W
WriteOffOS
← Back to Login

Privacy Policy

Effective date: June 2026

Data We Collect

We collect the following categories of personal information when you use WriteOffOS:

  • Account data: name, email address, firm name, and hashed password.
  • Financial documents: tax documents, receipts, bank statements, and other files you or your CPA upload for analysis.
  • Bank transaction data: transaction history imported via Plaid when you connect a bank account through the client portal.
  • Usage data: log data, IP addresses, browser type, and pages visited.
  • Payment data: billing information processed by Stripe; we do not store card numbers.

How We Use It

We use the information we collect to:

  • Provide and operate the WriteOffOS platform for CPAs and their clients.
  • Run AI-powered analysis of financial documents to identify potential tax deductions.
  • Send portal invitation emails and product notifications.
  • Process subscription payments and manage billing.
  • Improve service quality, troubleshoot issues, and ensure security.
  • Comply with legal obligations.

We do not sell your personal data to third parties.

Third-Party Services

WriteOffOS integrates with the following third-party services, each governed by their own privacy policies:

  • Anthropic (Claude API): Document text is sent to Anthropic's API to generate AI analysis. Anthropic processes this data subject to their Privacy Policy. Enterprise API customers are not used for model training by default.
  • Plaid: Bank connection and transaction import is handled by Plaid. Your banking credentials are never shared with WriteOffOS. See Plaid's Privacy Statement.
  • Stripe: Payment processing is handled by Stripe. See Stripe's Privacy Policy.

Data Retention

We retain your account data and uploaded documents for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements.

Client portal tokens expire after 365 days and must be renewed by your CPA. Uploaded documents associated with an expired or deleted account are deleted within 90 days.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data (GDPR Article 17 / CCPA right to erasure). CPA accounts may self-delete via account settings. Clients may contact their CPA or email us directly.
  • Portability: Request an export of your data in a machine-readable format.
  • Opt-out: Opt out of non-essential communications at any time.

To exercise any of these rights, email privacy@writeoffos.com. We will respond within 30 days.

Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, time-based one-time password (TOTP) two-factor authentication, and role-based access controls. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Contact

For privacy-related questions or requests, contact us at:

WriteOffOS — Privacy Team
privacy@writeoffos.com

© 2026 WriteOffOS. All rights reserved. · Terms of Service