Last reviewed: 28 Apr 2026 · 2 min read

Security & Privacy at TaxBoy

TaxBoy is built around data minimisation: we only process receipts you forward or upload. Your bank, full inbox, and unrelated financial life stay outside the product.

What we store

We store your TaxBoy inbox address, whitelisted senders, receipt emails you forward, extracted deduction entries, linked receipt evidence, and basic product analytics.

Who can see it

Access is limited to the authenticated account owner and a small operational admin surface used to debug email processing. Founder/admin access is for support and abuse prevention, not browsing.

How it is encrypted

Data is encrypted in transit with HTTPS and stored with managed infrastructure encryption at rest. We use Clerk for authentication, Resend for email, OpenAI/Google model providers for extraction, and managed database/storage infrastructure.

Where it lives

TaxBoy is built and operated from Melbourne, Australia. Production infrastructure is configured through managed cloud providers; we will only claim Australia-only data residency once every processor is contractually locked to AU regions.

How to delete everything

You can request account deletion from inside the app. TaxBoy removes account data from active systems and deletes backup copies according to provider retention windows. Email security disclosures to security@taxboy.com.au.

What we do not do

We do not connect to your bank

We do not read your inbox

We do not sell your data

We do not run ads against your data

Company

TaxBoy is built by Figment Labs Pty Ltd in Melbourne. Contact: security@taxboy.com.au.