Privacy Policy

Last updated: 2026-06-02. This Privacy Policy describes how TaxQL collects, uses, and protects information about you. If you have questions, contact privacy@taxql.com.

1. What This Privacy Policy Covers

This Privacy Policy applies to information collected through taxql.com, api.taxql.com, app.taxql.com, docs.taxql.com, and related properties operated by TaxQL, Inc. ("TaxQL," "we," "us," "our"). It does not cover information collected by third parties we link to or that you interact with separately from our Service.

Our Service is intended for business use. We collect minimum information needed to provide and improve the Service.

2. Information We Collect

Account information

When you register for an Account, we collect:

• Email address (required for login and notifications)
• Business name (optional but recommended for B2B customers)
• Your name (for support communications)
• Country (for regulatory and analytics purposes)

Billing information

Subscription billing is processed by Paddle.com, Inc. as our merchant of record. We do not store, process, or have direct access to your payment method. Paddle collects and stores billing information under its own privacy policy (paddle.com/legal/privacy). We receive only summary transaction data — Subscription tier, billing period, currency, amount, and success/failure status — needed to keep your Account active.

This is intentional. Outsourcing payment processing to a merchant of record means TaxQL is never PCI scope and your payment method is never in our database.

API usage data

When you use the API, we collect:

• API key used (to attribute usage to your Account)
• Endpoint requested, parameters, and response shape
• Timestamp, response time, and status code
• IP address of the request (for security and rate-limit enforcement)
• User-Agent header (for SDK identification and debugging)

We use API usage data for billing, monitoring, security, and product improvement.

API input data

You submit addresses, ZIP codes, coordinates, and other location identifiers to the API in order to perform tax lookups. We receive this data to serve your request. We treat it as Confidential Information per our Terms.

Address inputs are typically business locations or ship-to addresses for tax compliance purposes, not personal information about identifiable individuals. However, if you choose to submit personal addresses in your API calls (e.g., end-customer billing addresses), we receive and process them under the same protections described in this Policy.

Support communications

When you contact support, we collect your email, the contents of your message, and any attachments you provide. We use this only to respond and resolve your issue.

Website analytics

At the time of this Policy, we do not deploy third-party analytics or tracking pixels on taxql.com. If we add analytics in the future, we will update this Policy and use privacy-respecting tools (e.g., Plausible or Fathom) that do not use cookies for identification or share data with advertising networks.

3. How We Use Information

We use the information described above to:

• Provide, operate, and maintain the Service
• Process API requests and return Output Data
• Bill your Subscription via Paddle
• Send transactional emails (login confirmations, billing receipts, account notifications, security alerts)
• Send occasional product updates and important Service changes (you can opt out of non-essential communications at any time)
• Detect, investigate, and prevent fraud, security incidents, and abuse
• Enforce our Terms and applicable laws
• Improve the Service through aggregated, anonymized usage analysis
• Respond to support inquiries and provide customer service

4. Information We Don't Collect

We do not:

• Track you across other websites you visit (no third-party tracking pixels, fingerprinting, or cross-site tracking)
• Sell, rent, or trade your personal information to third parties
• Use customer API inputs for purposes other than serving requests and aggregate analytics
• Build advertising profiles about you or your end customers
• Train machine learning models on your API inputs without your explicit consent
• Read, store, or process your payment method directly (handled by Paddle as merchant of record)

5. How We Share Information

We share information only with:

• Service providers who help us operate the Service under contractual confidentiality obligations. Current primary subprocessors:
  • Paddle.com, Inc. (billing, merchant of record)
  • Cloud infrastructure provider (compute, database, network — currently AWS / Hetzner)
  • Email service provider (transactional email)
  A current list of subprocessors is available at /privacy/subprocessors (page is created upon first customer request and maintained thereafter).
• Legal authorities when required by valid legal process (subpoena, court order, regulatory inquiry) and only to the extent legally required. We notify you of such requests unless legally prohibited.
• Business transferees in connection with a merger, acquisition, financing, reorganization, or sale of all or substantially all of our assets. Successor entities are bound by the same privacy commitments described here unless you receive notice and consent to a new policy.
• With your consent for any other purpose disclosed at the time of collection.

6. Data Retention

We retain information for the periods below, unless a longer period is required by law or necessary to resolve a dispute or enforce our Terms:

• Account data: for the duration of your Account, plus 12 months after termination, to facilitate reactivation and address billing disputes
• API usage logs: 30 days rolling, for security and debugging purposes
• Billing records: 7 years, as required by U.S. tax recordkeeping requirements (Paddle retains its own billing records per its policy)
• Aggregate, anonymized analytics: indefinitely
• Support communications: 24 months, to provide context for follow-up issues

Upon Account termination, you may request earlier deletion of Account data by emailing privacy@taxql.com. We will delete identifying Account data within 30 days, subject to retention requirements for billing records and legal compliance.

7. Your Rights

You have the following rights regarding information we hold about you:

• Access: Request a copy of personal information we hold about you
• Correction: Ask us to correct inaccurate or incomplete information
• Deletion: Ask us to delete your personal information, subject to legal retention requirements
• Portability: Receive a structured, machine-readable copy of information you provided to us
• Restriction: Ask us to restrict processing of your information in certain circumstances
• Objection: Object to specific uses of your information, including direct marketing (you may opt out at any time)
• Withdraw consent: Where we rely on consent, you may withdraw it at any time

To exercise these rights, email privacy@taxql.com with your Account email and a description of your request. We respond within 30 days. If you reside in a jurisdiction with specific privacy rights (e.g., California, EU/EEA, UK), those rights apply to you regardless of our presence in your jurisdiction.

If you believe we have not adequately addressed your privacy concern, you may contact your local data protection authority.

8. Cookies and Tracking

The taxql.com website uses only essential cookies required for basic functionality (e.g., session management for the customer portal at app.taxql.com). We do not use third-party tracking cookies, advertising cookies, or analytics cookies that share data with external networks.

If we add analytics or other non-essential cookies in the future, we will update this Policy and provide an opt-in mechanism where required by applicable law.

9. Security

We use industry-standard security measures to protect your information:

• All connections to the Service use TLS 1.2 or higher
• API keys are stored as hashed values; we do not retain plaintext keys after issuance
• Data at rest is encrypted using provider-managed encryption (AES-256)
• Access to production systems is restricted to authorized personnel under least-privilege principles
• We conduct regular security reviews and respond to disclosed vulnerabilities promptly

No security measure is perfect. If you become aware of a security incident affecting your Account, notify us immediately at security@taxql.com.

10. International Transfers

TaxQL is headquartered in the United States, and our service providers may process data in the United States and other jurisdictions. If you use the Service from outside the United States, your information will be transferred to and processed in the United States. Where required by law, we rely on Standard Contractual Clauses, adequacy decisions, or other legally recognized transfer mechanisms.

11. Children

The Service is intended for business use by adults. We do not knowingly collect information from children under 16. If we learn that we have collected information from a child under 16 without parental consent, we will delete it. If you believe a child has provided us information, contact privacy@taxql.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to active customers by email at least 30 days before they take effect, and the updated Policy will be posted with a new "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated Policy.

13. Contact

Questions about this Privacy Policy: privacy@taxql.com
Privacy-related requests: privacy@taxql.com
General contact: /contact
Mailing address:
TaxQL, Inc.
1209 Orange Street
Wilmington, DE 19801
United States