Privacy Policy

AusTax AI Pty Ltd ("we", "us", "our") operates austax.ai. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

We collect: • Personal information: name, email address, date of birth, address, and phone number • Tax File Number (TFN): encrypted at rest using AES-256 encryption via Supabase Vault • Financial information: income details, receipts, and expense records you upload • Usage data: IP address, browser type, pages visited, and device information • Payment information: processed securely via Stripe — we do not store card numbers

We use your information to: • Provide and improve our tax return lodgement services • Analyse receipts and identify eligible tax deductions • Facilitate review by registered Tax Agents • Lodge your tax return with the Australian Taxation Office (ATO) • Send transactional emails (e.g. confirmation of lodgement) • Comply with legal obligations under Australian tax law

Your Tax File Number is collected solely for the purpose of lodging your tax return with the ATO. It is: • Encrypted using AES-256 before storage • Never transmitted to AI systems (Claude AI, AWS Textract) • Accessible only to registered Tax Agents handling your return • Handled in accordance with the Taxation Administration Act 1953

We share your information with: • Registered Tax Agents: to review and lodge your return • Supabase: secure database and file storage (data hosted in Australia) • AWS (Textract): receipt OCR processing — receipt images only, no personal data • Anthropic (Claude AI): deduction analysis — anonymised financial data only • Stripe: payment processing • Resend: transactional email delivery • Clerk: authentication services We do not sell your personal information to any third party.

We retain your personal information for: • Active accounts: for the duration of your subscription plus 7 years (as required by ATO record-keeping obligations) • Deleted accounts: data is permanently deleted within 30 days of account deletion request • Backups: may persist for up to 90 days after deletion

Under the Australian Privacy Act, you have the right to: • Access your personal information • Request correction of inaccurate information • Request deletion of your account and associated data • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) To exercise these rights, contact us at info@austax.ai.

We implement industry-standard security measures including: • TLS encryption for all data in transit • AES-256 encryption for sensitive data at rest • Row-Level Security (RLS) policies in our database • Regular security audits and access controls

Privacy Officer AusTax AI Pty Ltd Email: info@austax.ai