Your financial data is private. This policy explains exactly what we collect, how we use it, and what we will never do with it.
Account information: When you create an account, we collect your name, email address, and a hashed (bcrypt) password. We never store passwords in plaintext.
Tax inputs: The income figures, deductions, and other financial data you enter into PlanMyTax are stored encrypted using AES-256. The encryption key is separate from the data. This means the stored data is unreadable — by us, by our infrastructure providers, and by anyone who might gain unauthorised access to the database.
Usage analytics: We collect anonymous analytics — page views, country of origin (derived from IP address, which is not stored), device type, and traffic source (e.g. Google, direct). We use this to understand how people find and use PlanMyTax. Individual IP addresses are never stored.
Session data: Standard session tokens (JWT, stored in your browser's localStorage) to keep you logged in.
Account information is used only to authenticate you and send OTP verification emails when you sign up or log in.
Tax data is used only to compute your tax results and display your filing history. It is not used for any other purpose.
Analytics are used in aggregate to understand which countries and features are most used, so we can prioritise product improvements. Analytics data is never tied to individual user accounts.
We do not sell, rent, or share your personal or financial data with any third party for commercial purposes, ever.
We use the following third-party infrastructure services, which process data solely to operate the product:
These providers operate under their own privacy policies and are contractually bound to protect data. No financial tax data is shared with them in readable form — only encrypted ciphertext is stored in the database.
Your tax calculation history is retained as long as your account exists. You can delete any individual filing from your dashboard at any time. You can request deletion of your entire account and all associated data by emailing hello@planmytax.org.
All financial data is encrypted with AES-256 (Fernet symmetric encryption). Data is transmitted over HTTPS (TLS 1.2+). Passwords are hashed using bcrypt with a per-user salt. We do not log or store plaintext tax inputs anywhere in our system.
You have the right to: access your stored data, correct inaccuracies, delete your data, and withdraw consent. To exercise these rights, email hello@planmytax.org from the address associated with your account.
PlanMyTax does not use advertising cookies. We use only functional browser storage (localStorage and sessionStorage) to maintain your login session and remember your in-progress tax calculation. This is not a "cookie" in the tracking sense and does not require consent under most jurisdictions.
PlanMyTax is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors.
We will update this page if our data practices change and display the "last updated" date at the top. Material changes will be communicated by email to registered users.
Questions about this policy: hello@planmytax.org