Taxflow

Privacy Policy

Last updated: March 2026

What we are

Taxflow is a tax organization tool for freelancers and self-employed people. We help you categorize transactions and generate summaries for your accountant. We are not a tax filing service and we do not provide tax advice.

Data we collect

  • Account data — your name and email address, provided via WorkOS AuthKit when you sign up.
  • Financial transaction data — bank account transactions and balances fetched via Plaid when you connect a bank account. This includes transaction descriptions, amounts, dates, and merchant names.
  • AI-processed categorizations — transaction descriptions are sent to OpenAI to suggest tax categories (e.g., Schedule C categories). We do not send your account numbers or balances to OpenAI.
  • Usage data — pages visited and features used, collected via PostHog for product analytics. No keystroke logging.
  • Receipts — if you use the receipt OCR feature (Pro), receipt images are processed by OpenAI's vision model to extract amounts and merchants.

Plaid data sharing

When you connect a bank account, Taxflow uses Plaid to fetch your transaction history. Plaid retrieves data directly from your bank and provides it to us via their API. Your bank credentials are entered directly on Plaid's secure interface — Taxflow never sees your banking username or password.

Transaction data fetched via Plaid is stored in our Convex database and used solely to provide the Taxflow service. We do not sell this data or share it with third parties beyond what is described in this policy.

OpenAI and AI processing

Transaction descriptions (e.g., "ADOBE INC ACROBAT") are sent to OpenAI's API to suggest tax categories. We send only the description, amount, and transaction type — not your name, account numbers, or bank name. OpenAI processes this data under their API data usage policies, which do not use API inputs to train models.

Data retention

Your data is retained while your account is active. If you delete your account or request data deletion, we will remove your personal data and transaction history within 30 days. Backups may retain data for an additional 30 days before being purged.

Your rights

You can request a full export of your data or ask us to delete your account and all associated data at any time. To do so, email privacy@truscape.com. We'll respond within 5 business days.

Cookies

We use session cookies for authentication (via WorkOS) and analytics cookies via PostHog. We do not use advertising or tracking cookies.

Contact

Privacy questions or data requests: privacy@truscape.com