Last updated: February 6, 2026
Effective date: February 6, 2026
This Privacy Policy is intentionally detailed. Taxolio operates in a regulated, trust-sensitive domain involving sales, financial, and tax data. This document explains exactly how data is handled in practice, not in theory.
This policy applies to:
• Visitors to the Taxolio website
• Users of tools such as the Nexus Checker
• Prospective customers who contact us
• Customers using our U.S. sales tax compliance services
It applies regardless of where you are located, including the United States, United Kingdom, European Union, and other jurisdictions.
Taxolio provides managed U.S. sales tax compliance services for ecommerce and SaaS businesses. Our services include nexus assessment, state registrations, preparation and filing of sales tax returns, and ongoing compliance management.
For most data processed in connection with our services, Taxolio acts as a data controller. In some cases, such as when filing on your behalf, we may act as a data processor for limited information supplied by you.
Contact details:
Email: hello@taxolio.com
Website: https://www.taxolio.com
• Name, role, and contact details
• Business name, structure, and jurisdiction
• Registered and billing addresses
• Sales channels and platforms used
• Communications with us
• Sales data by state or jurisdiction
• Transaction summaries and reports
• Historical sales data for compliance review
• Tax registration and filing information
This data is essential to delivering compliance services and is treated as confidential.
• IP address
• Browser, device, and operating system
• Pages viewed and interactions
• Referring URLs
This data supports security, diagnostics, and performance monitoring.
We use data only where necessary and proportionate, including to:
• Determine sales tax nexus and compliance obligations
• Prepare and submit registrations and filings
• Maintain compliance calendars and records
• Communicate about onboarding, filings, and deadlines
• Provide customer support
• Detect fraud, misuse, or unauthorised access
• Meet legal, regulatory, and professional obligations
For users subject to UK GDPR, EU GDPR, or similar laws, we process data based on:
• Performance of a contract or pre-contractual steps
• Legitimate interests in operating a secure compliance service
• Compliance with legal obligations
• Consent, where explicitly given
We do not sell personal or business data.
We share data only where required to deliver our services, including with:
• Infrastructure providers (hosting, storage, security)
• Analytics and monitoring providers
• Scheduling and communication tools
• Professional partners assisting with compliance delivery
• Government bodies or tax authorities, strictly for filings
All subprocessors are subject to confidentiality and data protection obligations.
Taxolio operates internationally. Data may be processed outside your country of residence.
Where applicable, transfers rely on appropriate safeguards such as standard contractual clauses or equivalent protections.
Client sales, transactional, and tax data is treated as confidential business information.
Access is:
• Restricted to authorised personnel
• Granted on a need-to-know basis
• Logged and monitored where appropriate
We do not use client data for marketing, benchmarking, resale, or unrelated analysis.
We retain data only for as long as required to:
• Provide ongoing services
• Comply with legal and regulatory obligations
• Maintain audit and compliance records
Data is securely deleted or anonymised when no longer required.
We apply technical and organisational measures appropriate to the sensitivity of tax and financial data, including:
• Secure hosting environments
• Access controls and authentication
• Encryption in transit and at rest where appropriate
• Internal security policies and training
No system is entirely risk-free, but we take reasonable steps to mitigate risk.
In the event of a personal data breach that poses a risk to individuals, we will take appropriate steps to investigate, mitigate, and notify affected parties in accordance with applicable law.
We do not send unsolicited marketing communications. Where marketing communications are sent, you may opt out at any time.
Depending on your jurisdiction, you may have rights to:
• Access your data
• Correct inaccuracies
• Request deletion or restriction
• Object to certain processing
• Request data portability
Requests may require identity verification.
Our services are not directed at children, and we do not knowingly collect personal data from individuals under 18.
We may update this Privacy Policy periodically. The most current version will always be available on our website.
For questions about this policy or data handling:
Email: hello@taxolio.com
Website: https://www.taxolio.com