Privacy Policy

This Privacy Policy explains how stevenrugg.dev LLC dba Withholden (A California LLC, B20250338292)(“Withholden,” “we,” “us”) collects, uses, shares, and protects information about you when you use the Withholdenapplication and related services (the “Service”). By using the Service, you agree to the practices described here.

1. Who we are

Withholden is a bookkeeping, tax savings, and tax-preparation support service for gig and self-employed workers. It helps you identify 1099 business income, maintain sole-proprietor bookkeeping context, authorize percentage-based tax savings transfers, and receive filing and estimated-tax payment support. The Service is operated by a licensed and bonded tax preparer.

2. Information we collect

Information you provide

• Account details — your name and email, managed through our authentication provider (Clerk).
• Tax-planning inputs — your expected annual income, selected tax savings percentage, filing status, and which deposits you tag as 1099 business income.

Information collected to verify you and move money

• Identity verification — government ID, a selfie, and related data, collected and verified by Stripe Identity. We receive only the verification result and limited metadata, not your ID images.
• Banking & transactions — when you link a bank account through Stripe Financial Connections, we receive account metadata (such as institution name and the last four digits) and transaction records used to identify your gig business income.
• Payments & tax savings data — payment processor identifiers, tax savings transfer records, financial account records, refund or disbursement records, payout records, and subscription/billing status, processed by Stripe.

Information collected automatically

• Basic technical and usage data (device, log, and approximate location via IP) used for security, fraud prevention, and to operate the Service.

What we deliberately do not store: we do not retain your full Social Security number, full bank account or routing numbers, card numbers, or identity-document images. That highly sensitive data is held by Stripe; we keep only opaque reference tokens. Sensitive fields we do store (such as your email and bank metadata) are encrypted at rest using AES-256-GCM.

3. How we use your information

• To verify your identity and operate bookkeeping, tax savings, and tax-prep workflows.
• To identify 1099 business income, calculate tax savings percentages, maintain bookkeeping records and context, and execute payment-support actions you authorize.
• To manage your $8/month subscription and free trial.
• To provide support, send service notices, and prevent fraud.
• To comply with legal, tax, and regulatory obligations.

4. How we share information

We share information only as needed to run the Service:

• Service providers / subprocessors — including Stripe (payments, Connect, Identity, Financial Connections, billing), Clerk (authentication), and our hosting and database providers.
• Legal & safety — when required by law, subpoena, or to protect rights, safety, and the integrity of the Service.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

5. Cookies and similar technologies

We use cookies and similar technologies in three categories:

• Strictly necessary— required to run the Service, including authentication, security, and fraud prevention. These are always active and can't be switched off.
• Analytics — help us understand usage so we can improve the product. These run only with your consent.
• Marketing & sale/sharing — would support personalized marketing or any sale or sharing of personal information. We do not currently use these, and they would run only with your consent.

When you first visit, non-essential cookies stay off until you choose “Accept all” or enable a category. You can change or withdraw your choices at any time using the Cookie preferences link in the footer. We honor the Global Privacy Control (GPC) browser signal as a valid request to opt out of the sale or sharing of your personal information.

6. Data retention

We keep your information for as long as your account is active and as needed to provide the Service. Tax-related and transaction records may be retained longer to meet legal, accounting, and tax-recordkeeping requirements. When no longer needed, data is deleted or anonymized.

7. Security

We use encryption in transit and at rest, tokenization of sensitive data through Stripe, access controls, and authentication safeguards. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify you of material incidents as required by law.

8. Your rights and choices

You can update many details in the app or by contacting us, manage your banking connections and subscription directly, and request account deletion. To exercise any right below, email support@withholden.com. We will not discriminate against you for exercising your privacy rights.

EEA & UK (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to access, correct, delete, port, and restrict or object to processing of your personal data, and to withdraw consent at any time. Our legal bases for processing include performing our contract with you, our legitimate interests in operating and securing the Service, your consent (for non-essential cookies), and compliance with legal obligations. You may also lodge a complaint with your local data protection authority.

California (CCPA/CPRA)

California residents have the right to know what personal information we collect and how it is used and shared, to request access and deletion, to correct inaccurate information, and to limit the use of sensitive personal information. We do not sell your personal information and do not share it for cross-context behavioral advertising. You can still record your choice using the Do Not Sell or Share My Personal Information link in the footer, and we honor the Global Privacy Control browser signal as a valid opt-out.

9. Children's privacy

The Service is intended for users 18 and older and is not directed to children. We do not knowingly collect information from anyone under 18.

10. Changes to this Policy

We may update this Policy from time to time. Material changes will be posted here with a new effective date, and where appropriate we will notify you in the app or by email.

11. Contact us

Questions about this Policy or your data? Email support@withholden.com.