Privacy Policy

AutoTax-Cloud — Last updated: April 2026

1. Data Controller

Hüseyin Hancer
Wiesenstr. 10, 66115 Saarbrücken, Germany
Email: datenschutz@autotax.cloud

2. Data Collected

• Registration: Email, name, password (hashed)
• Invoice data: Uploaded receipts, OCR text, amounts, VAT
• Company data: IBAN, tax ID, address
• Cash book: Income/expenses
• Technical: IP address (anonymized), user agent

3. Legal Basis (GDPR Art. 6)

• Art. 6(1)(a): Consent
• Art. 6(1)(b): Contract performance
• Art. 6(1)(f): Legitimate interests

4. Third-Party Processors

• Railway Inc. (USA/EU) — Hosting
• OCR.space / a9t9 Software GmbH — OCR — receipt images may contain IBAN, address
• Anthropic PBC (USA) — AI — OCR texts for processing

International transfers: USA — Standard Contractual Clauses (Art. 46 GDPR) / EU-US Data Privacy Framework.

5. Data Retention

• Account data: until deletion
• Accounting records: 10 years (German tax law)
• Trash: 30 days
• Logs: max 30 days

6. Your Rights

• Access (Art. 15) — Account → Export data
• Rectification (Art. 16)
• Erasure (Art. 17) — Account → Delete account
• Portability (Art. 20) — JSON export
• Object (Art. 21)
• Complaint to supervisory authority (Art. 77)

7. CCPA Rights (California)

If you are a California resident, you have the right to: know what personal data is collected, request deletion, opt-out of data sales. We do not sell your personal data. To exercise your rights, use Account → Export/Delete or email datenschutz@autotax.cloud.

8. Cookies

No tracking cookies. Only essential local storage entries (auth token, cookie consent).

9. Security

TLS/SSL, bcrypt passwords, JWT auth, rate limiting, HSTS, CSP headers.

© 2026 AutoTax-Cloud