🍁 CRACanada Tax Filing
FRSign in
Back to home

Privacy Policy

Last updated: 2026-03-04

1. Information We Collect

We collect only the information necessary to prepare and file your Canadian tax return. This includes:

  • Identity information (legal name, date of birth, last 4 digits of SIN)
  • Contact information (email address)
  • Tax return data (income, deductions, credits, filing mode)
  • Supporting documents you upload (tax slips, receipts)
  • Technical data (IP address, browser type — for security only)

2. How We Use Your Information

Your information is used exclusively to:

  • Prepare and calculate your tax return
  • Submit your return to the Canada Revenue Agency (CRA) on your behalf
  • Carry forward stable profile data to future tax years
  • Provide account security and audit logging
  • Respond to your support or data requests

3. Data Storage and Security

Your data is stored in encrypted PostgreSQL databases hosted in Canada. All data in transit is protected by HTTPS/TLS encryption. We implement rate limiting, CSRF protection, Content Security Policy headers, and audit logging for all sensitive operations. Authentication uses industry-standard OAuth 2.0 providers with optional two-factor authentication (TOTP).

4. Data Sharing

We do not sell, trade, or share your personal information with third parties except as required to file your tax return with the CRA, or as required by Canadian law. OAuth authentication providers (Google, Microsoft, Apple) receive only the minimum information needed for sign-in.

5. Your Rights Under PIPEDA

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal data
  • Export a copy of your data
  • Withdraw consent at any time

You can exercise these rights from your Account Settings page by submitting a data export or deletion request.

6. Data Retention

Tax return data is retained for a minimum of 6 years in accordance with CRA record-keeping requirements. You may request deletion of your account and data at any time; however, we may be required to retain certain records for legal compliance.

7. Cookies

We use only essential cookies required for authentication sessions and security (CSRF tokens). We do not use advertising or analytics cookies.

8. Contact

For privacy inquiries, please contact us through the account data request system or by email at the address listed in our security policy.