We take your privacy seriously. This policy explains what data we collect, how we use it, and what rights you have. Last updated: February 2026.
TaxItEasy ("we", "us", "our") operates the TaxItEasy platform for invoice processing and document management. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services.
We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.
The data controller responsible for processing your personal data is:
THE GROVVEST AI LTD
Evangelou Floraki 10, Villa 4
8220 Paphos, Cyprus
Email: [email protected]
Website: taxiteasy.org
When you create an account, we collect:
When you create a company on our platform, we collect:
When you upload documents, we process:
If you connect a bank account (e.g. via Revolut integration), we collect:
If you set up automatic email invoice forwarding, we collect:
When you share documents with others (e.g. tax advisors), we collect:
When you use our platform, we automatically collect:
Payment processing is handled by Stripe (PCI-DSS Level 1 compliant). We do not store or have access to your full credit card numbers. We store:
We process your personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the TaxItEasy service | Contract performance (Art. 6(1)(b)) |
| AI invoice processing and OCR | Contract performance (Art. 6(1)(b)) |
| Account verification and security | Legitimate interest (Art. 6(1)(f)) |
| Audit logging and access tracking | Legitimate interest (Art. 6(1)(f)) |
| Payment processing via Stripe | Contract performance (Art. 6(1)(b)) |
| Email notifications about your account | Contract performance (Art. 6(1)(b)) |
| Responding to support requests | Contract performance (Art. 6(1)(b)) |
| Bank account integration and transaction matching | Contract performance (Art. 6(1)(b)) |
| Automatic email invoice processing | Contract performance (Art. 6(1)(b)) |
| Document sharing with tax advisors | Contract performance (Art. 6(1)(b)) |
We do not sell your data. We do not share your data with advertisers. We do not use your data for profiling or targeted advertising. We do not train AI models on your documents.
All data is stored on servers physically located within the European Union. We use European cloud infrastructure providers to ensure your data never leaves EU jurisdiction.
Documents are stored in encrypted object storage. Database records are stored in encrypted PostgreSQL databases. All connections between services use TLS encryption.
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Documents and invoices | Until deleted by you, or 30 days after account deletion |
| Deleted documents (recycle bin) | 30 days after deletion, then permanently removed |
| Audit logs | 6 months |
| Share access logs | 6 months |
| Payment records | 10 years (legal requirement for financial records) |
| Bank transactions | Until deleted by you, or 30 days after account deletion |
| Email integration credentials | Until you disconnect the email account |
| Bank connection tokens (OAuth) | Until you revoke the connection |
We share your data only with the following categories of recipients, and only to the extent necessary:
We do not sell, rent, or otherwise share your personal data with any other third parties.
As a data subject under the GDPR, you have the following rights:
You can request a copy of all personal data we hold about you at any time.
You can request correction of inaccurate or incomplete data. You can also update most data directly in your account settings.
You can request complete deletion of all your data. We will delete your account, documents, invoices, and all associated data within 30 days of your request.
You can export all your data in standard machine-readable formats (JSON, CSV, PDF) at any time from your account settings.
You can request that we limit the processing of your data under certain circumstances.
You can object to processing based on legitimate interest. We will stop processing unless we demonstrate compelling legitimate grounds.
To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.
We implement the following technical and organizational measures to protect your data:
TaxItEasy uses only essential cookies required for the service to function properly:
| Cookie | Purpose | Duration |
|---|---|---|
| Session token | Keeps you logged in | Session / 7 days |
| CSRF token | Protects against cross-site request forgery | Session |
| Preferences | Stores your UI preferences (language, theme) | 1 year |
We do not use tracking cookies, analytics cookies, or advertising cookies. We do not use Google Analytics, Facebook Pixel, or any similar third-party tracking tools.
When you upload invoices and documents, our AI system automatically processes them to extract structured data (invoice numbers, amounts, dates, etc.). This constitutes automated processing under GDPR.
TaxItEasy is a business tool and is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a prominent notice on our platform at least 30 days before the changes take effect.
The "Last updated" date at the top of this page indicates when this policy was last revised.
If you have questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your data, please contact us:
You also have the right to lodge a complaint with a supervisory authority in your EU member state if you believe your data protection rights have been violated.
If anything in this policy is unclear, don't hesitate to reach out at [email protected]. We're happy to explain how we handle your data.