Cookie Policy

We value your trust and are committed to transparency about how TaxMD for Professionals uses cookies across our website and firm platform.

Last Updated: June 18, 2026

Introduction

This Cookie Policy (Professional Edition) describes the categories of cookies and similar technologies that TaxMD deploys in connection with firm accounts, the purposes for which they are used, and the choices available to the Firm and its users. For more information about how we handle personal and client data generally, see our Privacy Policy (Professional Edition) at www.taxmd.com/privacy-policy.

If your Firm has a separate written agreement with TaxMD (including a Data Processing Addendum), that agreement governs cookie processing for Firm-controlled data to the extent of any conflict with this Policy.

Scope

This Policy applies to:

  • Firm administrators and firm employees accessing the TaxMD SaaS platform under a firm account
  • Firm clients accessing the platform through the firm, where applicable
  • Visitors to TaxMD's public, unauthenticated web pages who are associated with a firm account

1. Strictly Necessary (Cannot Be Disabled)

Essential to operate the Services securely. These cookies cannot be opted out of and apply to all firm users.

  • Session management and authentication tokens for firm user accounts
  • Security controls (bot detection, CSRF protection, abuse prevention)
  • Load balancing and service availability
  • Saving firm-level cookie consent preferences

2. Functional (Optional)

Enable enhanced features and personalization. Firm administrators may be able to configure functional cookie settings for their organization through the Preference Center where technically feasible.

  • Remembering language or display preferences for firm users
  • Improving in-app usability features

3. Analytics / Performance (Optional)

Help us understand how firm users interact with the platform at an aggregate level, measure performance, and improve reliability. Analytics data is collected at the platform level and does not include individual client taxpayer data or FTI.

  • Google Analytics (Google LLC), which measures page performance, feature usage, and navigation patterns at the firm account level. Subject to Google's Privacy Policy at policies.google.com/privacy.
  • Google Tag Manager (Google LLC), which manages and deploys tracking tags per consent settings. Does not independently collect personal data.

4. Advertising / Marketing (Consent Required; Public Pages Only)

TaxMD does not deploy advertising/marketing cookies within the Authenticated SaaS environment. Advertising/marketing cookies are used only on public marketing pages, only with explicit consent, and never with access to FTI or client taxpayer data. This applies regardless of whether a firm user is viewing public pages in connection with a firm account.

5. Data Collected

Depending on configuration, cookies may collect: IP address (or truncated IP), device type, browser, session identifiers, consent preferences, and usage metadata (page views, navigation patterns, error events). No FTI or client-identifying information is collected through cookies.

FTI and Client Data Boundaries

TaxMD maintains strict technical and administrative controls to segregate client FTI and other taxpayer data from cookie-based tracking:

  • Cookies are never used to collect, store, or disclose FTI
  • Analytics data does not identify individual client matters or taxpayers
  • Advertising/marketing cookies are never deployed within the firm's authenticated platform environment
  • TaxMD does not create behavioral advertising profiles based on client taxpayer data

Firm Administrator Controls

Firm administrators may manage cookie preferences for their organization through the Preference Center, available in the website footer and within application settings, where technically feasible. Preference changes apply prospectively.

Firm administrators are responsible for ensuring that firm users are informed of the cookies used in connection with the firm's subscription, including through the Firm's own privacy notices to clients where required by applicable law.

  • Consent: required before placing non-essential cookies, collected through the cookie banner or Preference Center
  • Legitimate Interests: for certain security and limited analytics activities, with appropriate safeguards
  • Contractual Necessity: to provide the Services the Firm has subscribed to (session management, security, feature enablement)
  • Legal Obligation: where required by applicable law

Your Choices

Preference Center

Firm administrators and firm users can manage cookie preferences through the Preference Center (footer link on public pages or within application settings).

Browser Controls

Firm users can manage or delete cookies through browser settings. Blocking certain cookies may impair platform functionality, including authentication and security features.

CCPA / Do Not Sell

TaxMD does not sell personal information and does not use cookies for cross-context behavioral advertising. Firm contacts may submit formal CCPA opt-out requests to Privacy@taxmd.com with "CCPA Opt-Out Request" in the subject line.

Global Privacy Control (GPC)

Where required by applicable law, TaxMD honors GPC signals as an opt-out of sharing for cross-context behavioral advertising on Public Pages. DNT signals are not currently treated as a universal opt-out.

Retention

  • Strictly necessary: session to up to 12 months
  • Functional: session to up to 12 months
  • Analytics/performance: 1 day to up to 24 months, with access controls and IP truncation where feasible
  • Advertising/marketing (Public Pages only; if consented): 1 day to up to 13 months

AI and Telemetry

TaxMD may collect limited operational telemetry (performance metrics, error logs, feature usage) to secure and improve the Services. Telemetry does not capture FTI and is not used to train general-purpose AI models or for advertising profiling. AI-enabled features, if any, are governed by applicable contractual terms designed to protect confidentiality and regulated data.

International Access

TaxMD may process certain operational data outside the United States to provide, maintain, and secure the Services. Where cross-border transfer safeguards are required, TaxMD implements appropriate contractual and technical measures, including access controls, encryption, and audit logging.

Relationship to Other Policies and Agreements

This Policy supplements, and should be read together with, TaxMD's Privacy Policy (Professional Edition) and Terms & Conditions (Professional Edition). If your Firm has a separate DPA, that agreement governs cookie processing for Firm-controlled data to the extent of any conflict with this Policy.

Changes to This Policy

TaxMD may update this Policy from time to time and will revise the effective date and version number. Where required by applicable law, TaxMD will provide additional notice of material changes, including direct communication to firm account administrators.

Contact Us

  • Email: compliance@taxmd.com
  • Privacy requests: Privacy@taxmd.com
  • Website: www.taxmd.com