Effective Date: Draft — pending review
Last Updated: June 4, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between TaxPulse Inc. ("TaxPulse," the "Processor") and the Customer (the tax firm or professional, the "Controller"). It governs TaxPulse's processing of taxpayer and client information ("Client Data") on the Controller's behalf.
The Controller determines the purposes and means of processing Client Data. TaxPulse acts solely as a Processor, processing Client Data only on the Controller's documented instructions, including as set out in the Terms and this DPA. The Controller is responsible for the lawful basis of processing and for any client consents required (including under IRC §7216).
TaxPulse processes Client Data only to provide and support the Service — for example, storing client records and returns, collecting documents, enabling engagement and e-signature, and facilitating client communications. TaxPulse will not use Client Data for its own purposes, will not sell it, and will not disclose it except as permitted in this DPA.
TaxPulse acknowledges that Client Data may include "tax return information" subject to IRC §7216 and §6713. TaxPulse will treat such information as confidential, use it only to provide the Service as an auxiliary service provider to the Controller, and will not disclose or use it for any other purpose without the Controller's instruction and any required taxpayer consent.
TaxPulse ensures that personnel authorized to process Client Data are bound by appropriate confidentiality obligations and access Client Data only as needed to provide and support the Service.
TaxPulse maintains administrative, technical, and physical safeguards designed to protect Client Data, including encryption in transit and at rest for sensitive fields, role-based access controls, network protections, logging, and monitoring. The Controller is responsible for configuring its own account access and protecting its credentials.
The Controller authorizes TaxPulse to engage subprocessors (such as cloud hosting, payment processing, and communications providers) to support the Service. TaxPulse imposes data-protection obligations on subprocessors no less protective than this DPA and remains responsible for their performance. A current list of subprocessors is available on request, and TaxPulse will give notice of material changes.
Taking into account the nature of the processing, TaxPulse will provide reasonable assistance to the Controller in responding to requests from individuals to access, correct, or delete their information, and in meeting the Controller's security and breach-notification obligations.
TaxPulse will notify the Controller without undue delay after becoming aware of a confirmed breach of security leading to the unlawful destruction, loss, alteration, or unauthorized disclosure of Client Data, and will provide information reasonably available to help the Controller meet its obligations.
Upon termination of the Service, TaxPulse will, at the Controller's election, make Client Data available for export for 30 days and then delete it, unless retention is required by law (including tax recordkeeping requirements).
Upon reasonable written request, and subject to confidentiality, TaxPulse will make available information necessary to demonstrate compliance with this DPA.
This DPA remains in effect for as long as TaxPulse processes Client Data on the Controller's behalf. In the event of a conflict between this DPA and the Terms regarding the processing of Client Data, this DPA controls.
TaxPulse Inc.
Fajardo, Puerto Rico
Email: sales@taxpulse.app
Phone: (787) 822-9176