Pricing

Last updated: March 30, 2026

Privacy Policy

1. What we collect

MultiW2 collects the following categories of information when you use our service:

  • Account information: Email address provided during sign-up.
  • Authentication data: Data received through Google or GitHub OAuth (name, email, profile picture). We do not share data back to these providers.
  • Financial data you enter: Salary amounts, withholding figures, pay stub YTD totals, and W2 box values. We only store what you type in — we never connect to your bank, payroll provider, or brokerage.
  • Subscription and billing data: Managed by LemonSqueezy as our Merchant of Record. We store your subscription status and billing period end date. LemonSqueezy handles payment details — we never see your credit card number.
  • Usage analytics: Anonymized, cookieless page view data via Vercel Web Analytics. No personal information is included.

2. How we use it

  • Tax calculations and projections: Your financial data is used solely to generate tax calculations, withholding gap analysis, and optimization recommendations within the application.
  • Subscription management: Your email and subscription status are used to determine your access tier and send transactional emails (payment confirmations, quarterly reminders).
  • Product improvement: Anonymized usage analytics help us understand which features are used and how to improve the product. No individual financial data is used for this purpose.

3. How we store it

All user data is stored in Supabase (PostgreSQL) with row-level security (RLS) enabled. This means every database query is scoped to the authenticated user — no user can access another user's data, even through direct database access. Data is encrypted at rest and encrypted in transit (TLS).

4. Third-party processors

We use the following third-party services to operate MultiW2:

  • LemonSqueezy — Payment processing and subscription management (Merchant of Record)
  • Resend — Transactional email delivery (welcome emails, payment confirmations, quarterly reminders)
  • Supabase — Database hosting, authentication, and row-level security
  • Google / GitHub — OAuth authentication only. No financial data is shared with these providers.
  • Vercel — Application hosting and cookieless web analytics

5. Data retention

  • Active accounts: Data is retained for the lifetime of your account.
  • Deleted accounts: All personal and financial data is permanently removed within 30 days of account deletion.
  • Anonymized analytics: Retained indefinitely as they contain no personally identifiable information.

6. Your rights

  • Export: Download all your data in JSON format from the Account settings page at any time.
  • Deletion: Delete your account and all associated data from Account settings. There is a 24-hour grace period before permanent deletion, during which you can cancel the request.
  • Correction:Edit any data you've entered at any time through the application.

7. Cookies

MultiW2 uses minimal cookies. The only required cookie is the Supabase authentication session cookie, which is functional and necessary for the application to work. Vercel Web Analytics is cookieless and does not use cookies or track individual users.

8. Changes to this policy

If we make material changes to this privacy policy, we will notify all registered users via email at least 30 days before the changes take effect. Non-material changes (formatting, clarifications) may be made without notice.

9. Contact

For privacy-related questions or requests, contact us at support@multiw2.com.