Your data is yours.

When you use WageDefender, we collect the information you provide directly: officer name, W-2 wages, S-corporation gross revenue, selected SOC occupation codes, and any supporting financial figures you enter during intake.

We also collect technical information automatically: your IP address (used only for abuse rate-limiting and fraud prevention), browser fingerprint metadata, and session activity logs. These are retained for security purposes only and are not used for profiling or advertising.

If you create an account, we collect your email address and a hashed credential. We do not store passwords in plaintext.

We do not collect — and our intake form does not ask for — Social Security Numbers, Employer Identification Numbers, bank account or routing numbers, or credit or debit card numbers. Payment processing is handled exclusively by Stripe and subject to Stripe's own privacy policy. We receive only a tokenized payment reference; no card data touches our servers.

Intake data is used solely to generate your reasonable compensation report. We do not sell, license, or share your personal or financial data with third parties for marketing, advertising, or analytics purposes. We do not build advertising profiles from your usage.

De-identified, aggregated statistics (e.g., median reported revenue by SOC code) may be used internally to improve methodology benchmarks.

Your report data and account information are stored in Supabase, hosted on AWS US-East-1 infrastructure. Data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Supabase's infrastructure is SOC 2 Type II certified.

No data is stored outside the United States.

Delivered reports are retained in your account indefinitely so you can access, download, or refresh them at any time. Raw intake data submitted during report generation is retained for seven (7) years to support compliance documentation and audit-defense requests.

If you request account deletion, your intake data will be removed within 30 days, subject to our legal retention obligations. Delivered reports are purged on the same schedule.

You may request an export of your data or request deletion of your account and associated intake data at any time by emailing hello@wagedefend.com. We will acknowledge your request within five (5) business days and complete it within thirty (30) days unless a legal hold applies.

If you are a California resident, you may have additional rights under the CCPA/CPRA, including the right to know, the right to correct, and the right to opt out of the sale of personal information. We do not sell personal information. Contact us at the email above to exercise any of these rights.

We use a single session cookie for authentication state — no tracking cookies, no third-party ad-network cookies. PostHog analytics is active on the marketing surface with IP address anonymization enabled. PostHog does not receive your name, financial data, or report content.

You can disable cookies in your browser settings. Disabling cookies will prevent login to your dashboard but will not affect your ability to read public pages.