Privacy Policy

1. Introduction

IRS Now LLC ("we," "our," or "us") is committed to protecting your privacy and ensuring compliance with global data protection regulations including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and SOC 2 Type II standards.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our IRS audit detection and prevention services.

2. Information We Collect

Personal Information

• Email address (for account creation and report delivery)
• Name (optional, for personalized service)
• IP address (for security and compliance)
• Payment information (processed securely through Stripe)

Financial Data

• Tax documents and financial statements you upload
• Transaction data from bank statements
• Investment and portfolio information

Technical Data

• Browser type and version
• Device information
• Usage patterns and analytics
• Session and authentication tokens

3. How We Use Your Information

Primary Purposes

• Service Delivery: Analyze financial documents for IRS audit triggers
• Report Generation: Create detailed audit risk assessments
• Communication: Send scan results and important updates
• Security: Protect against fraud and unauthorized access
• Compliance: Meet regulatory requirements for financial data handling

Legal Basis (GDPR)

• Contract Performance: Processing necessary to deliver our services
• Legal Obligations: Compliance with IRS Revenue Procedure 98-25
• Legitimate Interests: Fraud prevention and service improvement
• Consent: Marketing communications and optional features

4. Data Security

Encryption

• At Rest: Fernet encryption (256-bit keys) for stored files
• In Transit: TLS 1.3 for all data transmissions
• Cloud Storage: Encrypted storage in Cloudflare R2

Access Controls

• Multi-factor authentication (MFA) available
• Role-based access control (RBAC)
• Regular security audits and penetration testing
• Comprehensive audit logging for all data access

5. Data Retention

6. Your Rights

Under GDPR (EU Residents)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request deletion ("right to be forgotten")
• Portability: Export your data in machine-readable format
• Object: Opt-out of certain processing activities
• Restrict: Limit how we use your data

Under CCPA (California Residents)

• Know: Information about data collection and use
• Delete: Request deletion of personal information
• Opt-Out: Decline sale of personal information (we don't sell data)
• Non-Discrimination: Equal service regardless of privacy choices

7. Third-Party Services

We use trusted third-party services that comply with data protection regulations:

• Stripe: Payment processing (PCI DSS compliant)
• Cloudflare R2: Encrypted file storage
• Clerk: Authentication services
• Resend: Email delivery

Each third-party processor signs data processing agreements ensuring GDPR compliance.

8. International Data Transfers

If you're accessing our services from outside the United States:

• Data may be transferred to US servers
• We use Standard Contractual Clauses for EU-US transfers
• All transfers comply with GDPR Chapter V requirements

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Contact Information

Data Protection Officer

Email: privacy@irs-now.com
Address: IRS Now LLC
Data Protection Office
[Your Business Address]

General Contact

Email: tsc@nselus.org

Supervisory Authority (EU)

EU residents have the right to lodge complaints with their local data protection authority.

11. Changes to This Policy

We may update this privacy policy periodically. We will notify you of any material changes via email and update the "Last Updated" date above.

Continued use of our services after changes constitutes acceptance of the updated policy.