:

• Contract performance (Art. 6(1)(b)): processing necessary to provide the Service you have contracted for, including tax computations and account management.
• Legitimate interests (Art. 6(1)(f)): improving our Service, preventing fraud, ensuring security, and conducting analytics. We balance these interests against your rights and freedoms.
• Consent (Art. 6(1)(a)): for optional analytics cookies and marketing communications. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): where we are required to retain data for tax, accounting, or regulatory compliance.

2.2 Data Subject Rights (Art. 13/14 Disclosures)

If you are in the EEA, UK, or Switzerland, you have the following rights:

• Right of access (Art. 15): obtain a copy of your personal data we process.
• Right to rectification (Art. 16): correct inaccurate or incomplete data.
• Right to erasure (Art. 17): request deletion of your personal data, subject to legal retention requirements.
• Right to restriction (Art. 18): restrict processing in certain circumstances.
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing.
• Right regarding automated decisions (Art. 22): not be subject to solely automated decision-making with legal effects. Our tax computations are tools that assist human preparers, not automated decisions about individuals.

To exercise these rights, contact our Data Protection Officer at [email protected].

2.3 Data Protection Officer

Our Data Protection Officer can be contacted at:
Email: [email protected]
Subject line: “DPO Inquiry”

2.4 EU Representative

Our EU representative for GDPR purposes can be reached at [email protected] with the subject “EU Representative Inquiry.”

2.5 Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your concerns.

3. CCPA/CPRA Compliance (California Residents)

3.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: name, email address, IP address, account credentials.
• Financial information: tax-related financial data you input into the engine.
• Commercial information: subscription history and billing records.
• Internet/electronic activity: browsing history, usage logs, and interaction data within the Service.
• Professional information: CPA credentials, firm name, and professional licenses.
• Inferences: usage patterns to improve Service functionality.

3.2 Your CCPA/CPRA Rights

• Right to know: request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it.
• Right to delete: request deletion of your personal information, subject to exceptions (e.g., legal retention obligations).
• Right to correct: request correction of inaccurate personal information.
• Right to opt-out of sale/sharing: we do not sell personal information. We do not share personal information for cross-context behavioral advertising.
• Right to non-discrimination: we will not discriminate against you for exercising your CCPA/CPRA rights.
• Right to limit use of sensitive personal information: you may direct us to limit the use of sensitive personal information to what is necessary for providing the Service.

3.3 Do Not Sell or Share My Personal Information

Veritas does not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes. We honor Global Privacy Control (GPC) signals as a valid opt-out request under CCPA/CPRA.

3.4 Global Privacy Control (GPC)

We recognize and honor the Global Privacy Control (GPC) signal. When we detect a GPC signal from your browser, we treat it as a valid opt-out of the sale or sharing of your personal information under applicable law.

4. Cookies

We use the following categories of cookies:

• Strictly necessary cookies: essential for the Service to function, including authentication tokens, session identifiers, and CSRF protection. These cannot be disabled.
• Analytics cookies: help us understand how the Service is used, measure performance, and identify areas for improvement. These are set only with your consent.
• Functional cookies: remember your preferences such as theme selection (light/dark/auto), language, and display settings to enhance your experience.

For full details, see our Cookie Policy.

5. Data Retention

• Account data: retained for the duration of your active account plus 30 days after deletion request.
• Tax computation data: retained for 7 years after the applicable tax year to comply with IRS and international record-keeping requirements.
• Usage/analytics data: retained for 26 months in aggregated/anonymized form.
• Support communications: retained for 3 years after resolution.
• Payment records: retained for 7 years as required by financial regulations.
• Server logs: retained for 90 days, then automatically purged.

6. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. When we transfer personal data outside the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs): approved by the European Commission (Decision 2021/914), supplemented by transfer impact assessments where required.
• Adequacy decisions: where the European Commission has determined a country provides adequate data protection.
• Supplementary measures: including encryption in transit and at rest, pseudonymization, and access controls.

7. Children’s Privacy

The Service is intended for use by tax professionals and adults filing taxes. We do not knowingly collect personal information from children under the age of 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at [email protected].

8. Security

We implement industry-standard technical and organizational measures to protect your data, including:

• TLS 1.3 encryption for all data in transit.
• AES-256 encryption for data at rest.
• Role-based access controls and principle of least privilege.
• Regular security audits and penetration testing.
• SOC 2 Type II compliance program.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we will provide additional notice via email or in-app notification.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Veritas Tax Engine
Email: [email protected]
Web: useveritas.ai