Privacy Policy

Last updated: March 2026

1. Data controller

TaxPilot is operated in Luxembourg and acts as data controller for personal data processed through this service. We process your data in compliance with the EU General Data Protection Regulation (GDPR) and Luxembourg national law.

2. Data we collect

We collect data you provide directly, including your name, email address, matricule (national ID), date of birth, income details, and tax documents. We also collect usage data to improve the service.

3. How we use your data

Your data is used solely to prepare and manage your Luxembourg income tax return. We do not sell or share your personal data with third parties for marketing purposes.

4. Data retention

Tax-related data is retained for 7 years as required by Luxembourg tax law (ACD regulations). You may request deletion of your account data subject to these legal retention obligations.

5. Your rights

Under GDPR you have the right to access, rectify, erase, and port your personal data. You may also object to or restrict processing. To exercise these rights, contact us at the address below.

6. Security

All sensitive fields (including your matricule) are encrypted at the application layer using AES-256-GCM. Documents are stored in Azure Blob Storage with customer-managed encryption keys and served via short-lived SAS tokens.

7. Contact

For data protection enquiries please contact: [email protected]