Privacy Policy

Personal Information

When you use our service, we collect information that you voluntarily provide, including your full legal name, email address, phone number, mailing address, and company or business name.

Tax-Related Information

To file IRS Form 2290 on your behalf, we collect your Employer Identification Number (EIN), Vehicle Identification Numbers (VINs), taxable gross weight of each vehicle, first-used month for each vehicle, and filing type (original, amended, final return, or VIN correction).

Payment Information

We collect payment details necessary to process your service fee. Credit card numbers and bank account details are processed through our secure, PCI-compliant payment processor and are never stored on our servers.

Automatically Collected Information

When you visit our website, we automatically collect certain information including your IP address, browser type and version, operating system, referring URLs, pages viewed and time spent, and device identifiers.

We use the information we collect to process and submit your IRS Form 2290 filing, generate your Schedule 1 proof of payment document, communicate with you about your filing status and important deadlines, send confirmation emails and receipts, provide customer support and respond to inquiries, improve our website and filing services, comply with legal obligations and IRS requirements, and detect and prevent fraud or unauthorized access.

Encryption at Rest

All sensitive tax data, including your EIN, is encrypted using AES-256-GCM encryption before being stored in our database. This is the same encryption standard used by financial institutions and government agencies.

Encryption in Transit

All data transmitted between your browser and our servers is protected using TLS 1.3 (256-bit SSL encryption). This ensures that your information cannot be intercepted during transmission.

Access Controls

Access to sensitive data is restricted to authorized personnel only, on a need-to-know basis. All access is logged and monitored. We employ multi-factor authentication for administrative access to our systems.

Infrastructure Security

Our servers are hosted in SOC 2 compliant data centers with 24/7 physical security, redundant power and network connectivity, and regular security audits and penetration testing.

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances: with the IRS for the purpose of filing your Form 2290 (this is the core function of our service); with our secure payment processor to process your service fee; with service providers who assist us in operating our website and conducting our business, subject to confidentiality agreements; when required by law, regulation, or legal process; and to protect our rights, privacy, safety, or property.

We retain your filing records and associated tax data for a minimum of 4 years from the date of filing, consistent with IRS record-keeping requirements. You may request deletion of your account and personal data at any time by contacting us at [email protected]. Upon receiving a deletion request, we will remove your personal data within 30 days, except where retention is required by law.

We use essential cookies to maintain your session and remember your language preference. We use analytics cookies to understand how visitors interact with our website, which helps us improve our service. We do not use advertising or third-party tracking cookies. You can control cookie settings through your browser preferences.

Depending on your jurisdiction, you may have the right to access the personal information we hold about you, correct inaccurate or incomplete information, request deletion of your personal data, opt out of marketing communications, receive a copy of your data in a portable format, and lodge a complaint with a data protection authority. To exercise any of these rights, please contact us at [email protected].

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.