Privacy Policy

TaxSuite is operated by Amrin K Enterprises Ltd., a federally incorporated Canadian corporation (incorporated April 2019). Our registered office is located in Ottawa, Ontario, Canada.

TaxSuite (“we”, “us”, “our”) provides cloud-based bookkeeping and financial management software designed specifically for Canadian restaurant and food-service businesses. Our website is taxsuite.ca and our application is accessed at app.taxsuite.ca.

For privacy inquiries, contact our Privacy Officer at: privacy@taxsuite.ca

We collect different categories of information depending on how you interact with TaxSuite:

We do not collect or store Social Insurance Numbers (SINs), personal CRA login credentials, or banking credentials beyond what Stripe requires for billing.

We use your information only for the following purposes:

• Providing the service: Operating your account, syncing POS data, generating reports, calculating HST/GST, and all core TaxSuite functionality.
• AI receipt extraction: Uploaded receipt images are processed by OpenAI's API to extract vendor names, amounts, and categories. Extracted data is stored in your account. Raw image files are retained for 90 days, then permanently deleted.
• Billing and payments: Processing subscription charges, issuing invoices, and handling refund requests through Stripe.
• Account communications: Password reset emails, subscription renewal notices, important security alerts, and product updates. We do not send unsolicited marketing without your consent.
• Customer support: Diagnosing issues, responding to requests, and improving product quality.
• Security: Detecting and preventing fraud, unauthorized access, and abuse.
• Legal compliance: Meeting obligations under Canadian law, including PIPEDA and CRA reporting requirements where applicable.
• Product improvement: Aggregated, anonymized analytics to understand how features are used and where the product can improve. No individual transaction data is used for this purpose.

We do not sell, rent, or trade your personal or financial information to any third party for marketing, advertising, or commercial purposes.

TaxSuite is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law, as well as applicable provincial privacy legislation.

We collect, use, and disclose personal information only with your knowledge and consent, except where the law permits or requires otherwise. Specifically:

• Account creation constitutes your consent to collect and use your information as described in this policy.
• Connecting a POS system or delivery platform constitutes your consent to receive and store data from that integration.
• Uploading a receipt constitutes your consent to process that image through our AI extraction service.
• You may withdraw consent at any time by deleting your account, subject to legal retention requirements.

Under PIPEDA's accountability principle, Amrin K Enterprises Ltd. is responsible for all personal information under our control, including information transferred to third-party processors.

We share your information only in the following limited circumstances:

All third-party processors are bound by data processing agreements and are required to protect your information in accordance with PIPEDA standards. We do not authorize any processor to use your data for their own purposes.

We may also disclose information: (a) to comply with a legal obligation, court order, or government authority request; (b) to protect the rights, property, or safety of TaxSuite, our users, or the public; or (c) in connection with a business transfer or acquisition, in which case the successor entity will be bound by this Privacy Policy.

Your data is stored in encrypted PostgreSQL databases hosted by Neon. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Our application is hosted on Vercel with Canadian-compatible data routing.

We implement the following security controls:

• Passwords hashed using bcrypt with a minimum work factor of 12
• All API endpoints require authentication via secure session tokens
• Row-level security to ensure users can only access their own organization's data
• Rate limiting on all authentication endpoints to prevent brute-force attacks
• Regular automated dependency scanning for known vulnerabilities
• HTTPS enforced across all domains with HSTS preloading
• Uploaded files stored in access-controlled Vercel Blob storage
• Stripe tokenization — we never receive or store raw card numbers

No system is 100% secure. If you suspect unauthorized access to your account, contact us immediately at security@taxsuite.ca. Under PIPEDA, we are required to notify you and the Office of the Privacy Commissioner of Canada if a breach creates a real risk of significant harm.

We retain your information as follows:

Financial records are retained for 7 years to comply with CRA's record-keeping requirements under the Income Tax Act and the Excise Tax Act, even after account deletion.

Under PIPEDA and applicable Canadian privacy law, you have the following rights regarding your personal information:

• Right of Access

  Request a copy of the personal information we hold about you. We will respond within 30 days.

• Right to Correction

  Request correction of inaccurate or incomplete personal information. You can update most information directly in Settings.

• Right to Deletion

  Request deletion of your account and personal data, subject to legal retention requirements (e.g., financial records must be kept 7 years).

• Right to Data Portability

  Export your financial data as CSV or PDF at any time from within your account — no request needed.

• Right to Withdraw Consent

  Withdraw consent to any non-essential processing at any time. Withdrawing consent to essential processing (e.g., storing your transactions) means you cannot use the service.

• Right to Complain

  File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca if you believe we have not respected your privacy rights.

To exercise any right, email privacy@taxsuite.ca with your full name, account email address, and a description of your request. We will verify your identity before processing the request.

TaxSuite uses cookies and similar technologies to operate the service and improve your experience. See our Cookie Policy for full details.

In summary, we use:

• Session cookies: Keep you logged in during your browser session. Essential — cannot be disabled.
• Authentication cookies: Persistent login tokens (up to 30 days). Set when you check 'Remember me'.
• CSRF tokens: Protect against cross-site request forgery. Essential.
• Analytics cookies: Anonymous usage data to understand feature adoption. You can opt out in Settings.

We do not use advertising, retargeting, or third-party tracking cookies.

TaxSuite is a business software product intended for use by adults operating commercial food-service businesses. We do not knowingly collect personal information from individuals under the age of 18.

If we become aware that a person under 18 has created an account, we will promptly delete the account and all associated data. If you believe a minor has registered, contact us at privacy@taxsuite.ca.

Some of our third-party service providers (including Stripe, Neon, Vercel, OpenAI, and Resend) are based in the United States. When we transfer your personal information to these providers, we do so under data processing agreements that require them to protect your information to a standard comparable to PIPEDA.

By creating an account and using TaxSuite, you consent to the transfer of your information to these U.S.-based processors as described in Section 5. You acknowledge that U.S. law may apply different standards to government access to personal data than Canadian law.

Your financial transaction data, account credentials, and core business data are stored in Neon's database infrastructure. We have contractually required that your data not be used for any purpose other than providing TaxSuite functionality.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by:

• Sending an email to your registered account address at least 14 days before the change takes effect
• Posting a prominent notice in the TaxSuite application
• Updating the 'Last updated' date at the top of this page

Continued use of TaxSuite after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree with the revised policy, you may delete your account before the effective date.

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

If you are unsatisfied with our response to a privacy concern, you have the right to contact the Office of the Privacy Commissioner of Canada (OPC):