Skip to content
Tariffi
Customs Brokers: Partner with us →

Privacy Policy

Effective 2026-04-14 · Version 1.0

1. What we collect

  • Identifying information: company name, EIN, state of incorporation, contact email.
  • Customs records: CBP Form 7501 data, HTS codes, duty paid, entry numbers.
  • Banking details: your bank's routing/account number for disbursement only.
  • Usage data: IP address, browser, page views, session logs (for security and fraud prevention).

2. How we use it

  • To prepare and coordinate CAPE declaration filings with our licensed broker partners.
  • To process refund disbursements via our trust account (ACH only).
  • To respond to CBP Form 28 / Form 29 audit requests on your behalf.
  • To operate, secure, and improve our platform.

3. Encryption + security

  • Sensitive data (EIN, bank details, CBP entry identifiers) is encrypted at rest with AES-256-GCM.
  • All API traffic is secured with TLS 1.2 or higher.
  • Database access is role-scoped and audit-logged.
  • We follow SOC 2 Type II operational controls (audit in progress).

4. Who we share with

We share your data with: (a) the licensed customs broker partner who files your CAPE declaration (under the Limited Power of Attorney you sign); (b) CBP via that partner's filing; (c) our banking partner for trust-account settlement; (d) subprocessors bound by written data-processing agreements (hosting, logging, email delivery).

We do not sell personal information.

5. Retention

Entry data and related records are retained for seven (7) years from claim disposition to support CBP post-refund audits (per 19 CFR Part 163 record-retention requirements). Account information is kept while your account is active; you may request deletion of non-regulated data at any time.

6. Your rights

You may: access your data, correct inaccurate data, request deletion of non-regulated data, and object to certain processing. California residents have additional rights under the CCPA. Requests: privacy@tariffi.io.

7. Changes

We will notify you by email of material changes to this policy and provide a revised effective date. Continued use of the Services after the effective date constitutes acceptance of the revised policy.

Back homeTerms of ServiceRegulatory disclosures