TaxFlow+

Privacy Policy

Last updated: March 30, 2026

1. Data Controller

Business Name: GlitzyGlitzy Sarah Kuhmichel
Owner: Sarah Kuhmichel
Address: Tacitusstr. 90, 60439 Frankfurt, Germany
Tax ID (USt-IdNr.): DE-346557770
Email: support@taxflow-plus.com

2. Data We Collect

We collect and process the following data:

Account Information

  • Name, email address, phone number
  • Business name and legal entity information
  • VAT ID and tax registration numbers
  • Address and business location

Shopify Integration Data

  • Order history and transaction details
  • Customer location and shipping addresses (anonymized for VAT purposes)
  • Product information and revenue data
  • Refund and return information

Usage & Technical Data

  • IP address and browser information
  • Login timestamps and activity logs
  • Device information and analytics

3. Legal Basis for Processing

We process personal data under the following legal bases under GDPR Article 6:

  • Contract (6.1.b): To provide TaxFlow+ services you have contracted
  • Legal Obligation (6.1.c): To comply with tax and financial regulations
  • Legitimate Interest (6.1.f): To improve security, prevent fraud, and enhance service quality
  • Consent (6.1.a): For marketing communications (which you can withdraw anytime)

4. Data Storage & Retention

We store data on Supabase servers located in the EU. Data is encrypted both in transit (HTTPS/TLS) and at rest. We retain:

  • Account data: For the duration of your subscription + 3 years (legal obligation)
  • Transaction records: 7 years (EU VAT regulations)
  • Backup data: Up to 30 days
  • Logs and analytics: 90 days

5. Data Sharing

We share data with the following processors:

  • Shopify: For order and customer data integration (you control this via Shopify API)
  • Supabase: For database hosting (Data Processing Agreement in place)
  • EU Commission (VIES): For VAT number validation only (no personal data shared)
  • Tax Authorities: Only with your explicit consent or legal requirement

We never sell or rent personal data. We do not share data with third parties except as described above.

6. Your Rights Under GDPR

You have the right to:

  • Access (Art. 15): Request a copy of your personal data
  • Rectification (Art. 16): Correct inaccurate data
  • Erasure (Art. 17): Request deletion ("right to be forgotten")
  • Restrict Processing (Art. 18): Limit how we use your data
  • Data Portability (Art. 20): Receive data in machine-readable format
  • Object (Art. 21): Opt-out of certain processing
  • Lodge a Complaint: Contact your national data protection authority

To exercise these rights, email support@taxflow-plus.com with "GDPR Request" in the subject.

7. Security Measures

We implement industry-standard security:

  • 256-bit TLS/SSL encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Secure password hashing (bcrypt)
  • Row-Level Security (RLS) on database tables
  • API rate limiting and DDoS protection

8. Cookies & Analytics

TaxFlow+ uses:

  • Session Cookies: To keep you logged in (essential)
  • Analytics: To understand usage and improve the service (you can opt-out)
  • No Third-Party Advertising: We do not use tracking pixels or retargeting

9. International Data Transfers

All data is stored within the EU and is not transferred outside the EU/EEA without appropriate safeguards (Standard Contractual Clauses).

10. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR Article 33. Law enforcement will also be notified if required.

11. Children's Privacy

TaxFlow+ is not intended for users under 18. We do not knowingly collect data from children. If we discover such data, we will delete it immediately.

12. Policy Changes

We may update this policy at any time. Material changes will be notified via email. Continued use constitutes acceptance.

13. Contact Us

Data Protection Officer / Privacy Contact:
GlitzyGlitzy Sarah Kuhmichel
Tacitusstr. 90, 60439 Frankfurt, Germany
Email: support@taxflow-plus.com

German Data Protection Authority:
Hessian Data Protection Commissioner
Monmerqué-Straße 28, 60311 Frankfurt am Main
Phone: +49 69 55 00 33-0