Taiki Privacy Policy

Effective date: August 26, 2024

This Privacy Policy is designed to help you understand how Taiki Inc. (“Taiki”) collects, uses, and shares your information in order to operate, improve, develop, and protect our services. We encourage you to read this policy thoroughly and reach out to us if you have any questions per the “Contacting Taiki” section below.

About Taiki

Taiki is a company that provides a universal API for extracting tax data from various online platforms of payroll providers, financial institutions, marketplaces, and/or other types of financial providers (we will refer to these as “financial providers”). Taiki’s services automate the process of pulling information like W-2s, 1099s, and bank statements to power the development of advanced tax technology service providers (“service providers”).

About this Policy

This policy aims to provide a clear explanation of information Taiki collects from and about you as a user of our services and how we use and share it. Please note that this policy only applies to information that we collect, use and share. It does not cover what your applicable financial providers or service providers do with any information we provide to them (or any other information they may collect about you separately from Taiki). Additionally, this policy does not apply to any websites, products, or services provided by others. If you would like to know more about their practices, we suggest reviewing their privacy policies or notices.

Data We Collect

Login Data

To use Taiki’s services you must enable Taiki to access tax data in your accounts with financial providers. To enable such access, you will be required to log into your accounts with the financial providers and allow Taiki to collect and use unique identifiers and login information, such as an API token, security token, password and/or username (we will refer to these collectively as “login data”) as required by the applicable financial provider. Your financial provider may also require you to sign an authorization document allowing Taiki to access the tax data.

Tax Data

Once you have logged into your financial providers and enabled Taiki’s access to your tax data, such as tax forms (such as W-2s and 1099s) and related data found within the tax forms, such as wages, social security numbers, employment data, taxes withheld, Taiki will then collect tax data and provide it to your designated service providers.

Device Data

When you use a device, like your smartphone, tablet, or computer, to interact with our services (including through a service provider’s app), we may collect the following data about that device:

• internet protocol (IP) address;

• timezone setting and location, device location;

• hardware model and operating system;

• features within Taiki’s services you access;

• browser data;

• network data; and

• other technical data about the device (such as settings and preferences).

Data we receive about you from service providers

When needed for Taiki to provide its services, the financial providers and service providers you use may provide us with identifiers and commercial information about you, like your name, Social Security number, email address, phone number, or information about your financial accounts and transactions.

Information we derive from the data we collect

We may derive additional information about you from the other categories of data we collect. For example, we may infer your geolocation, your annual income, or the type of account or subaccount you’ve chosen to connect so we can let the service provider know whether the account is for a mortgage, student loan, or credit card.

Cookies

We may collect and share cookie data from and with third parties when you visit our website, or we may allow third parties to collect this cookie data from our sites. Please see “Cookies and Similar Technologies” under “How We Share Your Data” below for more details.

How We Use Your Data

We do not sell or rent personal information that we collect. We use your information for the following business purposes:

• Provide Taiki’s services

• Communicate with you for matters related to our services

• Provide support

• Help prevent fraud, verify identity, or protect privacy

• Develop understanding and insights into your user experience

• Improve existing services, for example, by adding features and functionality

• Develop new services

• Investigate potential misuse and misconduct of our services

• For legal purposes such as establishing and defending claims, to manage or transfer assets or liabilities such as an event of acquisition or merger; and

• As directed by you or with your advance consent for other notified purposes.

How We Share Your Data

We do not share your data with non-affiliated third parties except as permitted by law (as authorized by 12 C.F.R. § 1016.14 and 1016.15).

Taiki shares your personal data with third parties for the following reasons:

• Login Data. Unlike many other software providers, Taiki does not store your login data, instead we simply pass through that information to your financial provider to permit login. Taiki will not share any login data with your service providers. Taiki will refresh any login data in its discretion to maintain access during the period in which Taiki is providing the Taiki service to you.

• Tax Data. Taiki shares your tax data with your designated service providers. We only share your personal financial data with third parties to power the service providers you request.

• As necessary to provide the Services. Like most companies, Taiki uses third-party services (e.g. cloud services) to process and host your data.

• To Prevent Fraud, Abuse, Security Threats. Taiki reserves the right in all cases to share your data with law enforcement, regulatory authorities and other third parties as necessary to prevent fraud, abuse, or security threats.

• Cookies and Similar Technologies. We may collect and share cookie data from and with third parties when you visit our website, or we may allow third parties to collect this cookie data from our sites. Cookies and similar technologies to measure web activity to provide you with a better user experience on our website and during the course of providing our Services. A "cookie" is a unique numeric code that we transfer to your device so that we can keep track of your interests and preferences and recognize you as a returning visitor to the website and Service. If you choose not to accept cookies from us, you will still be able to access many of the features on our website and Service, but with certain limitations to access and functionality.

• To Improve and Create. We share your data with third parties to help us to gain insights from your data to improve our services and develop new services, for example, we utilize large language models and APIs like ChatGPT.

• Aggregated or Anonymized Data. We collect, use, and share data that has been aggregated or anonymized in a manner that does not identify you personally for any purpose permitted under applicable law. For example, creating or using aggregated or anonymized data helps Taiki to develop new services, to facilitate research, and for analytics purposes to help assess the speed, accuracy, and/or security of our services.

Data Protection

Taiki’s security policies and practices are designed to protect the confidentiality and integrity of your data. Taiki implements security controls designed to limit access to this data to personnel who have a business reason to know it and prohibits its personnel from unlawfully accessing, using or disclosing this data. We also take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protection is implemented by the third parties who assist us in providing products and services to you.

Notes for EEA and UK End Users

For individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”), Taiki only processes your personal data when we have a valid legal basis to do so. Our legal basis for processing the data we collect will depend on what data we collected and the purpose for processing it. Generally, we will only collect and process your data where:

• we are bound by any contract or agreement with you (for example, to comply with our end user services agreements).

• we require your data to comply with our legal obligations under applicable law, to safeguard Taiki's legal rights, and prevent and identify criminal activities such as fraud. For these purposes, Taiki may find it necessary to share your personal data with entities such as courts, law enforcement agencies, and providers of anti-money laundering services;

• processing is necessary for our legitimate interests to effectively maintain the integrity of our services. This includes engaging in communication with you, and ensuring that Taiki upholds the expected standards; or you have given your consent to do so.

To the extent we rely on consent to collect and process your data, you have the right to withdraw your consent at any time per the instructions provided in this policy.

Information Retention and Deletion

We retain your data only as long as it is needed. To determine whether the data is needed, we consider the reason your data was collected and used and any legal requirements to hold onto your data. We review your data periodically to ensure it is still needed to fulfill the purpose for which it was collected or any other legal requirements.

The exceptions to this may be if: (a) you’ve established a connection with another financial provider or service provider app through Taiki that is still active; (b) Taiki needs your data to continue providing you with a Taiki service you requested; (c) Taiki is required by law to keep your data; (d) Taiki needs your data to help prevent fraud or protect privacy, provide support, or investigate misuse and misconduct; (e) where Taiki has anonymized your data such that it can not reidentified or (f) we request - and you specifically agree - to allow us to retain your data longer.

Your data will only be processed as required by law or in accordance with this policy.

Please refer to the “How to Exercise Rights in Your Data” section of this policy for options that may be available to you, including how to request deletion of your data. You can also contact us about our data retention practices using the contact information in the “Contacting Taiki” section below.

Taiki does not transfer data we collect about you across international borders.

How to Exercise Rights in Your Data

You may exercise the following rights related to your personal data, subject to some limitations and exceptions provided by law, and you will not be discriminated against for exercising them:

• Access data collected about you;

• Request access to more details about the categories and specific pieces of personal information we may have collected about you in the last 12 months (including personal information disclosed for business purposes);

• Request, under certain circumstances, that we rectify or update your data that is inaccurate or incomplete;

• Request, under certain circumstances, that we erase or restrict the processing of your data;

• Object to our processing of your data under certain conditions provided by law;

• Where processing of your data is based on consent, withdraw that consent;

• Request that we provide data collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible.

• Please note that for an official record of your financial activities and history, you should make that request directly to your service provider.

You can contact us as described in the “Contacting Taiki” section below to exercise any of your data protection rights. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. We will consider requests and provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims.

Additionally, depending on where you live, you may have the right to make a complaint at any time to your (data protection) supervisory authority. For example, if you are in Canada, you may contact the Office of the Privacy Commissioner of Canada which you can find here. For end users in the EEA, you can find contact information for the European Data Protection Board (EDPB) on the EDPB’s website here. For end users in the UK, you can find contact information for the Information Commissioner’s Office (ICO) on the ICO’s website here. For end users in Switzerland this is the Federal Data Protection and Information Commissioner which you can find here.

Children

Our services are not targeted or directed at children under the age of 13, and we do not intend to or knowingly collect or solicit personal information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal information to us, we encourage the child’s parent or guardian to contact us in accordance with the section Contacting Taiki to request that we remove the information from our systems. If we learn that any personal information we collected has been provided by a child under the age of 13, we will promptly delete that personal information.

Contacting Taiki

You may contact Taiki to exercise rights in your data, to ask questions about our privacy policies and practices, and to file a complaint.

Contact Taiki:

Taiki, Inc.

13750 Beaumont Ave, Saratoga, CA 95070

[email protected]

If you believe the privacy laws relating to the protection of your personal information or this policy have not been respected, you may file a complaint with us. We will acknowledge your complaint, investigate it and provide you with a response within a reasonable period of time (and within any time period required by applicable law). If, after an investigation, your complaint is deemed justified, we will take appropriate steps to correct the situation, including, if necessary, amending our policies and practices. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims.

Policy Changes

We may update or change this policy from time to time. If we make any updates or changes, we will post the new policy on this URL and update the effective date at the top of this policy. We will also notify service provider of any material changes in accordance with our service provider agreements, as they are generally best positioned to notify their end users about such changes to this policy, as appropriate.