Privacy Policy

1. Introduction

AdvisoryLift, LLC develops and operates Tax Resolution Hub, a professional software platform that helps tax practitioners retrieve IRS transcripts, analyze tax resolution options, manage client data, and generate pre-populated IRS forms. Because our platform processes sensitive taxpayer and financial information on behalf of tax professionals, we take our privacy and security obligations seriously.

This Privacy Policy explains what personal information we collect, how we use and protect it, with whom we share it (and more importantly, with whom we do not), and what rights you have over your information.

2. Who We Are

AdvisoryLift, LLC
145 E State St #337, Farmington, UT 84025
Website: advisorylift.com
Privacy inquiries: privacy@advisorylift.com
Legal notices: legal@advisorylift.com
Support: support@advisorylift.com

3. Scope

This Privacy Policy applies to:

• Customers and Authorized Users of Tax Resolution Hub;
• Prospective customers and visitors to our website;
• Business contacts and applicants; and
• Taxpayer and client data submitted to the platform by our customers.

This Policy does not apply to third-party systems or services that have their own privacy policies, including the IRS e-Services portal, state tax authority portals, or third-party payment processors. When we describe our customers’ clients’ taxpayer data, we are acting as a service provider or processor on behalf of our customers; those customers bear the primary relationship and responsibility to their clients regarding that data.

4. Personal Information We Collect

4.1 Account Information

Name, business name, professional title, email address, phone number, username, account ID, role, permissions, subscription details, support history, and account preferences.

4.2 Customer and Client Data

All data, documents, tax records, IRS transcript data, client taxpayer records, financial information, resolution work product, Form 433-A/B/F inputs, installment agreement information, offer in compromise analysis, uploaded files, notes, annotations, and other content that you submit to or process through the Services on behalf of yourself or your clients.

4.3 Taxpayer and Financial Information

IRS transcripts and transcript data, tax returns and tax forms, Social Security numbers, taxpayer identification numbers (TINs/EINs), income and wage records, financial account information, property records, liability information, and related confidential taxpayer or financial data submitted by or on behalf of customers through the platform.

4.4 Billing and Payment Information

Billing name, billing address, subscription status, transaction and invoice history, and payment method details processed through our third-party payment processor. We do not store full credit card numbers or bank account details on our own systems.

4.5 Device, Usage, and Log Data

IP address, browser type, operating system version, device identifiers, application version, pages or screens viewed, actions taken, session timestamps, diagnostic logs, error logs, performance data, and audit trail records generated through use of the Services.

4.6 Communications and Support Information

Emails, support tickets, chat messages, feedback forms, survey responses, and other communications you send to us directly.

5. How We Collect Personal Information

We collect personal information:

1. Directly from you when you register an account, configure settings, add billing information, contact support, or communicate with us;
2. Through your use of the Services when you upload documents, process transcripts, run analyses, generate forms, or perform other actions within the platform;
3. Automatically through security logs, access logs, diagnostic systems, and error-monitoring tools as you use the Services; and
4. From authorized third-party integrations that you direct, such as when the platform retrieves IRS transcript data on your behalf using credentials you provide.

We do not purchase personal information from data brokers, advertising networks, or third-party marketing sources.

6. How We Use Personal Information

6.1 Providing the Services

To authenticate users, operate the platform, process and retrieve IRS transcript data, run resolution analyses, populate forms, manage client records, and deliver all functionality you have contracted for.

6.2 Security and Fraud Prevention

To monitor for unauthorized access, detect suspicious activity, prevent abuse and fraud, enforce our Terms, maintain audit trails, and protect the Services, our systems, and our customers’ data.

6.3 Billing and Account Administration

To process subscription payments, generate invoices, manage renewals, verify payment status, and maintain billing records.

6.4 Customer Support

To respond to support requests, troubleshoot issues, investigate complaints, and improve the quality of our support.

6.5 Product Improvement and Analytics

To analyze aggregate, anonymized, and de-identified usage patterns, diagnose errors, improve platform functionality, and develop new features. We do not use individually identifiable Customer Data or taxpayer information to train machine learning models or for product analytics without your express authorization.

6.6 Legal Compliance and Rights Enforcement

To comply with legal obligations, respond to lawful governmental or regulatory requests, enforce our agreements, protect our rights and the rights of others, and prevent harm.

6.7 Communications

To send service-critical notices (security alerts, billing notices, policy updates, product announcements, and account communications). We may send marketing communications to current and prospective customers; you may opt out of marketing emails at any time using the unsubscribe link. Opting out of marketing does not affect transactional or operational communications.

7. Sensitive and Taxpayer Information

The platform routinely processes sensitive information including IRS transcript data, Social Security numbers, taxpayer identification numbers, financial account details, income records, and client financial and legal status information. We handle this information under the following framework:

• IRS Publication 4557 (Safeguarding Taxpayer Data) — We design our security controls and data handling practices to meet the requirements applicable to tax software providers and e-Services partners.
• IRS Publication 5293 (Data Safeguards for External Tax Professionals) — We follow best-practice guidance for protecting client taxpayer data processed on behalf of tax practitioners.
• SOC 2 Type II — We are currently pursuing SOC 2 Type II certification. Our security program is designed against the Trust Services Criteria for Security, Availability, and Confidentiality.
• Need-to-Know Access — Taxpayer data is accessible only to platform functions that require it and to AdvisoryLift personnel with a documented operational need, subject to role-based access controls and audit logging.

We use sensitive personal information only as necessary to provide the Services, maintain security, comply with law, and perform customer-authorized functions. We do not use taxpayer information for advertising, behavioral profiling, or sale to any third party.

8. How We Share Personal Information

We share personal information only in the following limited circumstances:

8.1 Infrastructure and Cloud Service Providers

We use cloud hosting, data storage, and security infrastructure operating exclusively in the United States. These providers process data solely on our behalf under data processing agreements that prohibit use of your data for their own purposes. We do not name specific infrastructure vendors in this public document; prospective enterprise customers may request our vendor list and DPA terms through legal@advisorylift.com.

8.2 Payment Processors

Billing information is processed by our third-party payment processor. Payment processors receive only billing and payment details necessary to complete transactions; they do not receive taxpayer data or Customer Data.

8.3 Legal and Compliance Recipients

We may disclose information to courts, regulators, law enforcement, or governmental agencies when required by law, legal process, or to protect the safety, rights, or property of AdvisoryLift, our customers, or the public. We will attempt to notify affected customers of legal demands unless prohibited by law or court order.

8.4 Business Transactions

In the event of a merger, acquisition, financing, reorganization, or sale of all or substantially all of AdvisoryLift’s assets, Customer Data may be transferred to the acquiring entity. We will notify customers of any such transfer and require the acquiring entity to honor this Privacy Policy or obtain fresh consent if material changes are required.

8.5 With Your Direction or Consent

We may share information with third parties when you direct us to do so, such as when you authorize the platform to submit data to an IRS e-Services portal or a tax software integration on your behalf.

9. No Sale of Data

If we ever run advertising or analytics technologies on our public marketing website that could constitute a “sale” or “sharing” under California law, we will disclose that separately and provide applicable opt-out mechanisms. Such activities, if any, would be limited to our public marketing pages and would never involve Customer Data or taxpayer information.

10. Data Storage and Location

All Customer Data, including taxpayer information, IRS transcript data, and account information, is stored and processed exclusively within the United States. We do not transfer Customer Data to servers, data centers, or processors located outside the United States.

Our cloud infrastructure is hosted on enterprise-grade U.S.-based cloud platforms with physical and logical security controls consistent with SOC 2 and IRS safeguarding requirements.

11. Security

We maintain a comprehensive information security program that includes:

• Encryption — Data encrypted in transit (TLS 1.2+) and at rest using industry-standard encryption;
• Access Controls — Role-based access controls, least-privilege principles, and mandatory multi-factor authentication for administrative access;
• Audit Logging — Comprehensive access and activity logging with tamper-resistant audit trails;
• Vulnerability Management — Regular security assessments, dependency monitoring, and patch management processes;
• Incident Response — Documented incident response procedures with defined escalation paths and customer notification protocols;
• Vendor Controls — Contractual data protection obligations for all third-party vendors with access to customer or taxpayer data;
• SOC 2 Program — Security controls designed against the SOC 2 Trust Services Criteria; Type II certification in progress.

Despite these safeguards, no internet-based system is completely immune from security incidents. We cannot guarantee absolute security. Customers are responsible for their own device security, network security, account credentials, user access permissions, and internal safeguards.

If we confirm a security incident that affects your Customer Data, we will notify you as required by applicable law and our contractual obligations.

12. Data Retention

We retain personal information for as long as reasonably necessary to:

1. Provide active services and maintain your account during your subscription term;
2. Comply with legal obligations, including tax records retention requirements;
3. Resolve disputes and enforce our agreements;
4. Maintain security and prevent fraud; and
5. Fulfill legitimate business purposes consistent with this Policy.

Retention periods vary by data type. Account information is retained for the duration of the customer relationship and for a reasonable period thereafter. Customer Data (taxpayer records, transcripts, work product) is retained per the terms of your subscription agreement and deleted or de-identified following account closure, unless retention is required by law or agreed otherwise in writing.

De-identified and aggregated data derived from platform usage may be retained indefinitely for analytics, security, and product improvement purposes, as it no longer identifies any individual or customer.

13. Your Privacy Rights

Depending on your location and applicable law, you may have the right to:

1. Confirm whether we process your personal information and access a copy of it;
2. Correct inaccurate or incomplete personal information;
3. Request deletion of certain personal information (subject to legal retention requirements and our contractual obligations);
4. Receive a portable copy of certain personal information in a machine-readable format;
5. Restrict or object to certain processing; and
6. Opt out of marketing communications at any time.

These rights are subject to identity verification, legal limitations, and exceptions for information we are required to retain by law or contract.

To make a privacy rights request, contact us at privacy@advisorylift.com. We will respond within the timeframe required by applicable law.

Note for taxpayers: If you are the client or taxpayer whose records are processed through Tax Resolution Hub, you are our customer’s client, not our direct customer. Please contact the tax professional or firm that manages your file for questions about your specific records. We will assist those requests as directed by our customer and as permitted by law.

14. California Privacy Notice (CCPA/CPRA)

This section applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), applies.

14.1 Categories Collected

In the preceding 12 months, we may have collected: identifiers (names, email addresses, IP addresses, account IDs); professional and employment-related information (business contact details, professional credentials); commercial information (subscription and billing records); internet or other electronic network activity information (usage logs, session data); and sensitive personal information (taxpayer identification numbers, Social Security numbers, financial account data, and tax record information submitted by our customers).

14.2 Purposes

We collect and use these categories for the purposes described in this Policy: providing the Services, billing, security, support, legal compliance, and limited product improvement.

14.3 No Sale or Sharing

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

14.4 California Rights

California residents may have the right to know, access, correct, delete, and obtain a portable copy of their personal information; to opt out of sale or sharing (neither of which we engage in); to limit certain uses of sensitive personal information; and to be free from discrimination for exercising these rights.

To submit a CCPA/CPRA request, contact us at privacy@advisorylift.com. We may need to verify your identity before processing your request.

14.5 Authorized Agents

California residents may designate an authorized agent to submit requests on their behalf. We may require written authorization and identity verification before honoring agent-submitted requests.

15. Children’s Privacy

Tax Resolution Hub is a professional platform intended exclusively for licensed and qualified tax professionals, enrolled agents, CPAs, tax attorneys, and similar practitioners. It is not directed to individuals under the age of 18.

We do not knowingly collect personal information from minors. If we learn that we have inadvertently collected personal information from a person under 18, we will take reasonable steps to delete it promptly. If you believe a minor’s information has been submitted to our platform, please contact us at privacy@advisorylift.com.

16. Third-Party Links and Integrations

Tax Resolution Hub may interoperate with or contain links to third-party systems, including the IRS e-Services portal, state tax authority portals, and third-party tax software platforms. Our platform may direct or facilitate connections to those systems at your direction.

We are not responsible for the privacy practices, security measures, data handling, or content of any third-party systems. Once data leaves our platform and is transmitted to a third-party system at your direction, it is governed by that third party’s terms and privacy policies. We encourage you to review those policies before enabling any integration.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as our Services, legal obligations, or practices change. Material changes will be communicated by email to the primary account address on file, by in-application notice, or by prominent posting on advisorylift.com, at least 30 days before the change takes effect for material changes. For less material clarifications or corrections, we may post an updated Policy with a revised effective date without separate advance notice.

Continued use of the Services after an updated Privacy Policy becomes effective constitutes your acceptance of the updated Policy. The current version of this Privacy Policy is always available at advisorylift.com/privacy-policy.html.

18. Contact Us

For privacy inquiries, rights requests, or questions about this Policy:

We aim to respond to all privacy inquiries within 30 days. For requests that require more time due to complexity or volume, we will notify you of the extended timeline.