Privacy
Last updated: 2026-05-18
CP2000 Helper is an educational document assistant for IRS CP2000 notices. This page describes what the app collects and how that data is handled. This is not tax advice.
What we collect
- The IRS notice file you upload (PDF), if you choose the upload path.
- The notice details you enter, if you choose the manual entry path.
- The fields we extract from your notice (notice type, tax year, response deadline, proposed amount, payer or source).
- The answers you provide on the questionnaire.
- The response report and draft letter we generate for you.
- An optional email field exists in our schema but is not collected, sent, or shown in this version — there is no email-send feature.
How we use it
Your uploaded notice, manually entered details, and questionnaire answers are used to generate your response pack — the notice summary, response strategy, evidence checklist, mailing checklist, and draft response letter. Generated reports and draft letters may be stored for the duration of your session so you can come back and review them.
Where it's stored
Uploaded files are stored in a private storage bucket and are only accessed by our server-side workflow. Database rows live in our Supabase project. The browser never reads from storage directly — files and extracted fields are returned only as part of rendering your own session.
Who has access
Server-side only. Files and answers are not exposed to the client browser except as part of rendering your own session. The session URL is the access token; if you share it, others may see your data.
Logging
The app avoids logging the full content of your tax notice. Server logs record operational events (request paths, error codes, timing, model usage) and structured fields like session ids — they do not include raw notice text, extracted notice fields, prose body, or draft letter content.
Retention and deletion
During the beta, sessions are automatically deleted after a retention period (the database stores an expires_at timestamp; currently about 30 days from when the session was created). When a session is cleaned up, its uploaded file is removed from storage and the related records — extracted fields, your answers, and the generated response pack — are deleted along with it.
You can also delete your data manually at any time using the "Delete my data" button in the page footer on any session-scoped page. That removes the uploaded file from storage and the session record immediately.
AI processing
If you upload a notice, the text we read from your uploaded PDF may be sent to Anthropic's commercial API so we can extract the notice fields (notice type, tax year, response deadline, proposed amount, payer or source). When we later generate your response report and draft letter, we work from those structured fields rather than re-sending the raw notice text. If you would rather not send any notice text to Anthropic, you can use the manual entry path instead of uploading a file.
According to Anthropic's commercial product policy, inputs and outputs from the Anthropic API are not used to train models by default. See Anthropic's data usage policy for current details: anthropic.com/legal/privacy.
Third parties
We use Anthropic for AI inference and Supabase for database and storage. No other vendors process your data in this version.
Cookies and tracking
We do not use cookies for tracking. We use a small browser-storage value (localStorage) to remember your last session on this device. You can clear it via "Delete my data" or by clearing your browser data.
Rate limits
We apply per-session rate limits to prevent abuse. In this version rate limits are tracked in server memory and reset when the server restarts.
Private beta
This is an early / private beta. Features, retention, and the policies described here may change as the product evolves.
Contact
For data requests, use the "Delete my data" button on any session-scoped page, or the "Send feedback" link shown on the report page during the private beta.