Privacy Policy

Last updated: April 2026

Our Commitment

PnP Tax is designed with privacy and security at its core. We process financial and tax-related data with minimal storage and strong protections. We do not permanently store your uploaded bank statements, PDFs, or CSVs.

1. Information We Collect

  • Wallet addresses — Solana public keys when you connect a Phantom wallet.
  • Hashed IP addresses — Your IP is hashed using SHA-256 before storage. We never store plaintext IPs.
  • Payment history — Records of payments (crypto transactions, Stripe sessions) and access granted.
  • Anonymous usage analytics — Page view counts only, and only if you consent via the cookie banner.

2. How We Use Your Information

We use your information only to provide the services you request (bank statement processing, labeling, TIS generation, sales tax helper, etc.).

  • Payment processing — To verify payments, grant tool access, and manage access tokens.
  • Anonymous analytics — To understand which tools are used most. Fully anonymous and consent-based.
  • Fraud prevention — Rate limiting, nonce verification, and hashed IP tracking to prevent abuse.

3. Section 7216 Compliance (Tax Return Information)

By using PnP Tax, you consent to us processing your tax return information solely for the purpose of generating the reports and summaries you requested. We do not use your tax data for any other purpose (including marketing or AI model training) without your explicit additional consent.

4. Data Retention & Deletion

  • Uploaded files — Processed in memory and not permanently retained. Generated outputs are temporarily saved and automatically deleted after download.
  • Generated Excel outputs — Automatically deleted from temporary storage after 24 hours.
  • Processing results metadata — Automatically deleted after 1 hour.
  • Payment records — Kept indefinitely for audit and accounting purposes.
  • Analytics data — Retained for up to 1 year (anonymous only). Visitor-level analytics pruned after 7 days.
  • Authentication logs — Retained for 90 days.
  • Access tokens, nonces, sessions — Cleaned automatically by background jobs (hourly, every 30 and 10 minutes).
  • Free mode file ownership — In free mode (no account), a one-way SHA-256 hash of your IP address is temporarily stored to link your uploads to your downloads. Automatically deleted within 24 hours. The hash cannot be reversed to identify you. No cookies are set for this purpose.

You can request deletion of your data at any time by contacting [email protected].

5. Cookies and Local Storage

  • Functional cookies (required) — One httpOnly authentication cookie for tool access. Not accessible to JavaScript.
  • Session storage — Wallet connection state stored in sessionStorage (clears on browser close or hard refresh). Never sent to our servers.
  • Analytics tracking (optional) — Anonymous page view data, only if you accept via the consent banner. Choose "Functional Only" to disable.

6. Third-Party Services

We do not sell, trade, or share your personal data with third parties. The following services are used:

  • Anthropic Claude API — Transaction descriptions and amounts may be sent for AI-powered classification. No full documents or personal identifiers are included. See Anthropic's privacy policy.
  • Stripe — Handles card payments under their own privacy policy. We do not store card numbers.
  • Solana RPC providers — Used to verify payments and token balances. Wallet addresses are publicly visible on the blockchain.
  • Coinbase CDP — Facilitates x402 micropayments for AI agent access. See Coinbase's privacy policy.
  • Sentry — Error monitoring (stack traces only). No uploaded file content is included.

7. Data Encryption and Protection

We encrypt all tax documents at rest using AES-256-GCM with keys derived via HKDF from our secure server seed. Plaintext files are never written to disk — they exist only transiently in server RAM during processing.

  • All traffic encrypted via HTTPS (TLS).
  • Access tokens in httpOnly cookies, preventing JavaScript access.
  • Original uploaded files are processed in memory and not retained.
  • All generated output files are encrypted at rest using AES-256-GCM. Plaintext tax documents never exist on disk.
  • Generated outputs auto-deleted from temp storage within 24 hours.
  • File ownership binding ensures only the session that created a file can download it. Downloads are decrypted in memory and delivered over HTTPS.
  • Download endpoints require authentication with path traversal protection.
  • PII sanitization available: account info and personal payee names can be masked before AI processing.
  • CSRF protection on all state-changing operations.
  • Rate limiting on all API endpoints.
  • Content Security Policy (CSP) and HSTS headers on all responses.

Free mode users: When you use our tools without an account, we temporarily associate your files with a one-way hash of your IP address solely to allow you to download your own results. This hash is deleted automatically within 24 hours along with the files. No cookies are used for this purpose. Paid users are identified by their stable access token.

We are currently rolling out full end-to-end client-side encryption (Phase 2) so that even uploads are encrypted in your browser before reaching our servers. When complete: bank statement data will be encrypted client-side using AES-256-GCM before transmission. Our servers will receive only ciphertext. Plaintext taxpayer data will never be written to disk, never appear in server logs, and will be decrypted only transiently in RAM for processing.

8. Your Rights

  • Access, correct, or delete your data.
  • Withdraw consent at any time (subject to legal obligations).
  • Opt out of analytics via the cookie consent banner.
  • Request full data deletion by contacting [email protected].

For privacy questions, contact [email protected].