Privacy Policy
1. Information Collection
We collect information you provide when registering, completing forms, or contacting support. This includes your business name, EIN, vehicle details, payment information, and contact data.
2. Use of Information
Your information is used solely to process your IRS Form 2290 filing, generate Schedule 1, and support related services. We do not use your data for advertising or third-party marketing.
3. Shared Platform Infrastructure
Our affiliated websites operate on a unified infrastructure and login system. Your data is securely stored and logically separated for each website to ensure privacy and compliance.
4. Disclosure to Third Parties
We do not sell or rent your information. We may share it with the IRS, transportation authorities, and trusted service providers as required to process your return or comply with legal obligations.
5. Data Security
We implement encryption, secure servers, and industry best practices to safeguard your information. However, no transmission method is entirely secure.
6. Data Retention
We retain your tax records for 7 years as recommended by the IRS. Account information is maintained until you request deletion or close your account, subject to legal retention requirements.
7. Your Rights
You have the right to access, correct, or request deletion of your personal information, subject to legal and regulatory requirements.
8. Consent and Policy Updates
By using our websites, you consent to our privacy practices. We may update this policy at any time and will notify users by posting changes on our website.
9. Cross-Platform Data Access
When you sign in using the same email address across our affiliated websites, you may access your own tax filings and account information for customer service convenience. This cross-platform visibility is internal operational access, not third-party disclosure, and helps provide unified customer support. You may contact support to request platform-specific data segregation if preferred.
10. Third-Party Service Providers
We work with trusted service providers for payment processing, cloud storage, and system operations. These providers are contractually bound to protect your information and may only use it to provide services on our behalf. We do not control the privacy practices of payment processors and recommend reviewing their privacy policies.
11. Data Transmission Security
Your personal information may be transmitted across networks and jurisdictions to provide our services. While we use industry-standard encryption and security measures, we cannot guarantee absolute security during transmission. You acknowledge the inherent risks in internet-based data transmission.
12. Age and Legal Capacity
Our services are intended for users who are at least 18 years old or the age of majority in their jurisdiction. We do not knowingly collect personal information from minors without parental consent. If you are a minor, you may only use our services with explicit parental permission and supervision.
13. Legal Compliance and Disclosure
We may disclose your information without prior notice when required by law, court order, subpoena, or to protect our legal rights, investigate suspected fraud, enforce our terms of service, or ensure public safety. We may also disclose information in connection with business transfers, mergers, or acquisitions.
14. Privacy Rights Limitations
Your privacy rights are subject to applicable laws and regulatory requirements. Tax return information is governed by federal confidentiality rules under IRC §7216, and certain data retention and disclosure obligations may limit our ability to delete or modify records. Some information may be permanently retained for audit, compliance, and legal purposes.
15. Cookies and Tracking Technologies
Our websites and mobile application use cookies and similar technologies to authenticate users, maintain session state, and ensure the proper functioning of our services. The types of cookies we use include:
- Essential Cookies: Required for authentication, session management, and security. These cannot be disabled without impairing core functionality.
- Third-Party Authentication Cookies: Set by our authentication provider (Google Firebase) to maintain your signed-in state. These cookies originate from Google domains and are necessary for login functionality across our platform.
- Functional Cookies: Used to remember your preferences, form progress, and display settings to improve your experience.
We do not use cookies for advertising, behavioral tracking, or third-party marketing purposes. Our use of third-party cookies is limited to authentication and service delivery. You may manage cookie preferences through your browser settings; however, disabling essential cookies may prevent you from accessing or using our services.
16. Push Notifications
If you use our mobile application, we may request permission to send push notifications to your device. Push notifications are used to deliver important information related to your tax filings, including but not limited to:
- Confirmation that your Form 2290 has been submitted to the IRS
- Notification that your IRS-stamped Schedule 1 is ready for download
- Updates on the processing status of your return
- Alerts regarding IRS rejections requiring your attention
- Filing deadline reminders and service announcements
To deliver push notifications, we collect and store a device token (a unique identifier assigned by Apple Push Notification Service or Google Firebase Cloud Messaging) along with your device platform (iOS or Android). This device token does not contain personal information and is used solely to route notifications to your device. Device tokens are automatically removed from our systems when they become invalid or when you uninstall the application. You may disable push notifications at any time through your device settings or within the application. Disabling push notifications will not affect your ability to use our filing services.
17. Mobile Application
Our mobile application provides access to the same filing services available on our websites. In addition to the information described elsewhere in this policy, the mobile application may collect:
- Device Information: Device type, operating system version, and platform identifier, used to optimize your experience and deliver push notifications.
- Authentication Tokens: Temporary session tokens generated by Firebase Authentication to verify your identity. These tokens expire automatically and are refreshed as needed during active use.
The mobile application does not access your device contacts, camera, photos, location, microphone, or other device sensors. We do not collect device advertising identifiers or engage in cross-app tracking. All data transmitted between the mobile application and our servers is encrypted using TLS (Transport Layer Security).
18. Named Third-Party Service Providers
In addition to the general third-party disclosures described in Section 10, we specifically utilize the following providers in the delivery of our services:
- Google Firebase: Authentication services (login, session management) and push notification delivery via Firebase Cloud Messaging. Subject to Google's Privacy Policy.
- Amazon Web Services (AWS): Cloud hosting, data storage, and email delivery (Amazon SES). Subject to the AWS Privacy Notice.
- Stripe: Payment processing for filing fees. We do not store your full credit card number; payment data is handled directly by Stripe in accordance with PCI DSS standards. Subject to Stripe's Privacy Policy.
- Twilio: SMS delivery for account notifications and filing status updates. Subject to Twilio's Privacy Policy.
Each provider is contractually obligated to protect your data and may only process it on our behalf for the purposes described above. We encourage you to review the privacy policies of these providers for additional information about their data practices.
19. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 13 years of age, in compliance with the Children's Online Privacy Protection Act (COPPA). If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly.
20. California Privacy Rights
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information as defined under the CCPA/CPRA. To exercise your rights, please contact us at sales@2290support.com.
21. Do Not Track Signals
Our services do not respond to "Do Not Track" browser signals. However, as stated in this policy, we do not engage in cross-site tracking, behavioral advertising, or selling personal information to third parties.
Last updated: February 15, 2026