Skip to main content

Privacy Policy

Last updated: February 2026

1. Information We Collect

Wippy collects information necessary to provide tax practice management services, including:

  • Account information (name, email, username)
  • Client data entered by your firm (names, contact info, tax return details)
  • Time tracking and billing records
  • Documents uploaded through the client portal
  • Usage logs and session data for security purposes

2. How We Use Your Data

Your data is used solely to:

  • Provide and maintain the Wippy service
  • Authenticate users and enforce access controls
  • Generate invoices, reports, and exports you request
  • Send transactional emails (invoices, portal invitations, reminders)
  • Ensure platform security and prevent abuse

We do not sell, rent, or share your data with third parties for marketing purposes.

3. Data Storage & Security

  • Data is stored on encrypted cloud infrastructure
  • Sensitive fields (EIN/SSN) are encrypted at the application level using AES-256-GCM
  • Authentication uses bcrypt password hashing and httpOnly JWT cookies
  • All connections are secured via HTTPS with TLS 1.2+
  • Database backups are performed daily with 7-day retention

4. Data Retention

We retain your data for as long as your account is active. Upon account termination, data is deleted within 30 days unless retention is required by law or for legitimate business purposes (e.g., audit trails).

5. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to certain processing activities

To exercise these rights, contact your firm administrator or email[email protected].

6. Cookies

We use a single httpOnly session cookie for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

7. Third-Party Services

  • Cloudflare — CDN and DDoS protection
  • Resend — Transactional email delivery
  • OpenAI — Document organization (organizer tool, opt-in only)

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the application. Continued use after changes constitutes acceptance of the updated policy.

9. Contact

Questions about this privacy policy? Contact us at[email protected].