Beacon Tax Relief
Start my IRS plan

Privacy Policy

Effective: May 14, 2026

DRAFT — REQUIRES ATTORNEY REVIEW BEFORE PUBLICATION
This document is a production draft prepared for legal review. It is not legal advice. Do not publish without review and approval by qualified legal counsel experienced in GLBA, CCPA/CPRA, state privacy law, and financial services data privacy. Version 1.0 — [DATE].

Privacy Policy

**Beacon Tax Relief LLC **
Effective Date: [EFFECTIVE_DATE]
Last Updated: [LAST_UPDATED_DATE]

About This Policy

Beacon Tax Relief LLC ("we," "us," or "our") takes your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our website at [WEBSITE_URL], our software platform, our AI-assisted tools, and any related services (collectively, the "Service").

This Policy applies to all users of the Service, including visitors to our website, registered account holders, and subscribers to any paid tier.

Because Beacon Tax Relief LLC assists taxpayers with IRS-related documents and financial information, the information we handle is particularly sensitive. We are subject to the Gramm-Leach-Bliley Act (GLBA) as a financial institution (tax return preparers are financial institutions under FTC jurisdiction), IRC §7216 (governing disclosure of tax return information), and applicable state privacy laws. This Policy reflects those requirements.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Third-Party Sharing and Disclosure
  4. IRC §7216 — Disclosure of Tax Return Information
  5. GLBA Safeguards Rule — Notice to Customers
  6. State Privacy Rights
  7. Cookies and Analytics
  8. Children's Privacy
  9. Data Retention
  10. Data Security and Breach Notification
  11. Your Rights and Choices
  12. Changes to This Policy
  13. Contact for Privacy Requests

1. Information We Collect

We collect information you provide directly, information generated automatically by your use of the Service, and in limited circumstances, information from third parties.

1.1 Information You Provide Directly

Identity and Contact Information:

  • Full legal name
  • Email address
  • Phone number (if provided or required for SMS/voice features)
  • Mailing address
  • Date of birth (required for certain IRS forms)
  • Social Security Number or Individual Taxpayer Identification Number (collected only for direct entry into IRS forms you generate — see Section 4)

Financial Information:

  • Income and expense information (wages, self-employment income, business income, living expenses, asset values) as entered in Form 433-A, Form 433-B, and related collection information statements
  • Bank account information (account balances, institution names — entered for Form 433 purposes, not stored for payment processing)
  • Real property and personal property valuations
  • Monthly income and expense breakdowns
  • Information about assets subject to IRS collection

Tax and IRS Information:

  • IRS account transcripts or notices you upload or enter (CP2000, CP503, CP504, tax liens, levy notices, audit notices)
  • Federal tax return data you upload or enter for the purpose of resolution analysis
  • Tax year(s) at issue, tax type, assessed amounts, penalty details

Account Information:

  • Username and password (passwords are hashed; we do not store plaintext passwords)
  • Subscription tier and payment history
  • Support communications and chat transcripts

Communications:

  • Information you provide in support tickets, chat messages, or email communications with us

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, form fields accessed, session duration
  • Device and browser information: Browser type, operating system, screen resolution
  • Log data: IP address, access timestamps, referring URL
  • Cookies and tracking technologies: See Section 7

1.3 Information From Third Parties

  • Payment processors: Confirmation of successful or failed payment; limited transaction data (we do not store full credit card numbers)
  • Identity verification services (if implemented): Verification status; we do not store identity verification images
  • Analytics providers: Aggregate usage and behavioral analytics (see Section 7)

2. How We Use Your Information

2.1 Service Delivery

We use your information primarily to provide the Service you have subscribed to, including:

  • Generating IRS forms and documents (Form 433-A, Form 433-B, Form 656, installment agreement requests, penalty abatement letters, and similar documents) from data you enter
  • Powering AI-assisted features that provide information about IRS programs
  • Storing your data so you can access and modify it across sessions
  • Providing customer support
  • Sending transactional communications (account confirmations, receipts, subscription notices, password resets)

2.2 AI Processing — Named Providers

Beacon Tax Relief LLC uses the following artificial intelligence service providers to power certain features of the Service:

(a) Anthropic PBC — Provider of the Claude AI model. Portions of your information, as described in the IRC §7216 Consent, may be processed by Anthropic's systems to generate responses, complete forms, or provide informational analysis within the Service.

(b) OpenAI Inc. — Provider of GPT-series models. Portions of your information, as described in the IRC §7216 Consent, may be processed by OpenAI's systems for certain Service features.

Before your tax return information is processed by any AI provider, we obtain your express written consent under IRC §7216. Your tax return information will not be processed by AI systems without that consent.

We have executed Data Processing Agreements with each AI provider that restrict use of your data to providing the Service to you, prohibit training AI models on your data without separate consent, and require appropriate security measures.

2.3 Marketing Communications (If Opted In)

If you have opted in to marketing communications, we use your name and email address to send:

  • Educational content about IRS programs and tax resolution
  • Product updates and new feature announcements
  • Promotional offers and subscription upsell communications

You may opt out at any time by clicking "Unsubscribe" in any marketing email, or by contacting support@beacontaxrelief.com . Marketing opt-out does not affect transactional communications.

2.4 SMS/Voice Communications (If Opted In)

If you have provided a phone number and consented to SMS or voice communications, we use your phone number to send:

  • Account notifications
  • Marketing messages (if separately consented to with TCPA-compliant consent)
  • AI voice agent interactions (if you initiate them)

2.5 Legal Compliance and Safety

We use your information to comply with applicable laws, respond to legal process (subpoenas, court orders), enforce our Terms of Service, prevent fraud, and protect the safety of users and the public.

2.6 Service Improvement

We use aggregated, de-identified analytics data to improve the Service. We do not use individually identifiable tax return information for this purpose without consent.

3. Third-Party Sharing and Disclosure

We do not sell your personal information. We do not share your information for third-party advertising or marketing purposes.

We share your information only as follows:

3.1 AI Service Providers

As described in Section 2.2: Anthropic PBC and OpenAI Inc. process information as necessary to power AI features. Processing is subject to the IRC §7216 Consent and Data Processing Agreements.

3.2 Payment Processor

Your payment information is processed by [PAYMENT_PROCESSOR_NAME] (e.g., Durango Merchant Services, Stripe, or other high-risk processor). We share only the information necessary to process your payment. We do not store full payment card numbers. The payment processor's privacy policy governs their handling of your payment data.

3.3 Email and SMS Infrastructure

We use third-party providers for email delivery and SMS messaging. These providers may process your name, email address, and phone number to deliver communications on our behalf:

  • Email infrastructure: [EMAIL_PROVIDER_NAME] (e.g., SendGrid, Postmark)
  • SMS infrastructure: Twilio Inc.

These providers are prohibited from using your information for their own purposes beyond service delivery.

3.4 Voice Agent Infrastructure

If you use AI voice features, your voice communications may be processed by Retell AI (or equivalent voice AI provider) to power conversational interactions. Voice communications may be recorded and transcribed as disclosed in the voice agent opening disclosure.

3.5 Hosting and Infrastructure

Vercel Inc. hosts the Service application. Supabase Inc. provides database infrastructure. Both providers have access to data as necessary to operate the infrastructure. We have executed Data Processing Agreements with both providers.

3.6 Legal Process and Law Enforcement

We may disclose your information if required by a court order, subpoena, or other valid legal process, or if we believe disclosure is necessary to prevent imminent harm or comply with applicable law.

3.7 Business Transfers

If Beacon Tax Relief LLC is acquired, merged, or sells substantially all of its assets, your information may be transferred as part of that transaction. We will notify you by email or prominent website notice prior to your information becoming subject to a materially different privacy policy.

3.8 With Your Consent

We may share your information for any other purpose with your express written consent.

4. IRC §7216 — Disclosure of Tax Return Information

4.1 Statutory Background

Internal Revenue Code §7216 imposes criminal penalties (up to $1,000 fine and/or 1 year imprisonment per violation) on tax return preparers who knowingly or recklessly disclose or use tax return information without taxpayer consent. Civil penalties under IRC §6713 ($250 per disclosure, up to $10,000/year) also apply. (IRS §7216 Information Center)

4.2 When §7216 Applies to Our Service

If Beacon Tax Relief LLC assists you in preparing any federal tax return or claim for refund, §7216 governs our use and disclosure of your tax return information. This includes, but is not limited to, use of your tax return data in AI tools.

4.3 Consent Requirement

Before we use or disclose your tax return information in a manner covered by §7216, we obtain your affirmative written consent through the IRC §7216 Consent and Authorization document presented at signup and available at [WEBSITE_URL]/7216-consent. This consent:

  • Names each specific recipient of your information (Anthropic PBC, OpenAI Inc., and any others)
  • Describes what information is being shared
  • States the purpose of sharing
  • Expires one year from the date of signing
  • May be revoked at any time

Without your §7216 consent, we will not process your tax return information through AI tools.

4.4 What Constitutes "Tax Return Information"

"Tax return information" under §7216 includes any information furnished to a tax return preparer in connection with the preparation of a return, including: your name, Social Security Number, income, deductions, credits, tax liability, and any other data extracted from or derived from your tax return or information provided for preparation.

5. GLBA Safeguards Rule — Notice to Customers

5.1 Beacon Tax Relief LLC

as a Financial Institution

Under the Gramm-Leach-Bliley Act (GLBA), tax return preparers are classified as "financial institutions" subject to FTC jurisdiction. The FTC's Safeguards Rule (16 CFR Part 314) applies to our operations. (FTC — Safeguards Rule)

5.2 Categories of Information We Collect and Share

CategoryWe CollectWe Share with AffiliatesWe Share with Non-AffiliatesYour Right to Limit
For everyday business purposes (service delivery)YesNo affiliatesYes — service providers with DPAs onlyCannot be limited for service delivery
For marketing our products/servicesYes (if opted in)N/ANoYes — opt out at any time
Joint marketing with financial companiesNoNoN/A
For non-affiliates to market to youNoNoN/A — we do not sell your data

5.3 Your Right to Limit Sharing

You may limit the sharing of your non-public personal information with non-affiliated third parties for marketing purposes by opting out of marketing communications using the instructions in Section 11.

5.4 GLBA Privacy Notice

This Privacy Policy serves as our annual GLBA privacy notice to customers. We will provide updated notice annually or when our information practices change materially.

6. State Privacy Rights

6.1 California — CCPA/CPRA

(Applicable to California residents)

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have the following rights:

  • Right to Know: Right to know what personal information we collect, use, share, or sell
  • Right to Delete: Right to request deletion of personal information we hold
  • Right to Correct: Right to request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: Right to limit use of sensitive personal information (including SSN, financial information) to what is necessary to provide the Service
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

CPRA AI/ADMT: California's CPRA regulations (effective January 2026) require risk assessments for automated decision-making technology (ADMT) that makes significant decisions about consumers. If our AI tools make significant decisions about your eligibility for IRS programs, we will provide opt-out rights and conduct required risk assessments.

To exercise CCPA/CPRA rights, contact us at [PRIVACY_EMAIL] or [WEBSITE_URL]/privacy-request.

Note: CCPA/CPRA applicability to Beacon Tax Relief LLC depends on revenue thresholds and data volume. Confirm applicability with counsel before CA launch.

6.2 New York — NY SHIELD Act

(Applicable to New York residents)

The NY SHIELD Act applies to any entity that owns or licenses computerized private information of NY residents, regardless of business size or revenue. We implement reasonable administrative, technical, and physical safeguards for private information of NY residents as required by the SHIELD Act. (NY AG — SHIELD Act)

In the event of a breach of NY residents' private information, we will notify affected individuals and the NY Attorney General as required by law.

Note: NY services are deferred pending state licensing review. This section will become active upon NY launch.

6.3 Virginia — Consumer Data Protection Act (CDPA)

(Applicable to Virginia residents)

Virginia residents have rights to: access, correct, delete, and obtain a copy of personal data; opt out of targeted advertising, sale of personal data, and profiling for significant decisions. To exercise these rights, contact [PRIVACY_EMAIL].

Applicability depends on processing thresholds (100,000 consumers, or 25,000+ consumers with data revenue). Confirm with counsel.

6.4 Colorado — Colorado Privacy Act (CPA)

(Applicable to Colorado residents — upon CO launch)

Colorado residents have similar rights to Virginia and California residents: access, correction, deletion, portability, and opt-out of targeted advertising and sale of data. We will honor these rights upon receipt of a verified request at [PRIVACY_EMAIL].

Note: CO launch is deferred pending licensing review. This section becomes active upon CO launch.

6.5 Connecticut — Connecticut Data Privacy Act

Similar rights apply to Connecticut residents. Contact [PRIVACY_EMAIL] to exercise rights.

6.6 Texas — Texas Data Privacy and Security Act (TDPSA)

(Effective July 2024; applicable to Texas residents)

Texas residents have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising and sale of data. We honor these rights. Contact [PRIVACY_EMAIL].

6.7 How to Submit State Privacy Requests

To exercise any state privacy right, contact us at:

  • Email: [PRIVACY_EMAIL]
  • Web form: [WEBSITE_URL]/privacy-request
  • Mail: [STREET ADDRESS] , Dallas, TX 75201

We will respond to verifiable requests within 45 days (extendable by an additional 45 days with notice). We will verify your identity before processing requests involving sensitive financial data.

7. Cookies and Analytics

7.1 What We Use

We use the following tracking technologies:

TechnologyPurposeRetention
Session cookiesMaintain login sessionDeleted on browser close
Persistent authentication cookiesRemember logged-in state30 days
Analytics cookies (e.g., Plausible, PostHog)Understand usage patterns — privacy-preserving analytics preferredSession to 2 years
Marketing pixels (if active)Measure advertising effectiveness90 days

7.2 Your Choices

You may control cookies through your browser settings. Disabling certain cookies may affect Service functionality (e.g., you may need to log in more frequently). We do not respond to browser Do Not Track signals at this time, but we are evaluating Global Privacy Control (GPC) compliance.

7.3 Analytics Philosophy

Beacon Tax Relief LLC prefers privacy-preserving analytics tools (e.g., Plausible Analytics) that do not use cross-site tracking cookies. Where we use third-party analytics (e.g., Google Analytics), we configure them with IP anonymization and without advertising features.

8. Children's Privacy

The Service is not directed to or intended for use by individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are under 18, do not use the Service. If we learn we have collected information from a child under 18, we will delete it promptly.

If you believe we have inadvertently collected information from a minor, contact us at [PRIVACY_EMAIL].

9. Data Retention

We retain your information for as long as necessary to provide the Service and as required by applicable law.

Data TypeRetention PeriodAuthority/Basis
Client tax information (Form 433 data, IRS notices, tax return data)7 years from date of last serviceIRC general 7-year record rule; best practice for tax-related SaaS
§7216 consent records3 years minimum (IRS guidance); indefinitely for active usersIRS §7216; compliance best practice
Account and billing records7 yearsBusiness records statute of limitations
TSR-covered advertising materials24 months16 CFR §310.5
TCPA consent recordsIndefinitely for active contacts; 4 years post-contactTCPA/TCPA litigation risk
Security incident logs3 years minimumGLBA Safeguards Rule best practice
Support and chat records3 years from last interactionBusiness best practice

9.1 Deletion After Retention Period

Upon expiration of the applicable retention period, we will securely delete or de-identify your information. Secure deletion means:

  • Digital data: cryptographic erasure or multi-pass overwrite
  • Database records: deletion with verification that no copies remain in backup systems (within the backup retention cycle)
  • AI provider data: deletion request per Data Processing Agreement terms

9.2 Your Right to Request Deletion

You may request deletion of your account and associated data at any time, subject to our legal obligation to retain certain records for regulatory compliance. Retained records (e.g., §7216 consent logs, transaction records) will be retained only as long as required by law.

10. Data Security and Breach Notification

10.1 Security Measures

Beacon Tax Relief LLC implements the following security measures in accordance with our Written Information Security Program (WISP) under the GLBA Safeguards Rule:

  • Encryption at rest: AES-256 encryption for all stored customer data
  • Encryption in transit: TLS 1.3 for all data transmitted between the Service and your browser, and between the Service and AI providers
  • Multi-Factor Authentication (MFA): Required for all administrative access; offered to all users
  • Access controls: Role-based access; minimum-privilege principle; no AI provider access to customer data beyond what is necessary for the specific feature you use
  • Vendor oversight: All service providers with access to customer data have executed Data Processing Agreements
  • Monitoring: Activity monitoring and anomaly detection on systems storing customer data

Despite these measures, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

10.2 Breach Notification

In the event of a security breach involving your personal information, we will:

(a) FTC Notification: Notify the Federal Trade Commission within 30 days of discovering a breach affecting 500 or more customers, as required by the GLBA Safeguards Rule. (FTC — Safeguards Rule Breach Notification)

(b) Customer Notification: Notify affected customers as required by applicable state breach notification laws. Most states require notice within 30–90 days of breach discovery. We will provide notice to affected customers by email at their registered email address, and by mail where required.

(c) State AG Notification: Notify applicable state attorneys general as required by state law (e.g., NY AG for NY resident breaches under the SHIELD Act).

(d) Contents of Notice: Breach notices will include: description of the incident; type of information affected; steps we took in response; steps you can take to protect yourself; contact information for questions.

11. Your Rights and Choices

11.1 Access Your Information

You may access the personal information we hold about you through your account dashboard. For information not available in the dashboard, submit a request to [PRIVACY_EMAIL].

11.2 Correct Your Information

You may correct inaccurate account information through your account dashboard. For data that cannot be corrected through the dashboard (e.g., information in generated documents), contact [PRIVACY_EMAIL].

11.3 Delete Your Information

You may request deletion of your account and data by:

  • Using the "Delete Account" feature in your account settings
  • Emailing [PRIVACY_EMAIL] with subject "Account Deletion Request"

We will process deletion requests within 45 days, subject to retention requirements described in Section 9.

11.4 Revoke §7216 Consent

You may revoke your IRC §7216 consent at any time by contacting [PRIVACY_EMAIL] with "§7216 Consent Revocation" in the subject line. Revocation will disable AI-assisted features that require tax return data processing. It does not affect data already processed prior to revocation.

11.5 Opt Out of Marketing

You may opt out of marketing emails at any time by clicking "Unsubscribe" in any marketing email, or by contacting support@beacontaxrelief.com . You may opt out of marketing SMS by replying STOP to any marketing text message. Opt-out will be honored within 10 business days.

11.6 Data Portability

You may export your account data (financial information you have entered, generated documents) from your account dashboard in standard formats. Contact [PRIVACY_EMAIL] for data portability requests not available through the dashboard.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy at [WEBSITE_URL]/privacy with a new effective date
  • Sending an email to your registered email address at least 30 days before material changes take effect

Continued use of the Service after changes take effect constitutes acceptance. If you do not agree to changes, stop using the Service and request account deletion.

13. Contact for Privacy Requests

Beacon Tax Relief LLC — Privacy Officer
[STREET ADDRESS] , Dallas, TX 75201

[CITY, STATE, ZIP]

Email: [PRIVACY_EMAIL]
Web form: [WEBSITE_URL]/privacy-request
Phone: [SUPPORT_PHONE]

We will respond to all privacy inquiries within 45 days.

This Privacy Policy was prepared based on compliance requirements analyzed in compliance_framework.md. References: GLBA Safeguards Rule — 16 CFR Part 314 | IRC §7216 — IRS Information Center | NY SHIELD Act | CCPA — CA AG

DRAFT — REQUIRES ATTORNEY REVIEW BEFORE PUBLICATION