TBTaxBoy
Privacy PolicyTerms of Service

Privacy Policy

Effective date: 23/02/2026
Last updated: 23/02/2026
Service: TaxBoy (“TaxBoy”, “we”, “us”, “our”)
Website/App: https://taxboy.com.au
Contact: privacy@taxboy.com.au
Legal entity: Figment Labs (ABN 62687420720)

TaxBoy is a privacy-first deductions inbox that helps you collect, store, and organise tax-related documents (such as receipts, invoices, bills, donations, memberships, and course receipts) and generate summaries and exports to support tax-time preparation.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use TaxBoy.

1) Scope

This policy applies to:

  • our website and application
  • communications with users (support, onboarding, product emails)
  • features that ingest documents via upload and/or email forwarding

2) Key privacy principles (our approach)

TaxBoy is designed to be privacy-first:

  • No bank syncing required. You can use TaxBoy without linking bank accounts.
  • No full inbox access required. If you use email forwarding, you choose what to forward and which senders are permitted.
  • Data minimisation. We only collect what we need to operate and improve the service.

3) What information we collect

3.1 Information you provide directly

We may collect:

  • Account information: name, email address, authentication identifiers, and basic profile info you provide.
  • Trusted sender emails (whitelist): email addresses you approve for forwarding receipts into your TaxBoy inbox.
  • User-entered content: categories, work-use percentages, notes, tags, and preferences.
  • Support messages: content you send to support, plus any attachments.

3.2 Documents and content you upload or forward

We may store:

  • Documents: receipts, invoices, bills, donation receipts, and other files you upload or forward.
  • Email metadata (if using forwarding): sender address, message subject, timestamps, attachment names, and message IDs.

Your documents may include personal information (e.g., your name/address, merchant details, purchase details).

3.3 Derived information we generate (“analysis”)

We may generate from your documents:

  • Extracted fields: merchant, date, amounts, line items, GST indicators, etc.
  • Classification suggestions: “donation”, “subscription”, “work equipment”, “bill”, etc.
  • Confidence scores / needs-review flags
  • Summaries and exports you request
  • Calculations based on your inputs (e.g., work-use %, categorisation)

3.4 Usage, device, and log data

We may collect:

  • device/browser type, IP address, approximate location (derived from IP), and diagnostic logs
  • pages viewed, features used, actions taken, and timestamps

3.5 Cookies and similar technologies

We may use cookies/local storage for:

  • authentication and session management
  • preferences
  • security
  • analytics (see Section 9)

4) How we collect information

We collect information when you:

  • create an account and sign in
  • upload documents or forward emails to your TaxBoy address
  • add trusted senders
  • categorise items, add notes, or set preferences
  • contact support or interact with our website/app

5) How we use information

We use personal information to:

5.1 Provide and operate TaxBoy

  • create and manage your account
  • receive, store, and display documents you upload/forward
  • organise and present items in inbox/ledger views
  • generate summaries and exports you request

5.2 Provide automated analysis (including AI)

  • extract and interpret content from documents
  • suggest categories and metadata
  • generate drafts of summaries or notes

5.3 Improve and maintain the service

  • debug issues, monitor performance, and maintain reliability
  • develop and refine heuristics, UX, and automation
  • test improvements (including A/B tests) to onboarding and messaging

5.4 Security and fraud prevention

  • enforce trusted sender restrictions
  • detect abuse and protect service integrity
  • audit and monitor administrative access

5.5 Communications

  • send essential service emails (verification, security alerts, system notices)
  • send product education / lifecycle emails to help you use TaxBoy (you can opt out of non-essential messages)

5.6 Legal and compliance

  • comply with laws, regulations, and lawful requests
  • protect our rights and the rights of users

6) AI and automated processing

TaxBoy uses automated processing and may use AI models to analyse documents and assist categorisation and summarisation.

6.1 AI providers and data sent for processing

To perform analysis, we may send to AI providers:

  • the document content, and/or
  • a secure URL to the document, and/or
  • relevant extracted text/metadata

We currently use:

  • OpenAI (for certain analyses and text generation)
  • Google Gemini (for certain analyses and text generation)

We may also use additional AI providers in the future to improve extraction, classification, and summarisation.

6.2 Model training and reuse

  • Our intent is to use your content to provide the service to you, not to publicly train models.
  • Providers may have their own policies. We aim to configure and contract with providers to limit use of your data (for example, using settings or terms that reduce retention/training where available).

If we ever introduce a feature that uses customer content beyond providing the service (e.g., training our own models on user content), we will:

  • clearly disclose it, and
  • provide appropriate user controls (opt-in/opt-out), where feasible and legally required.

6.3 Important limitations

AI output may be inaccurate or incomplete. You are responsible for reviewing and confirming information before using it for tax purposes.

7) Email forwarding and trusted senders

If you use a TaxBoy forwarding address:

  • TaxBoy receives only the emails/attachments sent to that address (e.g., receipts you forward).
  • We may restrict ingestion to trusted sender emails that you approve.
  • Items from untrusted senders may be held for review, rejected, or quarantined depending on implementation.

This is intended to reduce spam and prevent unwanted documents entering your TaxBoy inbox.

8) Communications and marketing preferences

We may send:

  • Essential communications: account verification, security alerts, critical service updates
  • Product education / lifecycle emails: tips and reminders to help you build a habit
  • Marketing messages: new features or offers (optional)

You can opt out of non-essential emails using:

  • unsubscribe links in emails, and/or
  • account settings

9) Analytics, monitoring, and error reporting

We may use analytics and monitoring tools to understand product usage and improve reliability. We aim to minimise sensitive content in analytics systems.

Tools we use may include:

  • Sentry (error monitoring and performance diagnostics)
  • Amplitude (product analytics)

We may also use other analytics tools. Where possible, we prefer event-level data and avoid sending document contents.

10) How we share information (disclosures)

We do not sell your personal information.

We may disclose personal information to:

10.1 Service providers (processors)

We use trusted third parties to operate the service, such as:

  • Authentication: Clerk
  • Hosting & infrastructure: Vercel
  • Email delivery: Resend
  • Workflow orchestration: Inngest
  • Monitoring: Sentry
  • AI processing: OpenAI, Google Gemini, and other AI providers (now or in the future)
  • Storage and related infrastructure providers as required to store your documents and run the application

These providers may process personal information on our behalf under contractual terms intended to protect confidentiality and security.

10.2 Legal, compliance, and safety

We may disclose information if required by law, court order, or regulatory request, or to protect the rights, property, or safety of TaxBoy, our users, or others.

10.3 Business transfers

If we undergo a merger, acquisition, restructuring, or asset sale, personal information may be transferred as part of that transaction (subject to appropriate safeguards).

11) Overseas processing

Some of our service providers (including AI providers and infrastructure providers) may process data outside Australia.

Where personal information is processed overseas, we take reasonable steps to ensure it is handled in a manner consistent with this policy and with appropriate safeguards.

12) Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Our security measures may include:

  • encryption in transit (TLS) and, where supported by providers, encryption at rest
  • access controls and least-privilege permissions
  • audit logs for administrative access
  • environment separation and secrets management
  • monitoring, alerting, and incident response processes

No system is perfectly secure. You should also protect your account credentials and notify us if you suspect unauthorised access.

13) Data retention and deletion

We keep personal information only as long as needed to:

  • provide the service
  • meet legal/compliance obligations
  • resolve disputes and enforce agreements
  • maintain security logs and prevent abuse (where reasonable)

You may be able to delete:

  • individual documents/items
  • your account (which triggers deletion/de-identification workflows, subject to legal retention obligations)

Some residual copies (e.g., backups, logs) may persist for a limited time.

14) Your rights (access and correction)

You can request access to, or correction of, personal information we hold about you by contacting us at privacy@taxboy.com.au.

We may need to verify your identity before fulfilling requests.

15) Notifiable data breaches

If a data breach occurs that is likely to result in serious harm, we will take steps to comply with applicable breach notification requirements, including notifying affected users and regulators where required.

16) Children

TaxBoy is not intended for children under 18. If you believe a child has provided personal information, contact us and we will take steps to delete it where appropriate.

17) Changes to this Privacy Policy

We may update this policy from time to time. We will post the updated version and change the “Last updated” date. If changes are material, we may also notify you via email or in-app notice.

18) Contact us

If you have questions, requests, or complaints:

Email: privacy@taxboy.com.au

Tax and advice disclaimer

TaxBoy provides tools for organising documents and generating summaries. TaxBoy is not a registered tax agent and does not provide tax agent services. You should review all information and consult a registered tax agent if needed.