Privacy Policy

Last updated: 20 March 2026

1. Overview

EvolveMInds Pty Ltd ("we", "us", "our") operates TaxIQ Australia. We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information.

2. Information We Collect

We may collect the following categories of personal information:

  • Identity information: name, email address, phone number, ABN
  • Financial information: income details, deductions, superannuation information (as provided for tax analysis)
  • Tax file numbers (TFNs): only the last 4 digits are stored; TFNs are handled in strict accordance with the Taxation Administration Act 1953 and the Privacy (Tax File Number) Rule 2015
  • Account data: login credentials, subscription plan, usage history
  • Technical data: IP address, browser type, device information (only collected with cookie consent)

3. Tax File Number (TFN) Handling

We take TFN protection extremely seriously in compliance with the Privacy Act 1988 and the Privacy (Tax File Number) Rule 2015:

  • Full TFNs are never stored in our database. Only the last 4 digits are retained for identification purposes.
  • TFNs in transit are protected via TLS 1.3 encryption
  • TFN data at rest is encrypted with AES-256
  • AI systems are configured to automatically mask TFNs in all outputs
  • Access to TFN-related data is restricted to authorised firm members only
  • TFN data is deleted when no longer required for the purpose it was collected

4. How We Use Your Information

We use personal information to:

  • Provide tax analysis, strategy recommendations, and AI advisory services
  • Manage your account and subscription
  • Process payments via Stripe
  • Communicate service updates, security notices, and support responses
  • Improve Platform performance and features (with consent)
  • Comply with legal obligations, including ATO reporting requirements

5. Legal Basis for Processing

Under the APPs, we collect and process personal information where:

  • You have consented to the collection
  • It is reasonably necessary for our functions or activities
  • It is required or authorised by law (e.g., taxation law)

6. Disclosure of Information

We may disclose personal information to:

  • Your accounting firm: firm administrators can access client data within their tenant
  • Service providers: Stripe (payments), Resend (email), Supabase (database hosting), Anthropic (AI processing), Vercel (hosting)
  • Regulatory bodies: where required by law (e.g., ATO, OAIC)

We do not sell personal information to third parties. All service providers are contractually bound to handle data in accordance with the APPs.

7. Data Storage and Security

  • Data is stored on Australian-region servers where available
  • Row-level security (RLS) isolates each firm's data
  • All data in transit is encrypted via TLS 1.3
  • Sensitive data at rest is encrypted with AES-256
  • Regular security audits and penetration testing
  • Uploaded tax documents (PDFs) are parsed and immediately deleted; no long-term document storage

8. Cookies and Analytics

We use cookies and similar technologies only with your explicit consent. A cookie consent banner is displayed on your first visit. You may accept or decline non-essential cookies at any time. Essential cookies required for authentication and security are always active.

Analytics services (PostHog for product analytics, Sentry for error monitoring) are only activated after you consent. Declining analytics cookies does not affect your ability to use the Platform.

9. AI and Automated Decision-Making

The Platform uses AI (powered by Anthropic Claude) to generate tax analysis and recommendations. All AI-generated content is clearly labelled. AI outputs are general information and do not constitute personal advice. You have the right to request human review of any AI-generated assessment.

10. Your Rights

Under the Privacy Act 1988 and APPs, you have the right to:

  • Access personal information we hold about you (APP 12)
  • Request correction of inaccurate information (APP 13)
  • Request deletion of your data (subject to legal retention requirements)
  • Opt out of direct marketing communications
  • Withdraw consent for analytics cookies at any time
  • Lodge a complaint with the OAIC if you believe your privacy has been breached

11. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Tax-related records are retained for a minimum of 5 years in accordance with ATO requirements.

12. Children's Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

13. Cross-Border Disclosure

Some service providers (Anthropic, Vercel) may process data outside Australia. Where this occurs, we take reasonable steps to ensure the overseas recipient handles data consistently with the APPs (APP 8).

14. Office of the Australian Information Commissioner (OAIC)

If you are not satisfied with our response to a privacy concern, you may lodge a complaint with the OAIC:

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification. The "Last updated" date at the top reflects the most recent revision.

16. Contact Us

For privacy enquiries or to exercise your rights, contact our Privacy Officer at privacy@taxiq.com.au.