Privacy Policy

EazyTax is a tax tracking and document preparation platform operated by Starlight Group SA (Pty) Ltd, a company registered in the Republic of South Africa. Our registered address and Information Officer details are available on request via privacy@starlightgroupsa.co.za.

We collect only the information needed to provide the EazyTax service:

• Account information — your full name, email address, password (stored as a secure hash via Supabase Auth), and entity type (individual or business).
• Tax information — your SARS tax reference number, tax year configuration, and IRP6 / ITR12 / ITR14 field values.
• Financial data — bank statement transactions you upload (CSV, OFX, OFC, or PDF), receipt images, merchant names, dates, and amounts.
• Account preferences — notification settings, financial year-end month, and bank account metadata.
• Billing information — for paid plans, your Stripe customer ID. We do not store your card details on our servers; payment data is held by Stripe.

We use your information to:

• Provide the EazyTax service — parsing your bank statements, extracting receipt details, calculating tax estimates, and generating SARS-format guides.
• Send transactional emails — welcome messages, IRP6 reminders, accountant-review notifications, and password resets.
• Improve EazyTax — anonymised, aggregated usage signals to identify slow pages and broken parsers.
• Comply with legal obligations and respond to lawful requests from regulatory bodies.

We never sell your financial data. We do not share your data with third-party advertisers, data brokers, or marketing partners.

Your data is stored on infrastructure provided by Supabase, with the database and file storage hosted in a South Africa region where available. We rely on Supabase's row-level security to ensure your account's data is strictly isolated from other users — every database query is filtered by your user ID at the database layer.

Bank statements and receipt images are stored in encrypted Supabase Storage buckets with per-user folder access policies. Passwords are never stored in plain text — Supabase Auth uses bcrypt hashing.

While your account is active, we retain your data for as long as you need it. If you cancel your subscription or request account deletion, your data remains accessible for 90 days during which you can export everything you need. After 90 days, we permanently delete your account, transactions, receipts, and generated PDFs from our active systems and from backups within 30 days thereafter.

You have the right to:

• Access — request a copy of the personal information we hold about you.
• Correction — ask us to correct any inaccurate or out-of-date information.
• Deletion — request that we delete your account and all associated data.
• Object — object to specific processing activities, including marketing communications.
• Lodge a complaint — with the Information Regulator (South Africa) at inforeg@justice.gov.za or +27 12 406 4818.

To exercise any of these rights, email privacy@starlightgroupsa.co.za. We respond to all valid requests within 30 days.

EazyTax uses session cookies for authentication only. We do not use advertising cookies, third-party analytics tracking, or fingerprinting. When you sign in, Supabase sets a secure HTTP-only cookie that keeps you authenticated; this cookie expires when you sign out.

To provide EazyTax, we send specific data to a small number of trusted third-party processors:

• Supabase — database, file storage, and authentication.
• Resend — transactional email delivery.
• Stripe — payment processing for Pro subscriptions.
• An AI processing partner — receipt OCR and bank-statement parsing. Document images and statement text are sent for processing only and are not retained by the AI provider beyond the API call.

Each of these processors operates under their own privacy policy and Data Processing Agreement with us. We do not authorise them to use your data for any purpose other than providing the service to you. The specific AI provider used for OCR is available on request via privacy@starlightgroupsa.co.za.

For privacy-related questions, please email privacy@starlightgroupsa.co.za. For all other support enquiries, email support@starlightgroupsa.co.za.