Privacy Policy

1. Scope of This Policy

This Privacy Policy applies to information we collect through:

• Our website at myequitytax.com
• Our web application and calculation services
• Email and other communications with you

Geographic Scope: This Service is available only to residents of the United States. We do not knowingly collect information from users outside the US.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you create an account:

• Email Address: For account identification and communication
• Name: Optional, for personalization
• Password: Encrypted and hashed using bcrypt (we cannot view your plain-text password)

2.2 Financial Information

When you use our tax calculation service, we collect:

• Income Data: W-2 income, other income sources
• Stock Option Details: ISO grant strike prices, fair market values, vested quantities
• Tax Information: Filing status (Single, Married, etc.), state of residence

Note: This financial information is used solely to perform tax calculations and is NOT shared with the IRS or any tax authority.

2.3 Payment Information

Payment processing is handled by Stripe. We do NOT store your credit card information on our servers. Stripe collects:

• Credit/debit card information
• Billing address
• Transaction history

See Stripe's Privacy Policy for details on how they handle payment data.

2.4 Technical and Analytics Information

We automatically collect certain technical and usage information:

• IP Address: For security and fraud prevention
• Browser Type and Version: To ensure compatibility
• Device Information: Operating system, screen resolution
• Session Cookies: To keep you logged in (required for the Service to function)
• Analytics Data: Page views, feature usage, session recordings (with text masking), and performance metrics — collected by our analytics providers (see Section 8)
• Conversion Data: When you sign up or make a purchase, we share a hashed (non-reversible) version of your email address with advertising platforms to measure campaign effectiveness. We never share income, tax amounts, or financial details.

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Calculate AMT, generate tax scenarios, create reports
• Process Payments: Via Stripe for subscription billing
• Communicate with You: Send receipts, account updates, support responses
• Improve the Service: Analyze usage patterns, fix bugs, add features
• Security: Detect fraud, prevent abuse, protect user data
• Legal Compliance: Comply with applicable laws and regulations

5. How We Share Your Information

We share your information only in the following limited circumstances:

5.1 Service Providers

• Stripe - Payment processing (Privacy Policy)
• Vercel - Web hosting, infrastructure, and web analytics (Privacy Policy)
• PostHog - Product analytics (Privacy Policy)
• Microsoft Clarity - Session recordings and heatmaps (text masking enabled) (Privacy Policy)
• Google Analytics / Google Ads - Web analytics and conversion measurement (Privacy Policy)
• Meta (Facebook) - Conversion measurement via Meta Pixel and Conversions API (Privacy Policy)
• LinkedIn - Conversion measurement via Insight Tag (Privacy Policy)
• X (Twitter) - Conversion measurement via X Pixel (Privacy Policy)
• Sentry - Error monitoring and performance tracking (Privacy Policy)

5.2 Legal Requirements

We may disclose your information if required by law, including:

• Court orders or subpoenas
• Government investigations
• To protect our legal rights or the safety of others

5.3 Business Transfers

If we are acquired by or merged with another company, your information may be transferred to the new owners. We will notify you via email before any such transfer.

7. Data Security

We implement industry-standard security measures to protect your data:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted
• Password Hashing: Passwords are hashed using bcrypt (we cannot see your plain-text password)
• Database Encryption: Data at rest is encrypted on our hosting platform
• Access Controls: Only authorized personnel can access user data
• Regular Security Audits: We review our security practices regularly

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Cookies, Analytics, and Tracking

8.1 Essential Cookies

We use essential cookies to keep you logged in to your account. These cookies are required for the Service to function and cannot be disabled.

8.2 Analytics

We use the following analytics services to understand how users interact with our Service, improve the user experience, and fix bugs:

• PostHog: Product analytics (feature usage, user flows)
• Microsoft Clarity: Session recordings and heatmaps (all text is masked — financial data is never captured)
• Google Analytics 4: Web traffic analytics (page views, session duration)
• Vercel Analytics: Web performance monitoring

8.3 Advertising and Conversion Tracking

We use conversion tracking pixels to measure the effectiveness of our advertising campaigns. These tools track specific actions (sign-up, purchase) — they never receive your income, tax amounts, or financial calculation data.

• Google Ads: Conversion measurement for search advertising
• Meta Pixel and Conversions API: Conversion measurement for Facebook/Instagram advertising
• LinkedIn Insight Tag: Conversion measurement for LinkedIn advertising
• X (Twitter) Pixel: Conversion measurement for X advertising

For conversion tracking, we share only: (1) the event type (e.g., "sign_up" or "purchase"), (2) subscription price for purchase events, and (3) a SHA-256 hashed version of your email address (which cannot be reversed to reveal your actual email). We never share financial inputs or calculation results with advertising platforms.

8.4 Error Monitoring

We use Sentry to detect and fix errors in real-time. When an error occurs, Sentry may capture a masked session replay (all text is hidden) to help us reproduce and fix the issue. Financial data is never included in error reports.

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect.

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. We currently do not respond to DNT signals because there is no industry standard for how to interpret them. However, you can use browser extensions (such as ad blockers) to prevent analytics and advertising scripts from loading. Our Service functions normally without any analytics scripts.