TaxShieldAgent

Privacy Policy

Last updated: April 12, 2026

TaxShieldAgent ("we", "our", or "us") is a Stripe App that monitors US Economic Nexus thresholds for Stripe merchants. This policy explains what data we access, how we use it, and your rights.

1. Data We Access

When you install TaxShieldAgent, we request access to the following Stripe data on your behalf:

• PaymentIntents (read) — We read payment amounts and destination state metadata to calculate your cumulative sales totals per US state for Economic Nexus threshold monitoring.
• Tax Registrations (write) — With your explicit approval, we create Stripe Tax registrations in US states where you have crossed or are approaching a nexus threshold.
• Charges (write) — We apply a $1 platform fee to your most recent charge when a state tax registration is successfully completed on your behalf.

2. How We Use Your Data

• To calculate per-state sales aggregations and detect Economic Nexus threshold risks
• To generate compliance alerts when you approach or exceed a state threshold
• To register you for state sales tax collection when you explicitly approve a fix
• To maintain an audit log of all compliance actions taken

We do not sell, rent, or share your data with any third parties. We do not use your data for advertising or marketing purposes.

3. Data Storage

Transaction aggregations, nexus alerts, and audit records are stored in an encrypted database hosted on Railway (railway.app) in the United States. We store only aggregated sales totals by state — we do not store individual customer payment details, card numbers, or personal information of your customers.

Data is retained for as long as your account is active. You may request deletion at any time by contacting us (see below).

4. Human-in-the-Loop Safety

TaxShieldAgent never takes autonomous action on your Stripe account. Every tax registration and every fee charge requires your explicit confirmation. The AI reasoning engine only reads data — it cannot modify, delete, or charge anything without your approval.

5. Data Sharing

We use the following sub-processors to deliver the service:

• Stripe (stripe.com) — Payment infrastructure and Tax Registration API
• Anthropic (anthropic.com) — AI compliance explanation generation (Claude API). Only anonymized state/threshold data is sent — no customer PII.
• Railway (railway.app) — Cloud hosting and database storage

6. Your Rights

You have the right to:

• Access the data we hold about your account
• Request correction of inaccurate data
• Request deletion of your data
• Uninstall the app at any time, which revokes our access to your Stripe account

7. Security

All data is transmitted over HTTPS/TLS. API keys are stored as encrypted environment variables and never exposed in code or logs. Access to production systems is restricted to authorized personnel only.

8. Changes to This Policy

We will notify you of material changes to this policy via the email address associated with your Stripe account. Continued use of TaxShieldAgent after changes constitutes acceptance of the updated policy.