TaxRationale

Privacy Policy

Effective 10 June 2026

The short version: the tax data you enter is encrypted on your device before it ever reaches us, and we cannot read it. What we can see is the minimum needed to run an account: your name and email, your subscription status, and messages you choose to send us.

Who we are

TaxRationale is a division of Ibex Consulting (Pty) Ltd, registration number 2017/283495/07 (“we”, “us”). For the purposes of the Protection of Personal Information Act, 2013 (POPIA), we are the responsible party for the personal information described in this policy. Our information officer is Thomas Lobban, who can be reached at hello@taxrationale.com.

What we collect, and why

Account information. Your name, email address, an authentication verifier (a hash that proves you know your password without revealing it), and encrypted key material that only your password or recovery key can unlock. We process this to create and secure your account.

Encrypted records. If you turn on sync, your saved computations are stored on our servers as opaque encrypted blobs. They are encrypted and decrypted only on your devices. We cannot read the contents: not a taxpayer name, not an income figure, not a note. We process these blobs solely to store them and return them to your devices.

Subscription and billing. Your plan and subscription status, and a customer reference at our payment provider once online checkout is live. Card details are handled by the payment provider, not by us.

Messages you send us. If you use the contact form, we store the name, email address, subject and message you submit so we can reply. The same applies to email you send us directly.

Firm workspaces and devices.If you use a firm workspace, we store the firm’s name, its member list and roles, invitation email addresses, and which member last edited a shared record. If you enable device unlock, we store a short device label (for example “Chrome on Windows”) and timestamps so you can see and revoke your devices. None of this includes any key that can read your data.

Technical information. Like most services, we use IP addresses transiently to rate-limit sign-ins, sign-ups and the contact form. We use Vercel Analytics for aggregate, privacy-respecting usage statistics; it does not use cookies and does not identify you. The only cookies we set are the strictly necessary ones used to sign you in securely and keep you signed in.

We process account, sync, billing and message information because it is necessary to provide the service you have asked for; technical information is processed in our legitimate interest in keeping accounts secure. We email you about your account and the service; we will not send you marketing email without your consent.

What we cannot see

The substance of your tax work: income figures, deductions, client identities, schedules, scenarios and reports. These are encrypted on your device with keys we never possess. This is a structural property of the product, not a policy choice we could quietly change.

Practitioners and client information

If you are a tax practitioner, the client information you enter into your vault is encrypted on your device like all other vault data, and we cannot read it. You remain the responsible party for your clients’ personal information under POPIA; to the extent we store ciphertext on your behalf, we do so as an operator acting on your instructions, and we have no ability to access the contents.

Where your data is stored

Our infrastructure is provided by Vercel (application hosting), Turso (database) and Resend (transactional email). Data, including encrypted blobs, may be stored or processed outside South Africa. Where personal information leaves South Africa, we transfer it only to providers bound by contracts that impose protection substantially similar to POPIA (section 72(1)(a)); the contents of your vault are unreadable ciphertext wherever they are stored.

How long we keep things

Account information and encrypted records are kept while your account is active. Deleting your account from Settings removes your account record and your encrypted blobs from our servers; if you own a firm workspace that still has other members, you will be asked to remove them or hand the workspace over first. If a sync subscription lapses, your data remains on your devices; we may delete server-side encrypted blobs after 90 days. Contact-form messages are kept for as long as needed to handle the enquiry and are then deleted as part of routine housekeeping.

If something goes wrong

If we become aware that personal information we hold has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and affected account holders as soon as reasonably possible, as section 22 of POPIA requires. Because your vault is ciphertext to us, a server-side breach would not expose its contents, but you would still hear about it from us.

Your rights

Under POPIA you may:

  • ask what personal information we hold about you, and request a copy;
  • ask us to correct or delete personal information we can access;
  • object to processing, where the law gives you that right;
  • complain to the Information Regulator (South Africa), inforegulator.org.za.

One honest caveat: we cannot read, correct or selectively delete the contents of your encrypted vault, because we cannot decrypt it. You can edit or delete that data yourself from within the app, and deleting your account removes our copies of the ciphertext.

Changes to this policy

If we change this policy, we will update this page and the effective date above. If a change meaningfully reduces your rights, we will tell account holders by email first.

Contact

Questions about this policy or your information: hello@taxrationale.com.

How the encryption works is described in plain language on the Security page.