Privacy Policy

Tax Residency (“we”, “our”, or “us”) operates the Tax Residency web application (the “Service”). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

By creating an account and using Tax Residency, you agree to the collection and use of information as described in this policy. We are committed to being transparent and giving you control over your data.

2.1 Account Information

When you create an account, we collect:

• Email address (required for authentication)
• Full name (optional, used for display purposes)
• Password (stored as a secure hash — we never store plain-text passwords)

2.2 Travel Data

To provide the Service, we store the travel data you voluntarily enter:

• Country visited (country code and name)
• Entry and exit dates
• Optional notes you attach to trips

This data is associated with your user account and used exclusively to compute your travel day totals, tax residency thresholds, and Schengen day tracking.

2.3 Technical Data

We may collect standard server-side logs including IP addresses, browser type, and pages visited for security and performance monitoring purposes. This data is not linked to your account for advertising or tracking purposes.

2.4 AI Chat Data

When you use the AI Tax Assistant feature, your messages are transmitted to our AI processing service (n8n) to generate responses. Chat history is stored locally in your browser (localStorage) and is not stored on our servers beyond the active session.

We use your information solely to provide and improve the Service:

• To authenticate you and maintain your account
• To calculate and display your travel day counts, tax residency thresholds, and Schengen tracking
• To generate PDF reports and CSV exports on your request
• To send you alerts when approaching tax residency thresholds (if enabled)
• To respond to your support requests
• To process subscription payments via our payment provider

We do not sell, rent, or share your personal data or travel history with any third party for advertising, marketing, or profiling purposes. Ever.

Your data is stored securely using Supabase, a managed database platform. We employ the following security measures:

• Row-Level Security (RLS): Database policies ensure that each user can only read and write their own data. Even if a bug existed in our application layer, the database enforces strict per-user access control.
• Encryption at rest: All data stored in our database is encrypted at rest.
• Encryption in transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption.
• Secure authentication: Passwords are hashed using bcrypt. We support secure session tokens with expiry.

We retain your account and travel data for as long as your account is active. If you delete your account, all associated data (profile, trips, settings) is permanently deleted within 30 days.

You can export all your data at any time via Settings → Export all data (CSV) before deleting your account.

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: Request a copy of all personal data we hold about you.
• Right to rectification: Correct inaccurate or incomplete data.
• Right to erasure: Request deletion of your account and all associated data.
• Right to data portability: Export your data in a machine-readable format (CSV available in Settings).
• Right to object: Object to processing of your personal data.
• Right to restrict processing: Request that we limit how we use your data.

To exercise any of these rights, contact us at the address below.

Tax Residency uses minimal cookies strictly necessary for the Service to function:

• Authentication cookies: Session tokens to keep you logged in. These are essential and cannot be disabled.

We do not use advertising cookies, tracking pixels, or any third-party analytics tools that profile your behaviour across the web.

We use a limited number of third-party services to operate Tax Residency:

• Supabase: Database, authentication, and file storage. Data is stored in EU-region servers.
• Vercel: Hosting and deployment infrastructure.
• Stripe: Payment processing for Pro subscriptions. We do not store your card details — Stripe handles all payment data under their own PCI-DSS compliance.

Each of these providers has their own privacy policies and data processing agreements in place.

Tax Residency is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or want to exercise your data rights, please contact us at: