Privacy Policy

Effective 2026-05-08

Information we collect

We collect information you provide when you create a firm account (name, email, password hash, billing address) and when you add clients to the system (client name, email, tax-return data, supporting documents). We also collect operational telemetry — IP address, browser user-agent, and event metadata such as which pages you visit — to keep the service running and detect abuse.

Tax return data

Tax-return PDFs you upload are processed by our extraction pipeline to populate the Tax Profile. Uploaded files and extracted facts are stored encrypted at rest in Supabase. We do not sell, license, or share your clients' tax data with any third party. Anonymous, aggregated metrics (e.g. "average advisor analyzes 5 strategies per client") may be used internally for product improvement.

How we use information

We use the information you provide to: (1) deliver the service you signed up for, (2) communicate transactional messages (password resets, trial expiry, signed engagement letters, invoices), (3) provide support when you contact us, and (4) detect and prevent abuse. With your explicit opt-in we may also send product update emails; you can unsubscribe at any time from Settings → Notifications.

Subprocessors

We rely on a small number of subprocessors to deliver the service: Supabase (database + auth + file storage, US-based), Vercel (web hosting, US-based), Anthropic (AI extraction of tax returns; PDF content is sent only at the moment of extraction and is not used to train Anthropic's models), Stripe (billing), Resend (transactional email), Sentry (error reporting), and PostHog (product analytics). A current list with each subprocessor's data-processing agreement is available on request.

Data retention

Your firm and client data persists for the lifetime of your subscription. After cancellation we retain the data for 90 days to allow reactivation, after which it is deleted from primary storage. Backups containing deleted data may persist for up to 30 additional days before being overwritten. Audit-log entries are retained for the lifetime of the firm account regardless of cancellation, since they are required for tax-engagement record-keeping.

Your rights

You can export all data for any client at any time from the client's page (Export button). You can delete a client at any time, which removes all associated intakes, war-room selections, reports, and notes. To delete the entire firm and all associated data, email support@ghlplatforms.com from the firm-owner address; we will confirm and delete within 14 days. EU and UK residents have additional rights under GDPR (access, rectification, erasure, portability, objection); California residents have rights under CCPA. Email us to exercise either.

Cookies

We use first-party cookies for authentication (Supabase session) and to remember your accept/decline choice on the cookie banner. We do not use third-party advertising cookies. PostHog product-analytics cookies are set only after you accept analytics on the cookie banner.

Security

All traffic is served over HTTPS. Data at rest is encrypted by Supabase. Passwords are stored as bcrypt hashes by Supabase Auth — we never see your raw password. We use row-level security to isolate one firm's data from another's. We do not store credit card numbers; payment details are handled by Stripe.

Children

Tax Shield Pro is a B2B service intended for licensed financial advisors and CPAs. We do not knowingly collect data from anyone under 18.

Changes to this policy

We may revise this policy from time to time. The effective date at the top of the document marks the most recent revision. Material changes will be announced via email to firm owners.

Contact

Privacy questions or data-rights requests: support@ghlplatforms.com.