Privacy Notice

1. Local-first design

During normal preparation, tax documents, extracted values, manually entered return data, saved projects, and generated forms are processed and stored locally on your device. They are not transmitted to TakoTax servers as part of normal preparation. Project file export and import are not available yet; if a future release ships such a flow, exported files will likewise stay local until the user shares them.

2. Information TakoTax does not intentionally collect

TakoTax does not intentionally collect or receive tax document contents, generated forms, Social Security numbers, taxpayer identification numbers, names, mailing addresses, dates of birth, employer information, brokerage details, bank account numbers, numeric tax values, or free-form tax answers entered into the product during normal preparation.

3. Limited operational data

Standard web infrastructure and product diagnostics may create limited records such as:

• IP address, timestamps, browser user-agent, and requested resources
• Product version, browser family, operating system family, and capability signals
• Page or screen load success and failure signals
• Error categories, diagnostic codes, stack traces, and performance measurements
• Policy acceptance or consent records when applicable

TakoTax does not use operational telemetry to collect tax document content or return values.

4. How limited data is used

Limited operational data may be used to:

• Operate, secure, and debug TakoTax
• Understand product reliability and feature usage in aggregate
• Investigate errors without receiving tax data
• Maintain policy, consent, and legal records

5. Cookies, local storage, and similar technologies

TakoTax may use essential cookies, browser local storage, and similar technologies to operate the site and app. Local storage is used for local project saving. TakoTax does not use advertising pixels or sell tax data.

6. Retention and deletion

Because tax documents and return contents stay on your device during normal preparation, TakoTax does not retain those materials on its servers. You can delete local project data by clearing browser site storage for TakoTax. Project file export and import are not available yet, so clearing local storage permanently deletes your local project with no recovery path.

Limited operational data may be retained for security, reliability, debugging, and legal recordkeeping. Retention periods may vary depending on the type of record and operational need.

7. Crash reports

If crash reporting is enabled, error reports are intended to be scrubbed before transmission to avoid names, tax values, document content, and identifiable return information. Reports may include error type, stack trace, app version, and platform.

8. Third-party service providers

TakoTax uses providers for hosting, domain services, email delivery, security monitoring, and similar infrastructure. The marketing site (www.tako.tax) loads Cloudflare Web Analytics as a privacy-oriented page-view counter. Cloudflare receives the page URL, referrer, browser user-agent, screen size, and the visitor's IP address (used to derive country and to deduplicate; not stored as a persistent identifier). Cloudflare Web Analytics does not set cookies and does not fingerprint the browser. The beacon does not run on the application origin (app.tako.tax), so it cannot observe tax-document contents, extracted values, or return data while you prepare a return.

If diagnostic error reporting is enabled in the future, those tools must be configured so they are not intended to receive tax return contents or attached tax documents during normal preparation.

9. Electronic filing data handling

This Section 9 applies only when TakoTax has enabled electronic filing and you use the e-file workflow to transmit your return. The operational details are summarized on the E-file Disclosures page.

9.1 What is transmitted, and to whom

When you authorize electronic filing, TakoTax packages the return into the IRS Modernized e-File (MeF) format and transmits it to the IRS and, where supported, to the applicable state tax agency. The transmitted return contains tax-relevant identity information that the IRS requires for filing, including taxpayer and spouse names, Social Security Numbers or ITINs, address, dependent information, employer information from W-2s, payer information from 1099s, and the computed return amounts.

9.2 Signature, jurat, and authorization records

TakoTax records the electronic signature event used to authorize transmission. The recorded fields include the Self-Select PIN, the prior-year AGI (or prior-year PIN) used for IRS signature authentication, date of birth, the version of the jurat text accepted, the timestamp, the account or session identifier, the IP address, and the user-agent of the signing event. This record is retained as required by IRS rules for online providers.

9.3 Acknowledgements and IRS-issued records

TakoTax receives and stores the IRS acknowledgement for each transmission, the IRS submission ID, the acknowledgement status (Accepted or Rejected), any reject codes and descriptions, and the corresponding timestamps. Equivalent records are stored for any supported state submissions.

9.4 Retention of e-file records

IRS rules require TakoTax to retain e-file records, including the signed authorization, the transmitted return, and the acknowledgement, for a defined period after filing. TakoTax retains these records for that period and may retain them longer where reasonably necessary for security, fraud prevention, audit, dispute resolution, or other legal obligations. After the retention period ends, TakoTax disposes of or de-identifies the records.

9.5 IRC §7216 consents to use or disclose tax return information

Internal Revenue Code §7216 and Treasury Regulation §301.7216-3 restrict the use and disclosure of tax return information. TakoTax will not use or disclose tax return information for purposes other than preparing the return, filing the return, supporting the return, fraud and security prevention, or other purposes permitted without consent, unless you first provide a separate §7216-compliant written consent. Declining a §7216 consent will not prevent you from preparing or filing your return through TakoTax. Consents may be revoked prospectively at any time by contacting [email protected].

9.6 Service providers used to operate e-file

TakoTax operates the e-file workflow under an architectural constraint: tax return data and taxpayer identifiers are only ever transmitted to and stored at Amazon Web Services (AWS). AWS hosts the API endpoint that receives your authorization to file, the MeF packager that builds the IRS-format submission, the transmitter that sends it to the IRS and to the applicable state tax agency, and the records of the transmission and acknowledgement that the IRS requires online providers to retain. AWS is bound by contract (AWS Customer Agreement, AWS Service Terms, AWS Data Processing Addendum) to use the data only to provide hosting services to TakoTax and to maintain security consistent with IRS Publication 4557 (Safeguarding Taxpayer Data) and the FTC Safeguards Rule.

Other vendors TakoTax uses do not receive tax return information:

• Cloudflare serves the static website and application but does not see the contents of e-file requests; the API hostname is configured as DNS-only so request bodies are not visible to Cloudflare.
• Stripe processes the e-file payment fee and receives only payment data (cardholder name, card metadata, transaction amount, statement descriptor). Stripe does not receive tax return information.
• Email is used only for non-sensitive support correspondence; sensitive support cases are handled through a secured in-app form that posts directly to AWS.

TakoTax does not sell tax return information and does not share it with marketing or advertising platforms.

9.7 Security safeguards for e-file data

TakoTax maintains a Written Information Security Plan aligned with IRS Publication 4557 (Safeguarding Taxpayer Data) and the Federal Trade Commission Safeguards Rule. Safeguards include encryption of taxpayer data in transit and at rest where server-side storage is used, multi-factor authentication on administrative access to systems holding taxpayer data, access controls limited to personnel with a need to know, logging and monitoring designed to avoid recording return contents, vendor security review, training, and an incident response plan. See the Security page for a summary.

10. State-specific privacy rights

Depending on your state of residence, you may have additional rights with respect to tax return information and other personal information TakoTax holds. The rights below apply once TakoTax begins retaining e-file records (i.e., once you elect to file electronically through TakoTax); during browser-local preparation, TakoTax does not hold the underlying tax data, so most rights are exercised by clearing local browser storage.

10.1 California residents

California Business and Professions Code §17530.5 protects information you provide for the preparation of federal or California tax returns. TakoTax will not use or disclose that information for any non-preparation purpose without a separate, voluntary, written consent that complies with §17530.5. Declining a §17530.5 consent will not prevent you from preparing or filing your return through TakoTax.

To the extent the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) applies to TakoTax, California residents have the right to know what personal information TakoTax collects, to access and delete that information, to correct inaccurate information, and to opt out of any sale or sharing of personal information. TakoTax does not sell tax return information or share it with advertising platforms. Requests may be sent to [email protected]. TakoTax will not retaliate against any California resident for exercising these rights.

10.2 Colorado residents

Under the Colorado Privacy Act, Colorado residents have the right to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of any sale, targeted advertising, or profiling that produces legal or similarly significant effects. TakoTax does not sell tax return information, does not run targeted advertising, and does not use profiling to produce legal or similarly significant effects. Requests may be sent to [email protected].

10.3 Other residents

Residents of other states may have similar rights under their state's consumer privacy law. TakoTax handles all such requests under the same internal process; if your state grants you a right that is not listed here, contact [email protected] with your request and the statute you are exercising.

10.4 Breach notification

If a breach of taxpayer data occurs, TakoTax notifies affected users in accordance with applicable state and federal law. TakoTax engineers its breach response to the strictest applicable timing rule (currently the California Civil Code §1798.82 standard, as amended by SB 446 effective January 1, 2026: notice to affected California residents within 30 calendar days of discovery; notice to the California Attorney General within 15 days of resident notification when more than 500 California residents are affected). Other state regulators are notified as their respective statutes require.

11. Children

TakoTax is not directed to children under 13. Returns that include dependents are filed by the taxpayer; TakoTax does not knowingly collect data directly from a child for the child's own use.

12. Changes to this notice

TakoTax may update this Privacy Notice from time to time, including when electronic filing is enabled and when supported scope changes. The updated version will be posted at TakoTax with a revised effective date.

13. Contact

Privacy questions may be sent to [email protected].