AuPairTax

Privacy Policy

Last updated: April 11, 2026

1. Data Controller

AuPairTax (“we”, “us”) is the data controller for personal data processed through this service. You can reach us at hello@aupairtax.app.

2. What We Collect and Why

We collect only the information necessary to generate your US tax forms. This includes:

  • Name, date of birth, address (US and home country)
  • Social Security Number (SSN) or ITIN
  • Passport number(s) and country of citizenship
  • Visa type and dates of US presence
  • Income and tax withholding details
  • Bank details (routing/account number) if you request direct deposit of a refund
  • Email address (if you create an account)

Legal basis (GDPR Art. 6): Processing is based on your consent, given when you provide your information through the chat. You may withdraw consent at any time by requesting deletion of your data.

3. How We Use Your Data

Your data is used solely to generate your tax forms and provide the service you requested. We do not use your data for marketing, profiling, automated decision-making, or any purpose other than tax form preparation.

4. Encryption and Security

All personal data containing sensitive information (SSN, passport numbers, income, bank details) is encrypted at rest using AES-256-GCM encryption. Your SSN is masked in the chat interface and never stored in plain text. All connections use HTTPS/TLS encryption in transit.

5. Data Sharing and Third Parties

We do not sell or share your personal data. The following third-party services process data on our behalf:

  • Anthropic (Claude AI):Conversation text is processed via Anthropic's API to guide you through filing. Anthropic does not use API inputs to train their models. See Anthropic's privacy policy.
  • Google (reCAPTCHA, OAuth):Used for bot protection and optional sign-in. Subject to Google's privacy policy.
  • Stripe: If you choose to donate, payment is processed by Stripe. We do not store your payment card details.

6. Cookies

We use the following cookies:

  • auth_token (essential): Keeps you logged in. This is a session cookie and is strictly necessary for the service to function. No consent required under GDPR.
  • Google reCAPTCHA (essential): Used for bot protection. Strictly necessary for security.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. Because we only use strictly necessary cookies, a cookie consent banner is not required under GDPR, but we disclose their use here for transparency.

7. International Data Transfers

Our servers are located in the United States. If you are located in the EU/EEA, your data is transferred to the US for processing. This transfer is necessary to perform the service you requested (GDPR Art. 49(1)(b)). Anthropic and Google also process data in the US under their respective data processing agreements.

8. Data Retention

Your data is retained as long as your account exists. Tax session data is kept to allow you to re-download your forms. You may request deletion at any time, and we will erase all your personal data within 30 days of your request.

9. Your Rights (GDPR)

If you are in the EU/EEA, you have the following rights under the General Data Protection Regulation:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure: Ask us to delete your data (“right to be forgotten”).
  • Restriction: Ask us to restrict processing of your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing of your data.
  • Withdraw consent: Withdraw your consent at any time.

To exercise any of these rights, email us at hello@aupairtax.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Children

AuPairTax is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy as needed. Material changes will be communicated via email to registered users. The “Last updated” date at the top reflects the most recent revision.