Privacy Policy

Effective Date: January 6, 2026

1. Introduction

Your privacy is critical to OPTAXEL, LLC ("we", "us", or "our"). This Privacy Policy explains how we collect, use, disclosure, and safeguard your information when you use the OPTAX platform.

We are committed to protecting the financial and personal data of Canadian businesses and their owners.

2. Information We Collect

We collect information necessary to prepare tax returns and provide financial insights:

  • Account Data: Name, email address, password, and phone number.
  • Business Data: Corporation name, Business Number (BN), address, and incorporation details.
  • Financial Data: Transaction history, bank statements, expenses, and revenue records.
  • Usage Data: Log data, device information, and interaction with our AI assistant.

3. How We Use Your Data

  • To format and prepare T2 Corporate Income Tax Returns.
  • To calculate GST/HST obligations.
  • To categorize transactions using AI algorithms.
  • To communicate with you regarding filing deadlines and account updates.
  • To improve our AI models (using anonymized, aggregated data only).

4. Third-Party Integrations

We use trusted third-party providers to enhance our service.

Plaid (Banking Connections)

We use Plaid Inc. ("Plaid") to connect your bank accounts. By using this integration, you grant Plaid and us the right, power, and authority to act on your behalf to access and transmit your personal and financial information. Please review Plaid's Privacy Policy.

AI Service Providers (OpenAI, Google)

We use large language models provided by OpenAI, Google (Gemini), and other partners to process documents and power our chatbot. Note: We have configured our agreements to ensure your data is NOT used to train their public models.

Stripe (Payment Processing)

We use Stripe, Inc. ("Stripe") to process subscription payments and manage billing. When you make a payment, your payment card information is transmitted directly to Stripe and is never stored on our servers. Stripe may collect and use your payment data in accordance with their privacy policy. Please review Stripe's Privacy Policy.

Google (Analytics & Hosting)

We use Google Cloud Platform for hosting and may use Google Analytics to understand how users interact with our service. Analytics data is aggregated and does not identify individual users.

5. Data Storage & Security

Data Residency: We prioritize storing Canadian tax data within trusted cloud infrastructure regions (e.g., GCP North America).

Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Bank credentials are never stored on our servers; they are handled securely by Plaid.

6. Data Retention

Our data retention policy varies by subscription tier to balance storage costs with Canada Revenue Agency (CRA) record-keeping requirements:

  • Paid Subscribers (Lite, Professional): We retain your tax data for a minimum of seven (7) years to comply with CRA record-keeping requirements.
  • Free Tier: Uploaded documents are retained for ninety (90) days. After 90 days, uploaded documents are automatically deleted. You can upgrade to a paid plan at any time for permanent storage.

Regardless of your subscription tier, you may request deletion of your account and associated data at any time, subject to legal retention obligations. Where legal requirements mandate retention (e.g., CRA audit periods), we will retain the minimum data necessary to comply.

7. PIPEDA Compliance

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

In accordance with PIPEDA's 10 Fair Information Principles, we:

  • Accountability: Our Privacy Officer is responsible for compliance.
  • Identifying Purposes: We collect data only for tax preparation and financial insights.
  • Consent: We obtain meaningful consent before collecting personal information.
  • Limiting Collection: We collect only information necessary for our services.
  • Limiting Use, Disclosure, and Retention: Your data is used only for stated purposes.
  • Accuracy: You can update your information at any time in your account settings.
  • Safeguards: We use industry-standard encryption (AES-256, TLS 1.3).
  • Openness: This policy explains all our data practices.
  • Individual Access: You can export all your data via Settings → Export Data.
  • Challenging Compliance: Contact our Privacy Officer with any concerns.

8. Your Rights

Under PIPEDA, you have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Update or correct inaccurate information.
  • Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
  • Portability: Export your data in machine-readable format (JSON).
  • Withdraw Consent: Revoke consent for data processing at any time.

To exercise these rights, visit your Account Settings or contact privacy@optax.ai.

9. Contact Us

If you have questions about this Privacy Policy, please contact our Privacy Officer:

OPTAXEL, LLC
Email: privacy@optax.ai
Address: 131 Continental Dr, Suite 305, Newark, Delaware 19713