Trust Center

User Acceptable Use Policy

The rules that govern use of SendTax by filers, tax professionals, and other users of the service.

Effective: 2026-05-21Owner: Howell & Gibbs LLCStatus: v1 — initial publicationDownload PDF

This User Acceptable Use Policy ("AUP") describes the rules that govern use of SendTax by filers, tax professionals, and other users of the service. It supplements — and does not replace — our Terms & Conditions and Privacy Policy. Where this AUP and the Terms address the same subject, the Terms take precedence as the controlling contractual instrument; this AUP provides the operational detail.

This policy is a companion to our Information Security, Access Control, Encryption, Incident Response, Vendor Management, and Sub-processors documents in the Trust Center.


1. Who this policy applies to

This policy applies to every person and entity that accesses or uses SendTax, regardless of how they pay or whether they pay at all:

  • Filers — individual taxpayers using SendTax to organize, store, and share their tax documents.
  • Tax professionals — PTIN-holding preparers and the firms they belong to, using SendTax to receive and manage tax documents on behalf of clients.
  • Authorized representatives — staff of a firm, family members assisting a filer, or any other person operating an account on another person's authorized behalf.
  • Visitors — anyone accessing the SendTax website without an account.

By accessing SendTax, you agree to this AUP. If you do not agree, do not access the service.


2. Account integrity

You agree that:

  • One human per account. Each SendTax account corresponds to one identified individual. Shared accounts and pooled credentials are not permitted.
  • Accurate information. You will provide accurate, current, and complete information at registration and keep it up to date.
  • Credential security. You are responsible for the confidentiality of your credentials and for all activity that occurs under your account.
  • MFA when offered. You will enable multi-factor authentication when SendTax offers it for your account, and you will protect your second factor with the same care as a password.
  • Prompt reporting. You will tell us at [email protected] as soon as you suspect any unauthorized access to your account.

3. Permitted use

SendTax is built for two purposes:

  1. Tax document organization, storage, and exchange between filers and the tax professionals who serve them.
  2. Tax preparation workflow for PTIN-holding preparers managing clients.

Anything reasonably ancillary to those two purposes — viewing, editing, downloading, and sharing your own tax documents; receiving notifications from SendTax; integrating with permitted third-party services where SendTax offers such integrations — is also permitted.

Anything else is outside the intended use of the service and may be restricted under § 4.


4. Prohibited use

The following uses of SendTax are prohibited. This list is illustrative, not exhaustive; the Terms & Conditions also list prohibited activities.

4.1 Fraud and illegal activity

You may not use SendTax to:

  • File or assist in the filing of any tax return you know or reasonably should know to be false, incomplete, or fraudulent.
  • Commit, attempt to commit, or facilitate identity theft, refund fraud, return-preparer fraud, EITC abuse, or any other tax-related fraud.
  • Launder money, evade sanctions, or otherwise violate U.S. or any applicable foreign law.
  • Store, transmit, or share documents that you do not have the legal right to possess.

4.2 Impersonation and unauthorized access

You may not:

  • Impersonate any individual or entity, or misrepresent your affiliation with any person or organization.
  • Access, attempt to access, or share access to data belonging to another SendTax customer without that customer's authorization.
  • Acquire or use another user's credentials, login link, signed URL, or session token.
  • Bypass, attempt to bypass, or assist others in bypassing SendTax's authentication or authorization controls.

4.3 Misuse of preparer/filer relationships

You may not:

  • Act as a tax preparer on a filer's behalf inside SendTax without having received and retained the authorization required by IRS rules (e.g., Form 8821 or 2848 where applicable, or the equivalent state-level authorization).
  • Continue to access a filer's data through SendTax after the underlying engagement has ended.
  • Use SendTax to solicit a client of another firm whose data you saw only because you had a working SendTax relationship with that client for a different purpose.

4.4 Content abuse

You may not upload, store, or transmit through SendTax:

  • Material you do not have permission to share (third-party copyrighted material outside fair-use limits, leaked or stolen documents, etc.).
  • Malware, ransomware, viruses, worms, Trojans, or any code or content designed to disrupt or compromise systems.
  • Sexually explicit material involving minors, content depicting serious violence intended to incite harm, or other content prohibited by law.
  • Harassing, threatening, defamatory, or unlawfully discriminatory communications to other SendTax users or to SendTax staff.

4.5 Service misuse and reverse engineering

You may not:

  • Use SendTax as a general-purpose file-storage, file-sharing, backup, or communication service unrelated to tax preparation.
  • Resell, sublicense, rent, lease, or commercialize access to SendTax except under a written agreement with SendTax.
  • Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of SendTax, except to the extent permitted by applicable law.
  • Use SendTax to build or train a product or model that competes with SendTax, including using customer data, anonymized artifacts, or exported reports for such purposes.

4.6 Automation, scraping, and load abuse

You may not:

  • Use bots, crawlers, scrapers, or other automated means to access SendTax except through SendTax's officially documented integrations or with written permission.
  • Generate load that exceeds the rate limits SendTax has configured on specific endpoints. Current limits are enforced server-side and are not a target — they exist to keep the service usable for everyone.
  • Circumvent or attempt to circumvent rate limits, CAPTCHA, anti-abuse measures, or other technical controls.
  • Conduct vulnerability testing, penetration testing, or load testing against SendTax without prior written authorization. Coordinated security research is welcomed via § 7.

5. Obligations specific to tax professionals

If you use SendTax as a tax preparer, you additionally agree that:

  • Valid PTIN. You hold a current, valid IRS-issued Preparer Tax Identification Number (PTIN). SendTax stores your PTIN as a required identifier on your preparer profile and enforces uniqueness at the database level.
  • IRS Publication 1345 compliance. You will comply with the applicable requirements of IRS Publication 1345 ("Handbook for Authorized IRS e-file Providers of Individual Income Tax Returns"), including its security and record-retention obligations.
  • Circular 230 compliance. You will comply with Treasury Circular 230 ("Regulations Governing Practice before the Internal Revenue Service"), including its standards of competence and conduct.
  • Authorization for each client. You will obtain and retain the IRS-required authorization for each filer whose data you access inside SendTax. You will not access, copy, export, or share a filer's data without that authorization.
  • Client-data hygiene. You will not export filer documents from SendTax for purposes outside the engagement, store them in unrelated systems, or share them with anyone who does not have a legitimate need to know.
  • Promptly terminating relationships. When an engagement ends, you will mark the corresponding tenant-filer link as ended in SendTax (which revokes your firm's access on the next authenticated request).
  • Reporting incidents. You will tell SendTax at [email protected] as soon as you become aware of any compromise of client data routed through SendTax or of any suspected misuse of SendTax by another user.

6. Content uploaded by users

Ownership

You retain ownership of all documents and information you upload to SendTax. SendTax does not claim ownership of your tax documents, returns, or supporting records.

License to operate the service

To operate the service, you grant SendTax a limited, non-exclusive license to store, transmit, encrypt, render, classify, and otherwise process your uploaded content solely for the purpose of providing the service to you and (where applicable) to your authorized tax professional.

This license ends when your account is deleted, subject to the legal retention obligations described in our Data Retention and Deletion Policy.

Training data

SendTax does not use your documents to train models without your explicit opt-in. Anonymized contributions to model training are a separate, consent-gated feature; see our consent text in the product and the Data Retention and Deletion Policy § 2.3 for retention details on contributed artifacts.

Responsibility for content

You are responsible for the accuracy and lawfulness of what you upload. SendTax does not pre-screen uploaded content but reserves the right to review, restrict, or remove content that violates this AUP, the Terms, or applicable law.


7. Security research and responsible disclosure

SendTax welcomes good-faith security research.

You may, without prior permission, identify and report vulnerabilities by:

  • Testing only against your own SendTax accounts, or accounts you have explicit written authorization to test.
  • Avoiding any access to, modification of, or exfiltration of other users' data.
  • Avoiding service disruption, including denial-of-service attempts and load-testing of production endpoints.
  • Stopping as soon as you confirm a vulnerability and reporting it privately.

Report findings to [email protected]. We commit to:

  • Acknowledging your report within 2 business days.
  • Working in good faith with you under standard responsible-disclosure norms.
  • Not pursuing legal action against researchers who act in good faith under recognized safe-harbor norms (Computer Fraud and Abuse Act carve-outs for authorized testing and equivalent international frameworks).

We do not currently operate a paid bug-bounty program; recognition is at our discretion.


8. Reporting AUP violations by others

If you believe another SendTax user is violating this AUP — for example, by accessing data they should not access, soliciting tax fraud, or harassing you — please tell us at [email protected] (for security or safety-related concerns) or [email protected] (for privacy-related concerns). Reports are reviewed by SendTax operators and may be investigated under our Incident Response Policy.


9. Consequences of violation

SendTax takes a graduated approach to enforcement. The actions available to us — singly or in combination — include:

  • Notice. We may contact the responsible account holder and ask them to stop.
  • Rate limiting or temporary restriction. We may apply additional technical limits to an account suspected of automated abuse or other load-related misuse.
  • Suspension. We may suspend access to the account while we investigate.
  • Termination. We may terminate the account in accordance with the Terms & Conditions, including with respect to records we are required to retain by law.
  • Reporting to authorities. Where we observe activity that may constitute a crime — particularly tax fraud, identity theft, or child safety violations — we may report to and cooperate with the relevant law enforcement or regulatory authorities.
  • Cooperation in civil matters. We may comply with valid legal process (subpoena, court order) requesting information about account activity.

Severity, intent, harm to others, and the user's history are all considered in choosing the response. Egregious violations (e.g., deliberate fraud, child safety violations, malware distribution) may result in immediate termination without prior notice.


10. Changes to this policy

We may update this AUP from time to time. Material changes will be communicated to account holders in advance where commercially reasonable, using the notification mechanism described in our Vendor Management Policy § 10.

Continued use of SendTax after a change takes effect constitutes acceptance of the updated policy.

This policy is reviewed at least annually and whenever:

  • A regulatory obligation we are subject to changes materially.
  • A new SendTax feature creates use cases not addressed here.
  • A real incident reveals a gap.

11. Contact

Security disclosures and AUP violations[email protected]
Privacy inquiries[email protected]
General[email protected]
Operating entityHowell & Gibbs LLC