Privacy Policy

At Automate with Cass ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tax document automation platform (the "Service").

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, firm name, phone number, billing address
• Payment Information: Credit card details (processed securely through Stripe; we do not store full card numbers)
• Tax Documents: Documents uploaded by you or your clients (W-2s, 1099s, receipts, etc.)
• Client Data: Names and contact information of clients you add to the platform
• Communications: Messages, emails, or support requests you send us

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, click patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: We use cookies, pixels, and similar technologies (see Section 6)
• Log Data: Server logs, error reports, performance metrics

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your transactions and manage your subscription
• Send you automated reminders and notifications you've requested
• Classify and organize tax documents using AI
• Sync data to Google Sheets (if you enable this feature)
• Respond to your support requests and communicate with you
• Send you marketing emails (you can opt out anytime)
• Detect, prevent, and address fraud, security issues, or technical problems
• Analyze usage patterns to improve our Service
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

3.1 Service Providers

• Stripe: Payment processing (PCI DSS compliant)
• Google: For Google Sheets integration and Cloud services
• OpenAI: For AI-powered document classification (documents are encrypted)
• Email Service: To send transactional and marketing emails
• Analytics Providers: Google Analytics, Facebook Pixel for usage analytics

3.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4. Data Security

We implement industry-standard security measures to protect your information:

• 256-bit SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Secure, password-protected databases
• Regular security audits and penetration testing
• Access controls and authentication requirements
• SOC 2 Type II compliance (in progress)

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Account Data: Retained while your account is active, plus 7 years for tax compliance
• Tax Documents: Retained according to IRS guidelines (typically 7 years)
• Payment Records: Retained for 7 years for financial reporting
• Marketing Data: Retained until you unsubscribe, then deleted within 30 days

You can request deletion of your data by contacting us (see Section 10).

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Remember your preferences and settings
• Analyze usage patterns and improve the Service
• Measure the effectiveness of our marketing campaigns
• Provide targeted advertising (you can opt out)

You can control cookies through your browser settings. Disabling cookies may limit some features of the Service.

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your account information anytime through your dashboard.

7.2 Data Portability

You can export your data (documents, client lists, etc.) from your dashboard.

7.3 Deletion

You can request deletion of your account and data by emailing us. We will delete your data within 30 days, except where we must retain it for legal compliance.

7.4 Marketing Opt-Out

You can unsubscribe from marketing emails by clicking "Unsubscribe" in any email or updating your preferences in your account settings.

7.5 Do Not Track

We honor Do Not Track (DNT) browser signals and will not track users who have DNT enabled.

8. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

9. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. By using the Service, you consent to such transfers. We ensure adequate safeguards are in place for international transfers.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how we use it
• Request deletion of your personal information
• Opt out of the sale of your personal information (we do not sell your information)
• Not be discriminated against for exercising these rights

To exercise these rights, email us at automatewithcass@gmail.com.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under GDPR including:

• Right to access your personal data
• Right to rectification (correction)
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

To exercise these rights, contact us using the details in Section 14.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

Your continued use of the Service after changes constitutes acceptance of the updated policy.