Skip to content

Privacy

Privacy policy

Effective May 12, 2026 · Last reviewed May 12, 2026

We try to collect as little as possible. This page documents what we do collect, what we do with it, and how to make us stop.

Data controller

Under GDPR / AVG we have to name the entity that determines the purposes and means of processing the personal data collected through this site. That entity is Tunderman, reachable at the address and contact below. The data-controller identity is disclosed here because the regulation requires it; elsewhere on the site, AI Tax Practitioner is presented as an independent editorial publication.

  • Controller: Tunderman
  • Address: Bovensteweg 49, 6585 KB Mook, Netherlands
  • Contact: [email protected]

What we collect

  • Anonymous analytics. Page views, referrer, country, device class. No cookies. No personal identifiers. IP addresses are not stored — Plausible anonymizes them at ingestion and discards them after computing a per-day visitor hash. (Provider: Plausible Analytics, EU-hosted.)
  • Newsletter subscribers. At launch the newsletter signup is a coming-soon mailto button — readers email [email protected] to be added. The email address you send from is stored only for the purpose of sending newsletter editions once the newsletter ships. When form-based signup is activated, email addresses will be stored in a Supabase Postgres table (public.newsletter_subscribers) with row-level-security configured to allow insert-only access from the public site and deny all reads, updates, and deletes to anyone other than the editorial team. We do not sell, share, or rent the list. Unsubscribe is one email away.
  • Tools. Inputs to interactive tools (Circular 230 checklist, §7216 consent generator, ROI calculator) run client-side and stay on your device. We do not transmit, log, or store them. This is affirmative: no practitioner workflow data, no client data you type into a tool, ever reaches our servers.
  • Editorial correspondence. When you email the editorial address, whatever you send us, plus your email address so we can reply.

What we do not collect

  • Tracking cookies of any kind.
  • Third-party advertising pixels.
  • Browser fingerprinting.
  • Tool-input content (checklist responses, consent-template drafts, calculator inputs).

Legal basis (GDPR / AVG)

  • Analytics (Plausible): legitimate interest under Art. 6(1)(f) GDPR. Plausible is cookieless and IP-anonymized.
  • Newsletter: consent under Art. 6(1)(a) GDPR via double opt-in. Withdraw at any time via the unsubscribe link or by emailing us.
  • Contact / email correspondence: legitimate interest under Art. 6(1)(f) and contract performance under Art. 6(1)(b) where applicable.

Retention

  • Newsletter address: until you unsubscribe.
  • Email correspondence: 24 months from last reply, then deleted unless an active matter requires longer.
  • Analytics aggregates: 24 months, then deleted.

Third-party processors

We use a small set of processors, all bound by data-processing agreements:

  • Plausible Analytics — cookieless, EU-hosted analytics. No personal identifiers leave the page.
  • Supabase — Postgres hosting for the newsletter-subscriber table. Data stored in the EU region; row-level-security as described above.
  • Hetzner Online GmbH — site hosting (Germany).
  • Cloudflare, Inc. — CDN and DDoS mitigation (United States, EU SCCs in place).
  • Email delivery provider — for newsletter sends, once newsletter delivery ships. The provider is disclosed here when activated; before then, no delivery happens.

US readers — CCPA / CPRA and other state privacy laws

Most of our readers are US tax practitioners. If you are a California resident, you have the rights granted by the CCPA / CPRA: to know what personal information we collect about you, to delete it, to correct it, to opt out of "sale" or "sharing" of personal information (we do not sell or share for cross-context advertising — there is nothing to opt out of), and to non-discrimination for exercising any of these rights.

Residents of other US states with analogous privacy statutes (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, and others as enacted) have equivalent rights under their respective state laws. Send the request to [email protected] and we respond within 30 days.

Affiliate links and disclosures

Some links to vendor products on this site are affiliate links. We disclose the relationship on the page where the link appears. Affiliate links do not change the underlying URL the user lands on; they add a tracking parameter that attributes the click to us. The affiliate relationship never affects editorial judgment — see /about/#disclosures.

Your rights (GDPR / AVG)

Under GDPR / AVG you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. Email [email protected] with the request and we respond within 30 days. You also have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens.

Editorial content is not professional advice

Content on this site is reference material for US tax practitioners. It is not legal, tax, or accounting advice. Reading the site, subscribing to the newsletter, or emailing the editorial address does not establish a practitioner-client relationship, an attorney-client relationship, or any duty of professional care. Where a regulatory or technical question requires CPA, EA, or attorney judgment, we say so on the page and point you to the right place.

Changes

Material updates to this policy are dated above and announced via the verification log on the homepage.