Privacy Policy

Last updated: February 2026

1. Information We Collect

When you use MaxMyRefund, we may collect:

  • Account information: email address and authentication data.
  • Tax return data: the PDF documents you upload for analysis.
  • Usage data: pages visited, features used, and session information.
  • Payment information: processed and stored by Stripe; we do not store your credit card details.

2. How We Use Your Data

  • To analyze your tax return and generate your report.
  • To maintain your account and provide customer support.
  • To process payments through Stripe.
  • To improve the Service and fix issues.

3. Data Handling Modes

You choose how your tax data is handled:

  • Ghost Mode: your tax return is deleted immediately after analysis. No data is retained.
  • Temporary Storage: your data is kept for 30 days so you can review your report and ask follow-up questions. It is automatically deleted after 30 days.

You can change your preference at any time in Settings.

4. Third-Party Services

We use the following third-party services:

  • Supabase: authentication and database hosting.
  • Stripe: payment processing.
  • Vercel: application hosting and deployment.

Each third party processes data in accordance with their own privacy policies. We do not sell your data to any third party.

5. Data Retention

Account information is retained while your account is active. Tax return data is retained based on your chosen data handling mode. When you delete your account, all associated data is permanently removed.

6. PIPEDA Compliance

MaxMyRefund complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect only the personal information necessary to provide the Service, obtain consent before collection, and protect your information with appropriate security measures.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Delete your account and all associated data.
  • Withdraw consent for data processing.

8. Security Measures

We use encryption in transit (TLS) and at rest, row-level security policies, rate limiting, and regular security audits to protect your data. Access to production systems is restricted and monitored.

9. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy inquiries, contact us at privacy@maxmyrefund.ca.