LightTaxes
Get Started

Privacy Policy

Last updated: March 31, 2026

1. Introduction

LightTaxes ("we," "our," or "us") provides practice management software for tax firms. This Privacy Policy describes how we collect, use, and protect information when you use our platform at lighttaxes.com and related services.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, firm name, and role. For client records, your firm stores client names, contact information, tax identifiers, and engagement details within the platform.

Email Data (Google and Microsoft Integration)

When you connect your Gmail or Outlook account, we access your email messages and attachments solely to display them within the LightTaxes communications hub and to enable you to save attachments to your document management system. We access:

  • Email message content, headers, and metadata
  • Email attachments (when you choose to save them)
  • Email labels and folder structure

We do not use email data for advertising, market research, or any purpose unrelated to providing the LightTaxes service. We do not sell, share, or transfer email data to third parties except as required to operate the service (e.g., cloud infrastructure providers bound by data processing agreements).

Documents

Files you upload or save from email attachments are stored securely in our document management system. Documents are encrypted at rest and in transit.

Usage Data

We collect anonymized usage analytics (page views, feature usage) to improve the product. We do not track individual user behavior for advertising purposes.

3. How We Use Information

  • Provide, maintain, and improve the LightTaxes platform
  • Display your email communications within the platform
  • Enable document storage and retrieval
  • Send transactional notifications (engagement updates, task reminders)
  • Provide AI-assisted features (thread summaries, message drafting) using your data only within the platform context
  • Respond to support requests

4. Google API Services User Data Policy

LightTaxes's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Gmail data to provide the email integration feature within LightTaxes
  • We do not use Gmail data for advertising or marketing purposes
  • We do not allow humans to read your email data except with your explicit consent for support purposes, or as required by law
  • We do not transfer Gmail data to third parties except as necessary to provide the service, comply with law, or as part of a merger/acquisition with equivalent privacy protections
  • AI features process email content only within the platform session and do not store AI-generated outputs as training data

5. Data Storage and Security

  • All data is stored in encrypted databases hosted on secure cloud infrastructure (AWS)
  • Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Authentication uses industry-standard JWT tokens stored in httpOnly cookies
  • Passwords are hashed using bcrypt
  • Sensitive credentials (IRS portal logins, state filing credentials) are encrypted using AES-256-GCM with firm-specific keys
  • Access is controlled through role-based permissions (owner, admin, staff roles with granular permissions)

6. Data Retention

We retain your data for as long as your account is active. Email data synced from Gmail or Outlook is cached to provide the communications feature and is refreshed periodically. When you disconnect an email integration, cached email data is deleted within 30 days. When you delete your account, all associated data is permanently deleted within 30 days.

7. Data Sharing

We do not sell your data. We share data only with:

  • Infrastructure providers (AWS, database hosting) bound by data processing agreements
  • AI service providers (for thread summaries and message drafting) with data processed in-session only, not retained for training
  • Law enforcement only when required by valid legal process

8. Your Rights

You can:

  • Access and export your data at any time
  • Disconnect email integrations (removes cached email data)
  • Delete your account and all associated data
  • Revoke Google or Microsoft OAuth access from your provider's security settings

9. Client Portal Users

If you access LightTaxes through a firm's client portal, your firm is the data controller. Your data (documents, messages, organizer responses) is managed by your firm. Contact your firm directly for data access or deletion requests.

10. Changes to This Policy

We may update this policy periodically. We will notify active users via email for material changes. Continued use of the platform after changes constitutes acceptance.

11. Contact

For privacy-related questions or data requests, contact us at admin@lighttaxes.com.