Privacy Notice

What information we collect

• Application + onboarding data (name, address, SSN/TIN, income, household)
• Tax documents (returns, W-2s, 1099s, K-1s, brokerage statements)
• Investment account data from custodian (Altruist) and outside aggregators (Plaid)
• Communications (email, chat, scheduled-call notes)

How we use it

Solely to deliver the services you've engaged us for: tax preparation + advisory, investment management, financial planning, and required regulatory reporting. We do not sell your NPI to third parties.

Who we share it with (only when required)

• Custodian (Altruist) to hold and trade your assets
• Tax authorities (IRS, state) for return filing
• Service providers under written confidentiality: Supabase (database), Vercel (hosting), Anthropic (AI processing), Resend (email), DocuSign (e-signature)
• Regulators in response to lawful requests (SEC, state securities authority, state CPA board)

How we protect it

Encryption at rest and in transit. Row-Level Security in our database. Multi-factor authentication required for staff. Annual penetration testing. SOC 2 Type II target Phase 2.

Your rights

• Access: request all data we hold about you
• Correct: ask us to fix inaccurate data
• Export: receive a copy in machine-readable format
• Delete: ask us to delete data we are not required by law to retain

Email hello@vega.tax to exercise any of these.

Updates

If we materially change this notice, we will notify you by email at least 30 days before the change takes effect. The latest version is always at /legal/privacy-notice.