Privacy Policy

Last Updated: February 8, 2026

1. Introduction

This Privacy Policy describes how DeductIt (“we”, “our”, or “the Service”) collects, uses, and protects your personal information when you use our donation tracking application.

2. Information We Collect

2.1 Account Information

When you sign in with Google, we collect: - Your name - Email address - Google profile picture - Unique user identifier

2.2 Donation Records

You provide donation information including: - Charity names and details - Donation dates and values - Item descriptions (for in-kind donations) - Photos of donated items (optional) - Custom notes and categories

2.3 Household Data

If you use household sharing features: - Household member email addresses - Household names - Shared donation records

2.4 Technical Information

We automatically collect: - Browser type and version - IP address - Device information - Usage patterns and analytics

3. How We Use Your Information

We use your information to: - Provide the Service: Authenticate your account and store your donation records - Enable Features: Support household sharing and collaboration - Improve the Service: Analyze usage patterns to enhance functionality - Communicate: Send service-related notifications (if enabled) - Ensure Security: Protect against unauthorized access and abuse

4. Data Storage and Security

4.1 Where We Store Data

• User data is stored in Google Cloud Firestore
• Files and images are stored in Firebase Storage
• Authentication is handled by Firebase Authentication
• All data is stored in secure, encrypted Google Cloud infrastructure

4.2 Security Measures

We implement industry-standard security measures including: - Encryption in transit (HTTPS/TLS) - Encryption at rest - Authentication and authorization controls - Regular security updates and monitoring

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

5.2 Service Providers

We use third-party services to operate the Service: - Google Cloud Platform/Firebase: For hosting, storage, and authentication - Google Sign-In: For user authentication - Google Drive API: For optional file export (only when you choose to use this feature)

These providers have access to your data only to perform services on our behalf and are obligated to protect your information.

5.3 Legal Requirements

We may disclose your information if required by law or in response to: - Valid legal processes (subpoenas, court orders) - Protection of our rights and property - Emergency situations involving safety

5.4 Household Sharing

When you share a household, all household members can view and edit shared donation records. Only share with trusted individuals.

5.5 Google Drive Integration

When you use the optional “Export to Google Drive” feature:

What We Access: - We request permission to create and access files in your Google Drive - Our access is limited to files that our app creates (using the drive.file scope) - We cannot access, read, or modify any other files in your Google Drive

How It Works: - When you first use the export feature, you’ll be asked to grant Google Drive permission - We only upload files when you explicitly click “Export to Google Drive” - Exported files are saved directly to your Google Drive account - You can revoke this permission at any time through your Google Account settings

What We Upload: - CSV files containing your donation records for the selected tax year - File naming format: DeductIt_Donations_[Year].csv

Important Notes: - This feature is completely optional - you can use the app without ever granting Drive access - We do not store your Google Drive files on our servers - The export happens directly between your browser and Google Drive - You maintain full control over files in your Google Drive and can delete them at any time

6. Your Rights and Choices

6.1 Access and Export

You can: - View all your donation records within the app - Export your data in PDF or CSV format - Download copies of your information - Export data directly to Google Drive (optional, requires additional permission)

6.2 Correction and Deletion

You can: - Edit or delete any donation records - Update your account information - Request deletion of your account and all associated data

6.3 Data Retention

• Your data is retained while your account is active
• If you delete your account, we will delete your personal data within 30 days
• Some data may be retained for legal or security purposes as required

7. Cookies and Tracking

We use essential cookies and local storage to: - Maintain your authentication session - Remember your preferences - Analyze usage patterns

You can disable cookies in your browser settings, but this may limit Service functionality.

8. Third-Party Links

The Service may contain links to third-party websites (e.g., charity websites). We are not responsible for the privacy practices of these external sites. Please review their privacy policies separately.

9. Browser Extension (DeductIt TurboTax Helper)

We offer an optional browser extension for Chrome and Edge that helps you enter your donation data into TurboTax Online. This section covers privacy practices specific to the extension.

9.1 What the Extension Does

The extension automates entering charitable donation records from DeductIt into TurboTax Online. It reads a donation guide (JSON data) that you export from DeductIt, then fills in forms on TurboTax pages on your behalf.

9.2 Permissions and Why We Need Them

• activeTab & scripting: To interact with TurboTax form fields on the active tab when you click “Start Automation”
• storage: To temporarily store your donation guide locally in the browser so it persists if you close and reopen the extension popup
• clipboardRead: To let you paste a donation guide copied from DeductIt
• Host permissions (intuit.com, turbotax.com): To detect TurboTax pages and fill in donation forms
• Host permissions (deductit.io): To receive donation guide data directly from the DeductIt web app

9.3 Data Handling

• Local only: All donation data processed by the extension is stored locally in your browser using chrome.storage.local. It is never transmitted to our servers or any third party by the extension.
• Automatic cleanup: The stored donation guide is automatically deleted from browser storage after automation completes.
• No analytics or tracking: The extension does not collect analytics, usage data, or any telemetry.
• No remote code: The extension runs entirely from locally bundled code with no remote script loading.

9.4 TurboTax Page Interaction

The extension only interacts with TurboTax pages when you explicitly start the automation. It reads page elements (headings, form labels, buttons) to navigate the donation entry flow. It does not read, collect, or store any of your tax return data, financial information, or other content from TurboTax pages.

9.5 Uninstalling

You can uninstall the extension at any time through your browser’s extension settings. Uninstalling removes all locally stored data associated with the extension.

10. Children’s Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us to have it removed.

11. International Users

The Service is hosted in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by: - Posting the new policy on this page - Updating the “Last Updated” date - Sending an email notification (if applicable)

Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): - Right to know what personal information is collected - Right to delete personal information - Right to opt-out of sale of personal information (we do not sell data) - Right to non-discrimination for exercising your rights

14. GDPR Rights (EU Users)

If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR): - Right to access your data - Right to rectification - Right to erasure (“right to be forgotten”) - Right to restrict processing - Right to data portability - Right to object to processing

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: [email protected]

By using DeductIt, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.