Security & privacy
Where your data is stored, how to delete it, our encryption design in plain English, the 6 sub-processors at a glance, 2FA recovery codes, your GDPR rights.
Where is my data stored?
Your data is stored in Frankfurt, Germany (DigitalOcean DOKS, FRA1 region) and never leaves the EU at rest. The one exception is the AI extraction step, which sends document content to Anthropic's Claude API in the US for a few seconds of processing under EU-US DPF + SCCs. A contractual zero-retention addendum with Anthropic is in negotiation.
How do I delete my account and export my data?
Settings → Account → Delete account. Type your email to confirm. You get a 30-day grace period to undo the deletion. On day 31 the encryption key tied to your account is destroyed and every document, invoice, transaction, and OAuth token becomes mathematically unreadable — for us, our backups, forever. Export your data before deleting; restore is impossible after day 31.
How our encryption works, in plain English
Three keys nested like Russian dolls: a platform Master Key, your per-Account Key (encrypted by Master), and per-File Keys (encrypted by Account Key). All AES-256-GCM. Deleting your Account Key on account-deletion makes every document, OCR result, and OAuth token mathematically unreadable — for us, our backups, forever. That's how we satisfy GDPR Article 17 cryptographically.
Our sub-processors at a glance
Eight sub-processors: DigitalOcean (Frankfurt infra), Anthropic (US, AI extraction), Mistral (France, website-assistant embeddings), Stripe (US, payments), Resend (US, outbound email), MailPace (UK company with EU hosting, inbound email forwarding), Sentry (US, error monitoring with PII scrubbing), Cloudflare (Global, CDN/WAF for the marketing website). US transfers under EU-US DPF + SCCs; MailPace under the UK adequacy decision. The canonical list with details lives at /subprocessors.html. We notify customers at least 30 days before adding a new sub-processor, with a 14-day objection window.
How do I use 2FA recovery codes?
On the 2FA prompt, switch to the backup-code option and enter one of the 10 codes you saved when enabling 2FA. Each code works once. After signing in, immediately disable + re-enable 2FA on your new device, or generate fresh backup codes from Settings. If all codes are used and you can't access the authenticator, [email protected] resets 2FA after identity verification (1–3 working days).
Your GDPR rights as a user
Six GDPR rights apply to your TaxItEasy data: Art. 15 (access), 16 (rectification), 17 (erasure), 18 (restriction), 20 (portability), 21 (objection). Most are exercisable directly in-app; for the formal route or for Art. 18 / 21 (no UI today), email [email protected]. Statutory 30-day resolution window; we acknowledge within 2 working days.