Privacy Policy

1. Introduction

iCanTax Pty Ltd ("iCanTax", "we", "us", or "our") is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, hold, use, and disclose your personal information when you use our tax preparation and lodgement services.

By using our services, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Identity Information: Full name, date of birth, gender
• Contact Information: Email address, phone number, residential address
• Tax File Number (TFN): Collected with your explicit consent for tax lodgement purposes
• Australian Business Number (ABN): If applicable to your tax affairs
• Financial Information: Income details, bank account information (BSB and account numbers for refunds)
• Employment Information: Employer details, salary information, superannuation
• Identity Documents: Passport, driver's licence, Medicare card for verification

2.2 Sensitive Information

We may collect sensitive information such as your TFN, which is protected under the Taxation Administration Act 1953. We only collect sensitive information with your explicit consent and where it is reasonably necessary for our tax services.

2.3 Technical Information

We automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and time spent on our platform
• Cookies and similar tracking technologies

3. How We Collect Information

We collect personal information:

• Directly from you when you register, complete forms, or upload documents
• From the Australian Taxation Office (ATO) through authorised data prefill services
• From third parties such as employers (payment summaries) with your consent
• Automatically through cookies and analytics when you use our website

4. How We Use Your Information

We use your personal information to:

• Prepare and lodge your tax return with the ATO
• Calculate your tax refund or amount owing
• Verify your identity as required by law
• Communicate with you about your tax affairs
• Provide customer support and respond to inquiries
• Process payments and manage your subscription
• Comply with our legal and regulatory obligations
• Improve our services and develop new features
• Send you marketing communications (with your consent)

5. Disclosure of Your Information

We may disclose your personal information to:

• Australian Taxation Office (ATO): To lodge your tax return and comply with tax laws
• Service Providers: Cloud hosting (AWS), payment processors (Stripe), email services
• Professional Advisers: Accountants and tax agents involved in preparing your return
• Regulatory Bodies: As required by law or court order

We will not sell, rent, or trade your personal information to third parties for marketing purposes.

5.1 Overseas Disclosure

Our cloud infrastructure is hosted on Amazon Web Services (AWS) with servers located in Australia (Sydney region). Some support services may be provided from overseas locations. Where personal information is transferred overseas, we ensure appropriate safeguards are in place in accordance with APP 8.

6. Tax File Number (TFN) Protection

Your TFN is protected under the Privacy (Tax File Number) Rule 2015. We:

• Only collect your TFN with your explicit consent
• Only use your TFN for tax-related purposes as permitted by law
• Encrypt your TFN using AES-256 encryption at rest
• Never display your full TFN (only last 3 digits are shown)
• Restrict access to TFN data to authorised personnel only
• Retain your TFN only for the period required by law (7 years)

7. Data Security

We implement robust security measures to protect your information:

• Encryption: AES-256 encryption for sensitive data at rest, TLS 1.3 for data in transit
• Access Controls: Role-based access, multi-factor authentication for staff
• Audit Logging: All access to sensitive data is logged and monitored
• Regular Security Reviews: Penetration testing and vulnerability assessments
• Staff Training: Privacy and security awareness training for all employees

8. Data Retention

We retain your personal information in accordance with legal requirements:

After the retention period, data is securely deleted or anonymised in accordance with APP 11.2.

9. Your Rights

Under the Privacy Act, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Complaint: Lodge a complaint if you believe we have breached your privacy
• Opt-out: Unsubscribe from marketing communications at any time
• Withdraw Consent: Withdraw consent for optional data processing

To exercise these rights, contact us at privacy@icantax.com.au

10. Notifiable Data Breaches

In the event of an eligible data breach that is likely to result in serious harm, we will:

• Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
• Notify affected individuals directly
• Provide information about the breach and recommended steps to take

11. Cookies and Tracking

We use cookies and similar technologies to improve your experience. See our Cookie Policy for details.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to make a complaint:

External Complaints:
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):