Skip to content
SealedReturn
Start your return

Legal

Privacy Policy

Last updated: 2026-04-23

1. The short version

Your tax documents are encrypted in your browser before they leave your device. We store ciphertext blobs only. We cannot read your W-2, your 1099s, your SSN, your refund amount, or your bank account number. If we received a court order, we could hand over the ciphertext (useless without your password), your email, and limited login metadata. That's it. Read on for the long version.

2. Information we collect

2.1 Information you provide

  • Email address. So we can send you receipts, password-reset links (note: we cannot recover your data, but we can let you start fresh), and Refund Match status updates.
  • Payment information. Processed by Stripe. We never see your card number; Stripe gives us a token.
  • Tax documents you upload. Encrypted in your browser before transmission. We store ciphertext blobs in Backblaze B2. We cannot decrypt these without your password.
  • Inputs you type into the app. Your name, address, dependents, etc. Same encryption pipeline — encrypted client-side.

2.2 Information we automatically collect

  • IP address at login. Kept 30 days for fraud detection, then dropped.
  • Browser + device type. For compatibility and bug fixing.
  • Usage events (pages visited). Anonymous, aggregated. Opt-out available.
  • Cookies. Strictly-necessary cookies for session management. We do not use third-party advertising cookies. See our Cookie Policy.

3. How we use information

  • To provide the SealedReturn service (process your tax return prep).
  • To process payments (via Stripe).
  • To communicate with you about your account, your return, and our service.
  • To detect fraud and abuse.
  • To comply with legal obligations.

4. Sharing

We share information with the following categories of recipients, only as necessary to operate the service:

  • Backblaze B2 — stores ciphertext blobs of your encrypted documents. Sees only opaque ciphertext.
  • Stripe — processes payments. Sees your name and card details (we never do).
  • Anthropic (Claude API) — performs AI vision extraction during a session. Receives the decrypted document image. Anthropic\'s privacy policy is here; we configure requests with no-retain headers where supported.
  • Cloudflare — DNS + edge CDN for our marketing site. Sees IP addresses for traffic to sealedreturn.com.
  • Hetzner — hosts our application servers. Sees ciphertext blobs in transit + at rest within our app's storage layer.

We do not sell your information. We do not share with advertising networks. We do not share with affiliates "for marketing purposes."

5. Government requests

If we receive a subpoena, court order, or other lawful government request, we may disclose: (i) the ciphertext blobs we hold (useless without your password); (ii) your email address; (iii) your payment status; (iv) up to 30 days of IP-address login metadata. We cannot disclose your tax documents, your SSN, your refund amount, or your bank account — because we do not have those in any readable form. If law permits, we will notify you of any government request before responding.

6. Encryption + security

We are subject to the FTC Safeguards Rule under the Gramm-Leach-Bliley Act because tax-preparation is a "financial activity." Our Written Information Security Plan (WISP) follows IRS Pub 4557 guidance. Technically: client-side encryption with libsodium + Argon2id + XChaCha20-Poly1305; TLS 1.3 in transit; ciphertext at rest in Backblaze B2. See our Security page for the full architecture.

7. Data retention

  • Encrypted documents: retained as long as your account is active, or as part of the lifetime encrypted vault for paid tiers. Deleted within 30 days of account closure (or immediately upon your request).
  • Generated PDFs: same as encrypted documents.
  • Login metadata (IP): 30 days, then dropped.
  • Account email + payment records: 7 years (IRS retention recommendation).
  • Anonymous usage events: 24 months, then aggregated/dropped.

8. Your rights

Depending on your location, you may have rights under:

  • California (CCPA / CPRA): right to know, delete, correct, opt-out of "sale" or "share" (we do neither). Email privacy@sealedreturn.com.
  • EU (GDPR): while SealedReturn primarily serves U.S. taxpayers, EU residents who use the service have rights of access, rectification, erasure, restriction, portability, and objection. Contact us at the same address.
  • Other states: we honor equivalent rights under state laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, etc.).

9. Children

SealedReturn is not intended for users under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us and we will delete it.

10. International users

SealedReturn is operated from the United States. If you access SealedReturn from outside the U.S., your data may be transferred to and processed in the U.S. By using SealedReturn, you consent to this transfer.

11. Biometric information

We do not collect biometric identifiers (face geometry, fingerprints, voiceprints). Photo upload of W-2s, 1099s, etc. is document OCR, not biometric data. If we ever add identity-verification features that involve biometric data, we will request your separate written consent in advance, as required by the Illinois Biometric Information Privacy Act (740 ILCS 14) and equivalent laws in Texas and Washington.

12. Breach notification

If we discover a security incident affecting your encrypted ciphertext blobs (which would still be unreadable without your password), or affecting your email/payment metadata, we will notify you and applicable regulators in accordance with state breach-notification laws and the FTC Safeguards Rule (30-day notification window for breaches affecting 500+ consumers).

13. Changes

We may update this Privacy Policy from time to time. Material changes will be announced via email at least 30 days in advance and via a notice on this page.

14. Contact

Privacy questions: privacy@sealedreturn.com. Data deletion requests: same. Security disclosures: security@sealedreturn.com.

This Privacy Policy is a working draft pending final review by a tax + tech attorney. It reflects best-practice standards from competitive analysis and IRS Pub 4557 guidance but should not be construed as final legal language.