AutoTaxForms (“we”, “us”, “our”) provides online tools to help users fill and generate official compliance forms, including but not limited to US tax forms (e.g., W-8BEN, W-8BEN-E, W-9) and other forms (e.g., VAT). We are not a law firm or tax advisor.
2) Scope
This policy explains how we process personal data when you visit our site or use our tools. It applies across current and future forms we support unless stated otherwise.
3) Data we collect
Form inputs required to render official PDFs for supported forms (e.g., legal name, address, taxpayer IDs such as Foreign TIN/ITIN/SSN where applicable, dates, and other fields).
Signature image captured via a signature pad or typed name rendered as an image.
Device & usage (minimal): IP address, user-agent, basic events (page views, error logs) for security, abuse prevention, and reliability.
Payments & support (optional): if you choose to pay/donate via third-party providers, they process your payment details. If you contact us, we receive the information you send.
4) How we use your data (purposes & legal bases)
Provide the service: render official PDFs for supported forms, apply e-signature, allow download.
Legal bases: performance of a contract; legitimate interests.
Support & communications: respond to inquiries; product notices (where you opt in).
Legal bases: legitimate interests; consent where required.
Payments: process voluntary payments via third parties.
Legal bases: performance of a contract; legitimate interests; legal obligations.
Analytics (privacy-respecting): understand usage to improve UX.
Legal bases: legitimate interests; consent where required by local law.
5) Client-side processing by default
Form-filling and PDF generation are designed to run in your browser. By default, we do not receive or store your completed form fields or signature image on our servers. You download the generated PDF to your device.
If we later offer optional features (e.g., “save draft to cloud”, “email the PDF”, “account login”), we’ll clearly disclose any server-side processing and obtain consent where required.
6) Cookies, local storage & analytics
Strictly necessary: minimal cookies/local storage for session state, UI preferences, and security.
Local storage: may store non-sensitive preferences (e.g., theme/language/form UI state) on your device.
Analytics: if used, we prefer privacy-friendly, aggregated analytics without cross-site tracking. Where required, we’ll display a consent banner.
Embedded widgets: third-party buttons/widgets may set cookies under their own policies.
7) Sharing & processors
We do not sell your personal data. We may share limited data with:
Hosting/CDN & infrastructure providers to deliver the site securely and reliably.
Payment providers when you choose to pay/donate; they process payment data under their policies.
Analytics/logging vendors to understand usage and diagnose issues (minimized where possible).
Professional advisors & authorities where required by law or to protect our rights.
8) Third-party advertising
We may display third-party advertisements (e.g., banners, contextual ads, sponsor placements). Ad networks/providers may use cookies, pixels, or similar technologies to measure performance, prevent fraud, and personalize ads. Typical data points can include device identifiers, browser type, approximate location, and ad interactions (views/clicks).
Independent controllers: ad providers process data under their own privacy policies (e.g., Google AdSense, affiliate networks).
Your choices: depending on your jurisdiction, you may see controls (consent banners, “AdChoices”) to opt-out of personalized ads. You can also manage cookies in your browser.
No sale of personal data by us: if personalization occurs, it is handled by the ad network as a separate controller.
Ad blockers: you may use ad-blocking tools; core form-filling will remain available.
9) Data retention
Form content & signatures: processed locally and not stored by us by default.
Server logs: minimal logs (IP, user-agent, timestamps, error traces) retained for a limited period (e.g., ~30–90 days) for security and troubleshooting, unless longer retention is needed by law or to investigate abuse.
Support communications: kept as long as needed to handle your request and for record-keeping.
10) Security
We use industry-standard measures (HTTPS, hardened configs, access controls, vendor due diligence). No method of transmission or storage is 100% secure; we continuously improve safeguards.
11) International data transfers
Where data is transferred across borders (e.g., to the US), we rely on safeguards such as Standard Contractual Clauses and vendor assessments, as required by law.
12) Your rights
Depending on your location, you may have rights regarding your personal data (e.g., access, correction, deletion, restriction, objection, portability, and consent withdrawal where applicable). California residents may have additional rights regarding “sale”/“sharing” opt-outs; we do not sell personal data.
To make a request, please use the form on our Contact page. We may need to verify your identity; authorized agents may submit requests as permitted by law.
13) Children’s privacy
Our Service is not intended for children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.
14) Changes to this policy
We may update this policy from time to time. We will post the updated version with a new effective date and, where appropriate, provide additional notice.
If you have questions about this policy or your data, please use the Contact page on our site.