Simple2290
Placeholder Notice: This Privacy Policy is a placeholder only and has not been reviewed by legal counsel. It must be replaced with a properly drafted, attorney-approved policy before this service is made available to the public.

Privacy Policy

Last updated: [Date Placeholder]

1. Information We Collect

We collect the following categories of information when you use Simple2290:

  • Account information: Full name, email address, phone number, and password (stored as a one-way hash — we never store your plain-text password).
  • Business information: Business name, EIN (Employer Identification Number), address, and signing authority details required for IRS Form 2290 filing.
  • Vehicle information: Vehicle identification numbers (VINs), taxable gross weights, and first-use months as required for Form 2290.
  • Payment information: We use Authorize.net to process payments. We store only the last four digits of your card number and card type for receipt purposes. Full card numbers are never stored on our servers.
  • Bank account information (EFW only): If you choose Electronic Funds Withdrawal as your IRS payment method, we collect your bank name, routing number, and account number to include in your IRS transmission. This data is encrypted.
  • Usage data: IP address, browser type, pages visited, and session duration for security and analytics purposes.

2. How We Use Your Information

  • To prepare and electronically file your IRS Form 2290 return.
  • To process your service fee payment through Authorize.net.
  • To send you transactional emails (filing status, Schedule 1, account alerts).
  • To provide customer support.
  • To comply with legal obligations, including IRS requirements for authorized e-file providers.
  • To detect and prevent fraud and unauthorized access.

3. Information Sharing

We do not sell your personal information. We share your information only:

  • With the IRS: Your tax return data is transmitted electronically to the IRS via the MeF system as the core function of our service.
  • With payment processors: We share necessary payment details with Authorize.net solely for transaction processing.
  • With email service providers: We use SendGrid to deliver transactional emails on our behalf.
  • As required by law: We may disclose information in response to valid legal process.

4. Data Security

We implement industry-standard security measures including TLS/SSL encryption for all data in transit, encrypted storage for sensitive fields, and secure session management. However, no method of transmission over the internet is 100% secure.

5. Data Retention

We retain your account and filing data for as long as your account is active and for a reasonable period afterward to comply with legal obligations and audit requirements. You may request deletion of your account by contacting us.

6. Cookies and Tracking

We use a single session cookie (s2290_session) to maintain your authenticated session. This cookie is HttpOnly and Secure — it cannot be read by JavaScript and is only sent over HTTPS. We do not use third-party advertising cookies.

7. Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal information. To exercise these rights, contact us at privacy@simple2290.com.

8. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

Privacy questions? Contact us at privacy@simple2290.com.