Privacy Policy

Last updated: 22 March 2026

1. Who we are

TaxLens (“we”, “us”, “our”) is an Australian-based software application that helps property investors track rental income, expenses, and tax deductions. TaxLens is operated from Sydney, Australia. We are committed to protecting your personal information and your right to privacy.

2. What data we collect

We collect the following types of information:

  • Account information: Name, email address, and password (hashed) when you create an account. If you sign in with Google, we receive your name, email, and profile photo from Google.
  • Property data: Property addresses, purchase details, loan information, rental amounts, and other financial data you enter into TaxLens.
  • Transaction data: Income and expense records, receipt images, and categorisation data you enter or import via CSV or bank feeds.
  • Usage data: Pages visited, features used, and basic device/browser information. We use privacy-friendly analytics (no cookies or cross-site tracking).
  • Payment data: Subscription billing is handled by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe is PCI-DSS Level 1 compliant.

3. How we use your data

  • To provide the TaxLens service — dashboards, reports, AI insights, and tax deduction analysis
  • To generate EOFY tax summary reports for you and your accountant
  • To send transactional emails (welcome, report ready, trial ending)
  • To process subscription payments via Stripe
  • To improve the product based on aggregated, anonymised usage patterns

4. Data sharing — we don't

We do NOT sell, rent, trade, or share your personal or financial data with any third parties for marketing or advertising purposes. Period.

The only parties that process your data are:

  • Supabase (database hosting) — your data is stored in Supabase's Sydney, Australia region (ap-southeast-2). Supabase is SOC2 Type II compliant.
  • Stripe (payment processing) — handles subscription billing only. PCI-DSS Level 1 compliant.
  • Resend (email delivery) — sends transactional emails on our behalf.
  • Anthropic (AI processing) — when you use AI features, your property and transaction data is sent to Anthropic's Claude API to generate insights. Anthropic does not use your data to train AI models. See Anthropic's privacy policy.

We will never share your data with the ATO, real estate agents, lenders, insurers, or any other financial institution unless required by law.

5. Data storage & security

  • All data is encrypted in transit using TLS 1.3 (256-bit SSL)
  • Database is encrypted at rest using AES-256
  • Data is stored in Australian data centres (Sydney region)
  • Receipt images and documents are stored in private, encrypted storage buckets
  • Passwords are hashed using bcrypt — we never store plain-text passwords
  • Row Level Security (RLS) ensures no user can access another user's data
  • No financial data is stored in browser local storage or cookies

6. AI & your data

TaxLens uses AI (powered by Anthropic's Claude) to provide tax insights, categorise transactions, scan receipts, and generate report summaries. When you use these features:

  • Your property and transaction data is sent to the AI for analysis
  • The AI processes your data in real-time and returns results immediately
  • Your data is NOT used to train AI models — Anthropic's API terms prohibit training on customer data
  • AI-generated insights are suggestions only and should be confirmed with a registered tax agent

7. GDPR compliance (EU residents)

If you are a resident of the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: You can request a copy of all personal data we hold about you
  • Right to rectification: You can request correction of inaccurate data
  • Right to erasure (“right to be forgotten”): You can request deletion of your data. We will delete all your data within 30 days
  • Right to data portability: You can export all your data in JSON format from Settings
  • Right to restrict processing: You can request that we stop processing your data
  • Right to object: You can object to processing of your data for specific purposes
  • Right to withdraw consent: You can withdraw consent at any time by deleting your account

To exercise any of these rights, email privacy@taxlens.com.au. We will respond within 30 days.

Legal basis for processing: We process your data based on (a) your consent when you create an account, (b) contractual necessity to provide the TaxLens service, and (c) our legitimate interest in improving the product.

8. Australian Privacy Act compliance

TaxLens complies with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs):

  • We only collect personal information that is reasonably necessary for our functions
  • We collect information directly from you (not from third parties without your knowledge)
  • Your data is stored within Australia (Sydney region)
  • We do not disclose personal information to overseas recipients without your consent, except as described in this policy (AI processing via Anthropic, US-based)
  • You can access and correct your personal information at any time via Settings
  • You can request deletion of all your data, which will be completed within 30 days

9. Data retention & deletion

  • Your data is retained for as long as your account is active
  • If you cancel your subscription, your data is retained for 90 days in case you resubscribe
  • If you delete your account, all personal data is permanently deleted within 30 days
  • You can export all your data (CSV or JSON) before deleting your account
  • Anonymised, aggregated data (e.g. “average user has 1.5 properties”) may be retained for product analytics

10. Cookies

TaxLens uses only essential cookies required for authentication (session cookies). We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not use Google Analytics.

11. Children's privacy

TaxLens is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

12. Changes to this policy

We may update this privacy policy from time to time. We will notify you of any material changes by email and update the “Last updated” date at the top of this page.

13. Contact us

If you have any questions about this privacy policy, your data, or wish to exercise your rights:

TL;DR:Your financial data is yours. We store it securely in Australia, encrypt everything, never sell or share it, and you can export or delete it anytime. AI features don't train on your data. We comply with GDPR and the Australian Privacy Act.