Privacy Policy
Last updated: May 2026
1. What We Collect
taxmcp.io is operated by Gray & Company LLC ("Gray & Co.", "we", "us"), which is the controller of the personal data described in this policy. You can reach us at hello@taxmcp.io.
We collect only what's needed to run the service:
- Account info: your email and name for managing your subscription.
- Usage logs: timestamps, response codes, and latency for monitoring performance.
- Session data: a secure identifier that keeps you logged in.
2. How We Use It
- Running the service: authenticating requests, enforcing rate limits, returning results.
- Improving reliability: understanding usage patterns to keep things fast.
- Billing: processing payments for paid plans.
- Support: helping you when something goes wrong.
3. Security
- All connections encrypted with TLS.
- All data is hosted on US-based servers. If you access the service from outside the United States, you consent to your data being processed in the US.
- Passwords are hashed; we never store them in plain text.
- Sessions are server-side with secure, HTTP-only cookies.
4. Third Parties
Payments are processed by Stripe; we never store your card number. Beyond that, we use standard providers for hosting and transactional email. We don't use ad networks, analytics vendors, or data brokers.
5. Cookies
We use a few cookies to keep you logged in and protect against cross-site request forgery. All are functional; none are used for tracking or advertising.
6. Data Retention
| Data Type | Retention |
|---|---|
| Account information | Duration of your account, plus 30 days after deletion |
| Usage logs | 30 days |
| Session data | Cleared on logout or expiry |
7. Your Rights
You can request an export, correction, or deletion of your data at any time. You can unsubscribe from non-essential emails via any email link.
If you're a California resident, these are your rights under the CCPA/CPRA; if you're in the EU or UK, they're your rights under the GDPR. They apply to everyone regardless of where you live. We don't sell your personal data or share it for targeted advertising, and we won't discriminate against you for exercising any of these rights.
For any requests, reach out at .
8. Changes
If we make meaningful changes to this policy, we'll email you at least 30 days before they take effect.