Acceptable Use Policy (UAP)

This Acceptable Use Policy (“UAP”) applies to all users of TaxWallet, including tax professionals, staff members, administrators, managers, and taxpayers accessing the mobile app.

This UAP is incorporated into the Terms of Service and is strictly enforced to protect system integrity, platform security, user data, and regulatory compliance.

Users may not, under any circumstances:

• Upload, transmit, or store fraudulent, altered, or unlawfully obtained documents.

• Use TaxWallet to engage in identity theft, refund fraud, preparer fraud, stolen identity refund schemes (SIRF), or any activity violating IRS or state tax laws.

• Use multiple accounts to manipulate billing, referral credits, or return processing limits.

• Attempt to access accounts, data, or documents belonging to another user or firm without authorization.

• Reverse engineer, copy, scrape, or extract proprietary logic, code, workflows, or AI models.

• Upload malware, ransomware, trojans, web shells, scripts, or automated tools designed to interfere with system operations.

• Circumvent security controls, MFA, rate limits, IP restrictions, or device verification.

• Use TaxWallet for any illegal, abusive, obscene, violent, harassing, or harmful activity.

• Abuse the communications system (SMS/email) for spam, harassment, unauthorized marketing, or phishing attempts.

Any violation of this section may result in permanent account termination with no refund.

Users must comply with all IRS, state, and banking partner requirements.

Prohibited activities include:

• Filing returns without taxpayer authorization,

• Uploading falsified KYC/AML identity records,

• Manipulating refund estimates or government forms,

• Attempting to bypass banking partner compliance workflows.

Tax professionals are solely responsible for verifying the accuracy of all return data, forms, signatures, and banking product selections.

The TaxWallet mobile app may not be used to:

• Capture documents belonging to a person without their permission,

• Impersonate another taxpayer, preparer, or authorized representative,

• Bypass face verification, ID capture, or selfie checks.

Device identifiers must not be tampered with, spoofed, or reset to circumvent access rules.

Users must ensure all uploads are lawful, accurate, and authorized.

Prohibited uploads include:

• Fake IDs, fake W-2s, 1099s, or falsified government documents,

• Obscene content, images of minors, or illegal material,

• Documents belonging to persons who did not grant permission.

Uploads are monitored using automated and human review tools for fraud prevention.

TaxWallet provides SMS/email/mobile notifications strictly for tax-related communications.

Users may not:

• Send mass marketing, spam, or unsolicited promotions,

• Harass, abuse, or threaten taxpayers or staff,

• Spoof phone numbers, email addresses, or identity information.

TaxWallet may suspend messaging privileges immediately when misuse is detected.

Users may not abuse or exploit TaxWallet AI or API services.

Prohibited actions include:

• Automated scraping, mining, or bulk extraction of data,

• Using AI tools to generate falsified documents, returns, or identity records,

• Uploading AI-generated false tax forms or financial data,

• Attempting to access internal APIs, hidden endpoints, or administrative controls.

TaxWallet may throttle or terminate access if API or AI resources are misused or overloaded.

Owners, administrators, and firm managers are responsible for actions performed by their staff.

This includes:

• Ensuring proper permissions are assigned,

• Revoking access for terminated employees,

• Monitoring suspicious staff activity,

• Maintaining internal compliance controls.

TaxWallet is not responsible for unauthorized access caused by weak internal controls at the firm level.

Every user must maintain reasonable security practices, including:

• Using a strong password and enabling MFA,

• Keeping devices free of malware,

• Not sharing accounts or passwords,

• Reporting any suspected breach immediately.

Failure to maintain adequate security hygiene constitutes a violation of this policy.

TaxWallet may take immediate action, including but not limited to:

• Temporary suspension,

• Permanent account termination,

• Locking or restricting access to documents and communications,

• Reporting fraudulent or unlawful activity to authorities (IRS, law enforcement, banking partners),

• Pursuing reimbursement for damages or legal costs.

Refunds will not be issued for accounts terminated for violations.

Suspected violations should be reported to:

TaxWallet Security Operations

Email: security@taxwallet.ai

TaxWallet investigates all reports promptly and confidentially.

TaxWallet may update this UAP at any time to reflect new security standards, regulatory changes, or operational requirements.

Material updates will be communicated through the dashboard or mobile app.

Continued use of the Services after changes constitutes acceptance of the updated policy.