How We Protect Your Data
Your tax data is sensitive. We treat it that way.
Last updated: 3 April 2026
Swiss hosting, Swiss law
All tax documents and extracted financial data are stored exclusively in Swiss-hosted infrastructure (Supabase, Zürich region). AI document processing is performed by Google Cloud on EU-resident endpoints within the European Union. Payment data is processed by Stripe, which may process data in the EU and the United States under appropriate safeguards (see our Privacy Policy, Section 8, for details).
TaxWize is operated by Szakács Solutions, a registered sole proprietorship (Einzelunternehmen, Swiss UID: CHE-289.567.114) in Eggenwil, Canton Aargau. Swiss data protection law (DSG/FADP) applies.
Encryption everywhere
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Documents you upload are stored in encrypted storage with access controls.
All data is protected by encryption in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted to authorised personnel.
Minimal data collection
We collect only what is needed to prepare your tax filing: your documents, the data extracted from them, and your answers to tax-related questions.
We do not sell your data. We do not use it for advertising. We do not share it with third parties except the subprocessors listed below.
You control your data
You can delete your account and all associated data at any time from your settings page or by contacting privacy@taxwize.ch. Account deletion initiates permanent removal of your data from production systems within 30 days. Backup purging follows within an additional 30 days.
You can download your tax report before deleting your account. After deletion, we retain no personal data.
AI document processing
TaxWize uses AI to extract data from your uploaded documents and to generate tax insights. Document processing happens through secure API calls to our AI providers. AI output can be incomplete or imperfect, so extracted values and insights are presented for your review and should be verified before you rely on them.
We use Google Cloud (Gemini models) for document classification, extraction, and tax insights, processed on EU-resident endpoints within the European Union. Google processes data under a strict data processing agreement (DPA) and does not use your data for training.
Extracted data is stored in our Swiss-hosted database. Original documents are stored in Swiss-hosted encrypted storage.
Subprocessors
We use a limited set of trusted subprocessors, each under a signed Data Processing Agreement:
| Service | Purpose |
|---|---|
| Supabase (Zürich, AWS eu-central-2) | Database, authentication, file storage |
| Google Cloud (Switzerland, Zürich) | Application hosting, compute |
| Google Cloud (Gemini models, EU) | Document classification, extraction, and tax insights (EU-resident) |
| Stripe | Payment processing |
| Plausible Analytics | Privacy-friendly analytics (no cookies, no personal data) |
| Resend (EU, Ireland) | Transactional emails (support-ticket replies, notifications) |
Cookie-free analytics
We use Plausible Analytics, which is fully GDPR and DSG compliant. It does not use cookies, does not track individuals, and does not collect personal data. No cookie banner is needed.
Security practices
Row-level security (RLS) ensures users can only access their own data. All API endpoints verify authentication and ownership before returning data.
We maintain a security.txt file for responsible disclosure. If you find a vulnerability, please report it to security@taxwize.ch.
Questions?
For any questions about how we handle your data, contact us at privacy@taxwize.ch.
For the full legal privacy policy, see our Privacy Policy.