Privacy Policy

Gideon Solutions, LLC (“Gideon Tax,” “we,” “our,” or “us”) operates gideontax.com and related subdomains and services (the “Service”). This Privacy Policy explains, in plain English, what information we collect, how we use it, when we disclose it, and the choices you have. It applies to taxpayers, customers, and visitors of the Service.

Information we collect

We collect information in three main ways:

• Information you give us. Account details (such as your name and email address), authentication credentials, support messages, payment information you submit through our payment processor, and any information you enter into a tax form on the Service.
• Information collected automatically. IP address, device and browser information, request logs, timestamps, and similar security and operational telemetry generated when you use the Service.
• Information from third parties. Limited information from our authentication, payment, anti-abuse, and infrastructure providers (for example, a confirmation that a sign-in succeeded, that a payment cleared, or that a request looked automated).

Tax return information

When you use Gideon Tax to prepare or e-file a federal tax form (for example, IRS Form 4868 or Form 2290), the data you enter on that form is “tax return information.” We use and disclose tax return information only to provide the tax preparation, e-file, and support services you request, as permitted or required by law (including 26 U.S.C. § 7216 and IRS Publication 1345), or with your valid consent where consent is required. We do not sell tax return information, and we do not use it to market unrelated products.

How we use information

• To create and operate your account and authenticate you.
• To prepare, validate, and e-file the federal tax form you ask us to file, and to deliver IRS acknowledgements back to you.
• To process payments for paid services.
• To respond to support requests and communicate with you about the Service.
• To detect, prevent, and respond to fraud, abuse, security incidents, and unauthorized access.
• To comply with legal, tax, and recordkeeping obligations.
• To improve the reliability and quality of the Service.

How we disclose information

We do not sell your personal information, and we do not sell tax return information. We disclose information in the following situations:

• To service providers and subprocessors that help us operate, secure, support, or file the tax service you requested (described below).
• To the IRS and applicable tax authorities when we transmit your tax return on your behalf.
• With your consent,including any consent required by 26 U.S.C. § 7216 for uses or disclosures of tax return information beyond providing the requested service.
• When permitted or required by law, such as in response to a valid subpoena, court order, or government request, or to protect rights, safety, and the integrity of the Service.
• In a business transfer, such as a merger, acquisition, or sale of assets, subject to applicable law and any required taxpayer consent.

Service providers / subprocessors

We use a small number of vendors to run the Service. They access only the information needed to perform their role and are contractually required to protect it. Categories include:

• Cloud hosting and database providers.
• Authentication and identity provider.
• Edge network, DDoS, and bot-mitigation provider.
• External vulnerability scanning vendor (ASV).
• Transactional email provider.
• Payment processor (for paid services).
• Source code hosting and logging/monitoring providers.

A current list of subprocessors is maintained internally and can be provided on request.

Cookies, logs, anti-abuse, and security telemetry

We use cookies and similar technologies to keep you signed in, remember your preferences, and protect the Service. We log requests to the Service (including IP address, user agent, timestamps, and request paths) to operate, debug, and secure it. We use challenge-response and bot-detection technology, such as Cloudflare Turnstile or a comparable control, to block automated abuse. We do not use third-party advertising trackers.

Data retention

We keep tax return information and related records for as long as needed to provide the Service and to meet IRS, tax, and other legal recordkeeping obligations. Account data, support communications, and security logs are kept for the period described in our internal retention policy and then deleted or de-identified. Specific retention periods are listed in our internal data retention and deletion policy.

Security safeguards

We maintain physical, electronic, and procedural safeguards that comply with applicable law and federal standards.

In practice this includes encryption in transit (HTTPS/TLS), access controls and multi-factor authentication for systems that handle taxpayer information, least-privilege access, secrets management, external vulnerability scanning, logging and monitoring, and an incident response process. No system is perfectly secure, and we cannot guarantee that information will never be accessed or disclosed in ways inconsistent with this Policy.

User choices and contact

You can review or update your account information by signing in. You can ask us to delete account data or tax return information that we are not legally required to keep. Depending on where you live, you may have additional rights under state privacy laws.

To exercise these rights or ask a privacy question, contact us at ian@gideonsolutions.us.

Children’s privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has given us personal information, please contact us and we will delete it.

Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, give additional notice. Continued use of the Service after an update means you accept the updated Policy.