Privacy & Deletion

🎯 Why this matters

Clients trust you with sensitive data. TaxLayer helps you protect it, prove it, and manage it—without turning you into a lawyer or an IT admin.

What you get, in practice:

  • Clear controls to see, export, correct, and delete data

  • Audit-ready logs and reports in minutes (not weeks)

  • Private AI by default (your data never trains a public model)

🧠 Our privacy promise (in plain English)

  • We collect the minimum needed to run the service.

  • Your data stays yours. You can export it or delete it.

  • No cross-mixing: Your firm’s data never mixes with other firms.

  • AI privacy: Your documents are not used to train global models.

  • Everything is encrypted in transit and at rest.

  • Full audit trail of who did what, and when.

✅ Your GDPR rights—made easy

1) Access (Article 15) — “Show me everything you have.”

From Settings → Privacy you can generate a full data export (clients, documents, knowledge base, audit logs, AI chats). Formats: CSV (for Excel), PDF (for auditors), ZIP (full archive).

2) Rectification (Article 16) — “Fix something that’s wrong.”

Edit profile details, client/vendor data, and document metadata directly. We keep a change history.

3) Erasure (Article 17) — “Delete my data.”

Choose soft delete (with short rollback window) or hard delete (immediate and permanent). We’ll guide you through retention rules (e.g., accounting records often need to be kept for up to 7 years).

4) Portability (Article 20) — “I want to move my data.”

Export in standard formats (CSV/JSON/PDF) that import cleanly into other systems.

🗑 Account-level deletion (full removal)

When you close an account, we run a step-by-step checklist so nothing is left behind accidentally.

What happens:

  • Removed: user profiles, documents, knowledge base, chat history, client/vendor data, API keys, files.

  • Kept (anonymised): basic security logs and billing summaries (only what the law requires).

  • Timeline: usually 5–7 business days after confirmation (with MFA).

  • Before you confirm: you’ll get a final export option.

🧹 Data reset (keep the account, clear the data)

Useful after a pilot, before go-live, or for routine clean-ups.

Common presets:

  • Pilot Clean: remove test docs; keep settings and integrations.

  • Go-Live Prep: clear all docs & batches; keep clients, vendors, rules.

  • Quarterly Clean: archive old batches; keep active clients & knowledge.

Each reset shows exactly what will be cleared and what stays. You’re always in control.

🤖 AI privacy (short version)

  • Your documents are not used to train public or shared AI models.

  • The AI reads only what’s needed at the moment you ask a question (temporary, scoped to your tenant).

  • Your knowledge base is private to your firm.

  • All AI interactions are logged for audit.

🛡 Security basics (what auditors like to see)

  • Encryption: end-to-end (in transit & at rest)

  • Access control: role-based permissions; least-privilege by default

  • Tenant isolation: strict separation between organisations

  • Audit trails: timestamped logs for document actions, AI use, submissions

  • Backups & recovery: resilience and continuity built in

🧭 Quick setup (30 minutes)

In Settings → Privacy & Security:

  1. Set retention periods (e.g., 7 years for accounting docs).

  2. Enable audit logging (on by default—verify your preferences).

  3. Decide who can export/delete (restrict to admins).

  4. Test a data export (make sure it matches your audit needs).

  5. Turn on MFA for all users.

  6. Review privacy notice (we provide a template—add your firm’s details).

🗓 GDPR audit prep (1-week playbook)

Day 1: Generate a data inventory report (what you store, where). Day 2: Export access logs and deletion logs for the audit period. Day 3: Produce a sample data export (for Article-15 requests). Day 4: Verify retention settings and legal holds. Day 5: Check incident response steps (run a 10-minute tabletop exercise). Day 6–7: Compile into a single PDF pack (we provide a one-click summary).

Typical prep time: 2–4 hours if you’ve used the built-in tools.

❓Common questions (fast answers)

Q: Where is our data stored? A: In EU data centres. We’ll show region info in your Settings.

Q: Can we delete a single client and all related data? A: Yes. You’ll see what will be removed and any retention blockers.

Q: Can we keep audit trails but remove personal data? A: Yes. We anonymise logs while preserving compliance evidence.

Q: Can we export everything for a regulator? A: Yes—choose Full Export; you’ll get CSV + PDF with a contents index.

Q: Do you mix our data with other firms for AI? A: No. Per-tenant isolation. No cross-tenant training. Ever.

🧩 Practical checklists

Before deleting data

Before a client privacy request

🔧 If something goes wrong (quick fixes)

  • Export too large? Filter by date range, or export by category.

  • Deletion blocked? There’s likely a legal hold (we show why).

  • Slow download? Try PDF summary first; run full ZIP overnight.

  • Missing items in an export? Check retention settings & permissions.

Bottom line

TaxLayer gives you simple, reliable GDPR controlsexport, correct, delete, prove—wrapped in clear workflows and audit-ready reports. You focus on accounting; we handle the privacy plumbing.

PreviousFiles in Chat (Ad-hoc Analysis)

Last updated