Privacy Policy

1. Who We Are

RESO.tax is operated by Verified, Inc., a California corporation based in Burbank, California. We build tools for tax resolution professionals and individuals to analyze IRS transcript data and generate resolution strategy reports.

This Privacy Policy explains what information we collect, how we use it, and what rights you have with respect to your data. If you have questions, contact us at support@reso.tax.

2. Information We Collect

We collect the following categories of information:

Account information: Name, email address, firm name, phone number, and password (hashed and never stored in plaintext).

IRS transcript data: Tax transcript files you upload to generate reports. This may include tax return data, account transcript data, wage and income transcript data, and civil penalty transcript data.

Financial profile data: Income, expense, and asset information you enter during the intake process to support resolution analysis. Sensitive identifiers (Social Security Numbers, Employer Identification Numbers, bank account numbers) are collected as last-4 digits only wherever technically feasible.

Payment information: Billing details processed through our third-party payment processor. We do not store full credit card numbers.

Usage data: Pages visited, features used, and actions taken within the platform, collected to improve the Service.

Browser extension (RESO.tax Case Bridge): If you install our optional Chrome extension, it may read case reference numbers, client names, and page URLs visible on your firm’s supported case workspace sites, and send them to RESO.tax over encrypted connections to link cases, show history, and open or create RESO cases. The extension stores a firm-issued sign-in token locally in your browser. It does not collect your case workspace password. You can revoke access by signing out in the extension or revoking tokens in RESO.tax Settings.

3. IRS Transcript Data — Special Handling

Transcript data is among the most sensitive information we process. We treat it accordingly.

Transcript data is used solely to generate the resolution strategy report you requested. It is not used to train AI models, sold to third parties, used for advertising, or shared with any party other than as described in Section 5.

We retain transcript data for as long as your account is active and for a reasonable period thereafter to support report retrieval. You may request deletion of transcript data associated with a case at any time by contacting support@reso.tax.

4. How We Use Your Information

We use the information we collect to:

• Generate resolution strategy reports in response to your requests • Manage your account and authenticate your sessions • Process payments for report generation • Send transactional communications (report delivery, account notifications) • Improve the accuracy and coverage of our analysis engine • Comply with legal obligations

We do not use your data for behavioral advertising, data brokering, or any purpose unrelated to delivering the Service.

5. How We Share Your Information

We share information only as follows:

Anthropic (AI processing): We send transcript and financial profile data to Anthropic's API to generate AI-assisted analysis. Anthropic processes this data under their API usage policy and does not use API-submitted data to train their models. Data is transmitted over encrypted connections.

Supabase (database and storage): We use Supabase to store case data, transcripts, and reports. Supabase is a SOC 2 Type II certified provider operating on AWS infrastructure.

Stripe (payments): Subscription and per-report billing are processed by Stripe, Inc. We share account and transaction information necessary to charge your payment method and maintain billing records. We do not store full credit card numbers on our servers.

BoldSign (electronic signatures): When you send documents for e-signature through the Service, we transmit signer names, email addresses, document content, and signing status to BoldSign (Syncfusion) to deliver signature requests and completed documents. BoldSign processes data under their privacy and security terms as our e-signature subprocessor.

Google Calendar (optional, per-user): If you connect Google Calendar in Settings, we store encrypted OAuth tokens and your connected Google account email. When you create a case task with a due date, we send a create-only request to Google to add one all-day calendar event to your primary calendar (event title and case link). We do not read, list, modify, or delete your existing calendar events. You may disconnect at any time; we revoke the token at Google and delete stored credentials.

Google API Services: RESO's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide the connected feature you enable (Calendar task sync and account identification in Settings). We do not use Google user data for advertising, and we do not sell Google user data.

Telephony — RingCentral or Dialpad (optional, per-user): If your firm enables telephony and you connect your account in Settings, we store encrypted OAuth tokens and provider account identifiers. We use the connection to place outbound calls and send SMS from RESO (click-to-call, case-linked messaging) and to log call metadata (time, duration, numbers, case association) in your firm's activity history. We do not sell call or message content. You may disconnect at any time.

IRS Logics / Case Bridge (optional): If your firm configures IRS Logics API credentials or installs the RESO.tax Case Bridge browser extension, we may receive case reference numbers, client names, and page URLs from your firm's supported case workspace to link or create RESO cases. API credentials are stored encrypted. The extension uses a firm-issued token and does not collect your case workspace password.

Legal compliance: We may disclose information if required by law, subpoena, or other legal process, or to protect the rights, property, or safety of Verified, Inc., our users, or others.

We do not sell your data. We do not share transcript data with other tax professionals, IRS representatives, or any government agency unless legally compelled. Optional integrations are initiated by you or your firm administrator; disconnecting or disabling an integration stops new data flows through that provider.

6. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+) for all data transmission • Encryption at rest for stored transcript and report data • Row-level security controls in our database • Access controls limiting employee access to customer data on a need-to-know basis • Regular security reviews of our infrastructure

No security system is impenetrable. If you believe your account has been compromised, contact us immediately at support@reso.tax.

7. Data Retention

We retain your data for as long as your account is active. If you close your account, we retain data for up to 90 days to allow for dispute resolution, then delete or anonymize it.

Transcript data associated with individual cases can be deleted on request at any time. Generated PDF reports are retained for 12 months from generation date and then deleted unless you request earlier deletion.

We retain billing records as required by applicable law (typically 7 years).

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you • Correction: Request correction of inaccurate data • Deletion: Request deletion of your data (subject to legal retention obligations) • Portability: Request your data in a machine-readable format • Restriction: Request that we stop processing your data in certain ways

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information (we do not sell personal information).

To exercise any of these rights, contact us at support@reso.tax. We will respond within 30 days.

9. Cookies and Tracking

We use session cookies to maintain your authenticated session. We do not use third-party advertising cookies, pixel trackers, or behavioral analytics tools that share data with advertisers.

We use first-party analytics to understand how the Service is used in aggregate. This data is not tied to individual user identities for advertising purposes.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email of material changes and post the updated policy with a revised effective date. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at support@reso.tax.

Questions about this Privacy Policy? Contact us at support@reso.tax. See also our Terms of Service.