Our Client Portal is here – log in today to manage everything in one place

707-GET-HOST
LOG IN

PRIVACY POLICY

Your privacy is important to us, and maintaining your trust is our highest priority. Tax Matrix Technologies, LLC (dba TaxMatrix and/or Hands Off Sales Tax, collectively “TM”) has created this policy to show our commitment to protecting your privacy. TM may collect personal data from individuals who visit our websites, engage with us to use our services, request information about our services, are prospective customers, or are event attendees (collectively “Services”). Please take a few moments to read our policy in order to gain a better understanding of what we do with the information you provide us and how we keep it private.

CONSENT/POLICY MODIFICATIONS

By using our Services, you consent to our privacy policy. We reserve the right to modify this Privacy Policy by posting such modification on this Site and any such modification will be effective immediately upon posting on this Site.

THIRD PARTY DISCLOSURE / COOKIES / UNSUBSCRIBE

We do not sell, rent, loan, trade, or lease your information to third-parties for marketing purposes. EVER.

We do not use cookies on our sites.

If at any time you wish to stop receiving email or communications from TM, you may send an email to [email protected] or [email protected]. Additionally, email communications from TM will have an unsubscribe link. Again, we will never sell or share your information with any third parties for marketing purposes.

INFORMATION COLLECTED / USE OF YOUR INFORMATION

We collect nonpublic personal information about you that is provided to us by you or obtained by us with your authorization. We collect information from you when you register on our site, subscribe to our newsletter or fill out a form. You may, however, visit our site anonymously.

We restrict access to nonpublic personal information about you to employees of our firm and other parties who must use that information to provide services to you. We maintain strict internal policies against unauthorized disclosure or use of client information.

If you are not a citizen of the United States, please be aware that your personal information shall be transferred and processed in the United States. These data transfers are necessary to provide the Services to you.

PROTECTING YOUR INFORMATION

We make reasonable attempts to protect your information by using physical and electronic safeguards, in order to assist you in protecting your personal information. However, as our website and email is hosted electronically we can make no guarantees as to the security or privacy of your information. For this reason, we recommend that you use anti-virus software, strong passwords, firewalls, and other precautions to protect yourself from security and privacy threats. In order to guard your nonpublic personal information, we maintain physical, electronic, and procedural safeguards that comply with our professional standards.

YOUR CALIFORNIA PRIVACY RIGHTS

TM permits residents of the State of California to use its Services, and complies with the California Business and Professions Code §§ 22575-22579. Please be aware that we do not currently share your personal information with any third parties for marketing purposes. Various provisions throughout this Privacy Policy address requirements of the Californian privacy statutes. You may contact us with any questions regarding your California Privacy Rights. According to CalOPPA we agree to the following:

  • Users can visit our site anonymously;
  • Our privacy policy will always have a link to it from our home page;
  • Our privacy policy link includes the word “privacy” and;
  • Users are able to change their personal information by emailing us.

Additional Information We Collect

We collect information from the following sources:

A. Information You Provide

This may include:

  • Name, email address, phone number, and business identifiers
  • Login credentials and account registration details
  • Sales, transaction, or business data needed for tax calculation and reporting
  • Communications you send to us

B. Information Collected Automatically

When you interact with our site or platform, we collect:

  • IP address, browser details, device identifiers
  • Activity logs, pages viewed, timestamps
  • Cookies and similar technologies (with consent where required)

C. Information From Third Parties

We may receive data from:

  • Accounting, commerce, or ERP systems you connect
  • Service providers supporting our operations
  • Partners who help deliver our services

How We Use Information

We use your information to:

  • Provide and maintain our sales tax automation and compliance services
  • Authenticate users and secure access to systems
  • Improve product features, performance, and reliability
  • Detect fraud, prevent unauthorized access, and monitor system integrity
  • Communicate service updates or respond to inquiries
  • Meet legal, accounting, and tax obligations

We do not sell personal information.

How We Use Information

We use your information to:

  • Provide and maintain our sales tax automation and compliance services
  • Authenticate users and secure access to systems
  • Improve product features, performance, and reliability
  • Detect fraud, prevent unauthorized access, and monitor system integrity
  • Communicate service updates or respond to inquiries
  • Meet legal, accounting, and tax obligations

We do not sell personal information.

How We Store and Protect Information

We apply strict security controls to safeguard all information, including Amazon Information and personal data.

Encrypted Storage (At Rest)

  • All sensitive data is encrypted using AES-256 or stronger.
  • Encryption keys are controlled by a centralized KMS with secure generation, storage, rotation, and revocation.

Access Controls

  • Every employee has a unique user ID and MFA is required.
  • Role-based access ensures employees only see what is needed for their jobs.
  • Access is reviewed quarterly and removed within 24 hours when someone leaves the company.
  • Personal information is never stored on personal devices or removable media.

Credential Management

  • Passwords must be at least 12 characters, with required complexity.
  • Password history prevents reuse of the last 10 passwords.
  • API keys are encrypted, restricted to authorized staff, and rotated annually.
  • No credentials are hardcoded or stored in repositories; production secrets are completely separated from test environments.

Monitoring & Logging

We continuously monitor for anomalies and malicious behavior:

  • Logging across API activity, access attempts, system changes, and administrative actions
  • Real-time alerts for suspicious activity (e.g., multiple failed logins, unusual data access)
  • Logs are protected from tampering and retained for 12 months

Vulnerability and Patch Management

  • Vulnerability scans every 30 days

  • Penetration testing annually
  • Code scanning before every release
  • Critical issues resolved within 7 days, high-risk within 30 days
  • Formal change review and approval led by the IT Security Manager

Business Continuity

  • A geographically separated backup environment supports rapid restoration
  • Backup and recovery procedures are tested regularly

How We Share Information

We may share data with:

  • Service providers who support hosting, analytics, communications, or integrations
  • Partners involved in delivering services you explicitly use
  • Regulators or authorities, only when legally required
  • Amazon, if an incident involves Amazon Information or if our contractual obligations require reporting

All third-party service providers must maintain strong security controls and follow confidentiality requirements. We do not sell personal information and do not share it with advertisers.

Data Retention and Deletion

We retain data only for as long as:

  • It is needed to provide services
  • It is required for legal or regulatory obligations
  • Contractual obligations require it

When data is no longer needed, it is securely deleted using industry-standard methods, including encrypted wipe processes for storage systems.

You may request deletion of your personal information (subject to legal or contractual restrictions).

Incident Response and Amazon Compliance

Hands Off maintains a detailed incident response plan covering unauthorized access, database breaches, and data leaks.

Our process includes:

  1. Immediate containment and access restriction
  2. Evidence collection and chain-of-custody protocols
  3. Root-cause analysis and mitigation
  4. Documentation of the incident and actions taken
  5. Notification of Amazon within 24 hours if Amazon Information is affected
  6. Completion of legal notifications when required

We maintain a designated Incident Management Point of Contact (IMPOC) for coordinating security events.

Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your personal information
  • Request corrections
  • Request deletion
  • Restrict or object to processing
  • Opt out of marketing communications

Requests can be submitted using the contact information below.

Children’s Privacy

Our services are not intended for children under 16 and we do not knowingly collect their information. If such data is identified, it is removed promptly.

Changes to This Policy

We may update this policy as our practices or legal requirements evolve. When updates are significant, we will notify users consistent with applicable laws.

CONTACTING US

If you have any additional questions regarding this Privacy Policy, please contact us at [email protected]

?>
Malcare WordPress Security