Privacy Policy

1. Information We Collect

1.1 Personal Identification Information

We collect personal information necessary to provide professional tax, accounting, and business formation services, including:

• Identity Information: Full legal name, date of birth, Social Security Number (SSN), Employer Identification Number (EIN), state identification numbers, driver's license information
• Contact Information: Mailing address, email address, phone number (mobile and landline), preferred communication methods
• Professional Information: Business name, occupation, employment status, employer information, business ownership details, professional licenses

1.2 Financial Information

To prepare accurate tax returns and provide accounting services, we collect:

• Income Information: W-2 forms, 1099 forms, K-1 schedules, business income statements, investment income, rental property income, retirement distributions
• Expense Information: Business expenses, charitable contributions, medical expenses, educational expenses, deductible costs
• Banking Information: Bank account numbers and routing numbers (for direct deposit/payment), credit card information (for payment processing only), investment account details
• Asset Information: Real estate holdings, business assets, investment portfolios, ownership interests in entities, depreciation schedules
• Debt Information: Mortgage details, business loans, student loan information, other liabilities

1.3 Business Entity Information

For business setup and entity selection services:

• Entity structure and ownership percentages
• Member/shareholder/partner information
• Operating agreements and corporate documents
• State and federal registration details
• BOI (Beneficial Ownership Information) for FinCEN reporting

1.4 Information Collected Through Our Website and Tools

Interactive Tools:

• Deduction Discovery Tool: Business entity type selection, user navigation patterns (to improve tool functionality)
• Entity Selection Wizard: Business profile information, revenue projections, ownership structure preferences, state of operation
• Tool usage does not require submission of personal identifying information unless you voluntarily provide it

Website Usage Information:

• IP address and general location data
• Browser type and version
• Device information (desktop, mobile, tablet)
• Pages visited, time spent on pages, click patterns
• Referral source (how you found our website)
• Date and time of visits

Cookies and Tracking Technologies:

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website traffic and performance through Google Analytics
• Improve user experience and website functionality
• We do NOT use cookies for targeted advertising or cross-site tracking

1.5 Consultation Booking Information

When you schedule a consultation through our booking system:

• Name and contact information
• Preferred appointment date/time
• Brief description of your tax situation or needs
• Current tax service provider information (if applicable)
• Approximate income range and business structure

1.6 Document Uploads and Portal Information

Through our secure client portal:

• Tax documents (previous returns, forms, receipts)
• Financial statements and bank records
• Legal documents (contracts, agreements, entity documents)
• Correspondence and notes exchanged during service delivery
• Login credentials and access logs

1.7 Payment Information

• Payment method details (credit card, ACH information)
• Billing address
• Transaction history and invoicing records

2. How We Use Your Information

We use the information we collect for the following legitimate business purposes:

2.1 Primary Service Delivery

• Tax Preparation and Filing: Preparing federal, state, and local tax returns; calculating tax liability; filing returns with appropriate tax authorities
• Tax Planning and Strategy: Developing tax-minimization strategies, projecting quarterly tax obligations, analyzing entity structure efficiency
• Accounting and Bookkeeping: Recording financial transactions, reconciling accounts, generating financial statements, managing payroll
• Business Formation: Filing articles of organization/incorporation, obtaining EINs, registering with state agencies, filing BOI reports with FinCEN
• IRS and State Correspondence: Responding to notices, managing audits, negotiating payment plans, resolving tax controversies

2.2 Client Service and Communication

• Providing our 48-hour response guarantee with service credits
• Scheduling and conducting consultations, strategy sessions, and reviews
• Sending compliance reminders and deadline notifications
• Providing annual tax planning reviews and entity optimization recommendations
• Responding to client inquiries via phone, email, video calls, or in-person meetings

2.3 Operational Purposes

• Verifying client identity and preventing fraud
• Processing payments and maintaining billing records
• Maintaining accurate client records for ongoing service
• Quality assurance and internal training
• Complying with professional standards and ethical obligations

2.4 Legal and Regulatory Compliance

• Meeting IRS record retention requirements (minimum 3 years, up to 7 years for certain documents)
• Complying with state-specific retention requirements
• Fulfilling subpoena, court order, or other legal process requirements
• Satisfying professional liability insurance documentation requirements

2.5 Website and Tool Improvement

• Analyzing website usage patterns to improve user experience
• Enhancing our interactive tools (Deduction Discovery Tool, Entity Selection Wizard)
• Identifying and fixing technical issues
• Testing new features and functionality

3. Legal Basis for Processing (California Residents)

Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), we process your information based on:

• Contractual Necessity: To fulfill our engagement agreement and provide requested services
• Legal Obligations: To comply with tax laws, regulatory requirements, and professional standards
• Legitimate Interests: To operate our business efficiently, prevent fraud, and maintain service quality
• Your Consent: When required by law for specific processing activities

4. Information Sharing and Disclosure

4.1 When We Share Information

Federal and State Tax Authorities:

We submit tax returns and related information to the Internal Revenue Service (IRS), California Franchise Tax Board, and other state/local tax agencies as required to fulfill our tax preparation services.

FinCEN (Financial Crimes Enforcement Network):

For business formation clients, we file Beneficial Ownership Information (BOI) reports as required by the Corporate Transparency Act.

Payment Processors:

We share payment information with secure payment processing vendors (e.g., credit card processors, ACH providers) solely to process your payments. These providers are bound by PCI-DSS compliance standards and contractual confidentiality obligations.

Professional Service Providers:

In limited circumstances, we may share information with:

• Professional liability insurance carriers (when required for coverage)
• Legal counsel (for legal advice regarding our practice)
• IT security providers and cloud storage vendors (bound by confidentiality agreements)
• External auditors or peer reviewers (for quality control purposes, bound by professional confidentiality standards)

Business Transfers:

In the event of a merger, acquisition, or sale of all or substantially all of our assets, client information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

Legal Requirements:

We may disclose information when required by law, including:

• In response to valid subpoenas, court orders, or legal process
• To comply with regulatory investigations or audits
• To protect our legal rights or defend against legal claims
• To prevent fraud or other illegal activity

4.2 Your Consent for Disclosures

Internal Revenue Code Section 7216 and California state law require us to obtain your written consent before using or disclosing your tax return information for purposes other than tax return preparation. We will always:

• Request explicit written consent before sharing tax return information with third parties for non-tax purposes
• Clearly explain the purpose, recipient, and scope of any proposed disclosure
• Honor your right to decline consent without affecting our service quality

4.3 What We Do NOT Do

5. Data Security Measures

Protecting your sensitive financial and personal information is our highest priority. We implement comprehensive security measures that meet or exceed industry standards:

5.1 Encryption and Transmission Security

• Bank-Level Encryption: All data transmitted to and from our systems uses TLS 1.2 or higher encryption (256-bit encryption standard)
• Encrypted Storage: All client data stored on our systems is encrypted at rest using AES-256 encryption
• Secure Client Portal: Our file-sharing portal uses end-to-end encryption with multi-factor authentication
• Email Security: When possible, we use encrypted email for sensitive communications

5.2 U.S.-Based Operations (No Outsourcing)

• Domestic-Only Service Delivery: All tax preparation, bookkeeping, and advisory services are performed exclusively by our U.S.-based team
• No Offshore Access: We maintain a strict no-outsourcing policy – your information never leaves the United States or is accessed by foreign contractors
• Compliance Advantage: This approach minimizes data breach risk and ensures full compliance with U.S. privacy laws

5.3 Access Controls and Authentication

• Role-Based Access: Only authorized personnel with legitimate business needs can access client information
• Multi-Factor Authentication (MFA): Required for all staff accessing client data systems
• Unique User Credentials: Each team member has individual login credentials with activity tracking
• Access Logs: We maintain detailed logs of who accesses what information and when

5.4 Employee Vetting and Training

• Background Checks: All employees undergo comprehensive background screening before handling client data
• Confidentiality Agreements: Every team member signs strict confidentiality and non-disclosure agreements
• Ongoing Training: Regular mandatory training on data security, privacy laws, and professional ethics
• Professional Standards: Staff are bound by AICPA Code of Professional Conduct and state CPA ethical requirements

5.5 Physical and Technical Safeguards

• Secure Facilities: Our Woodland Hills office has controlled access with security monitoring
• Firewall Protection: Enterprise-grade firewalls protect our network from unauthorized access
• Antivirus and Malware Protection: Comprehensive endpoint protection on all devices
• Regular Security Audits: Periodic third-party security assessments and penetration testing
• Patch Management: Timely application of security updates to all systems
• Device Encryption: All laptops and mobile devices used for work are fully encrypted

5.6 Data Backup and Disaster Recovery

• Automated Backups: Regular encrypted backups stored in secure, geographically diverse locations
• Redundancy: Multiple backup copies ensure data availability in case of hardware failure
• Disaster Recovery Plan: Documented procedures for data recovery and business continuity
• Tested Recovery: Regular testing of backup restoration processes

5.7 Incident Response

In the unlikely event of a data security incident:

• Immediate Investigation: Rapid assessment and containment of any breach
• Client Notification: Prompt notification to affected clients as required by law
• Regulatory Reporting: Compliance with all breach notification requirements
• Remediation: Implementation of additional safeguards to prevent recurrence

6. Data Retention

6.1 Retention Periods

Tax Records:

• IRS Requirements: We retain tax returns and supporting documentation for a minimum of 3 years from the filing date, and up to 7 years when required (e.g., for substantial income understatement, business losses, or worthless securities)
• State Requirements: Some states require longer retention periods; we comply with the most stringent applicable requirement
• Best Practice: We generally retain complete client files for 7 years to adequately protect both your interests and ours

Business Formation Documents:

Entity formation documents (articles, EINs, BOI filings) are retained permanently or until the entity is dissolved, plus 7 years

Accounting and Bookkeeping Records:

Financial statements, ledgers, and bookkeeping records are retained for 7 years following the end of the relevant fiscal year

Consultation and Advisory Records:

Notes, correspondence, and strategy documents are retained for the duration of our service relationship plus 7 years

Payment Records:

Billing and payment information is retained for 7 years for tax and accounting purposes

6.2 Post-Service Retention

After our service relationship ends:

• We retain your information for the applicable retention period to meet legal obligations
• You may request copies of your records during the retention period
• After the retention period expires, we securely destroy all physical and electronic records

6.3 Secure Deletion

When records are no longer required:

• Electronic Records: Securely wiped using Department of Defense standards or destroyed through certified data destruction services
• Physical Records: Shredded using cross-cut shredding or incinerated
• Certification: We maintain records of data destruction activities

7. Your Privacy Rights

7.1 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to Know:

You have the right to request disclosure of:

• Categories of personal information we collect about you
• Specific pieces of personal information we hold
• Categories of sources from which we collected information
• Business or commercial purposes for collecting or sharing information
• Categories of third parties with whom we share information

Right to Delete:

You may request deletion of your personal information, subject to exceptions for:

• Completing the service engagement you requested
• Legal compliance and regulatory obligations (e.g., IRS retention requirements)
• Internal uses reasonably aligned with your expectations
• Exercising free speech or ensuring another's exercise of rights

Right to Correct:

You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt-Out:

You have the right to opt out of:

• Sale of Personal Information: We do NOT sell personal information
• Sharing for Cross-Context Behavioral Advertising: We do NOT share information for targeted advertising
• You may still exercise this right by contacting us using the information below

Right to Limit Use of Sensitive Personal Information:

While we process sensitive personal information (SSNs, financial data) only for necessary service purposes, you may request we limit uses beyond what is necessary for service delivery. However, limiting use may prevent us from providing services.

Right to Non-Discrimination:

We will not discriminate against you for exercising any CCPA rights. You will receive the same quality of service regardless of whether you exercise your privacy rights.

Right to Opt-Out of Automated Decision-Making:

If we use automated decision-making technology that affects you, you have the right to opt out. Currently, we do not use automated decision-making technology for significant decisions concerning consumers.

7.2 How to Exercise Your Rights

To submit a privacy request:

What to Include in Your Request:

• Full name and contact information
• Description of the specific right you wish to exercise
• Sufficient detail for us to locate your information (e.g., approximate dates of service, types of services provided)

Verification Process:

To protect your privacy, we will verify your identity before fulfilling requests. We may request:

• Information we already have on file (e.g., confirmation of services received, address)
• Additional documentation if necessary for high-risk requests

Response Timeline:

• We will acknowledge receipt of your request within 10 business days
• We will respond substantively within 45 calendar days
• If additional time is needed, we will notify you and may extend up to an additional 45 days

Authorized Agents:

You may designate an authorized agent to submit requests on your behalf. We will require:

• Signed written authorization from you
• Verification of the agent's identity
• Verification of your identity

7.3 Other Privacy Rights

Right to Access Your Files:

Clients may request copies of their tax returns and supporting documents at any time during and after our service relationship (subject to retention periods).

Right to Withdraw Consent:

If processing is based on consent, you may withdraw consent at any time. This may affect our ability to continue providing services.

Right to Opt Out of Marketing:

You may opt out of receiving marketing emails by clicking "unsubscribe" in any marketing email or by contacting us directly. Please note that even if you opt out of marketing, we may still send service-related communications.

8. Cookies and Tracking Technologies

8.1 How We Use Cookies

Our website uses cookies and similar technologies to enhance your experience:

Essential Cookies:

• Required for website functionality (e.g., secure login, navigation)
• Cannot be disabled without affecting site performance
• Do not track you across other websites

Analytics Cookies:

• Google Analytics: We use Google Analytics to understand how visitors use our website (pages viewed, time on site, traffic sources)
• Helps us improve website structure and content
• Google Analytics may collect IP addresses (anonymized), browser type, and general location

Preference Cookies:

• Remember your settings and preferences (e.g., language, display preferences)
• Improve user experience on return visits

8.2 What We Do NOT Use

• Advertising Cookies: We do not use cookies for targeted advertising
• Cross-Site Tracking: We do not track your activity across other websites
• Social Media Pixels: We do not use social media tracking pixels

8.3 Cookie Management

Browser Controls:

You can control cookies through your browser settings:

• Block all cookies
• Accept only first-party cookies
• Delete cookies after each session
• Receive alerts when cookies are set

Note: Disabling cookies may affect website functionality, including the ability to use our interactive tools or schedule consultations.

Google Analytics Opt-Out:

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

9. Third-Party Links

Our website may contain links to third-party websites, including:

• IRS.gov and state tax agency websites
• Professional organizations (AICPA, state CPA societies)
• Business formation resources
• Educational content providers

Important: Once you leave our website, you are subject to the privacy policies of those third-party sites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have inadvertently collected information from a child under 13, we will promptly delete such information from our records.

If you believe we have collected information from a child under 13, please contact us immediately at contact@truearctax.com.

11. Do Not Sell or Share My Personal Information

12. California "Shine the Light" Law

Under California Civil Code Section 1798.83, California residents have the right to request information regarding our disclosure of personal information to third parties for direct marketing purposes.

Our Practice: We do not disclose personal information to third parties for their direct marketing purposes. If this practice changes, we will update this Privacy Policy and provide California residents with an opt-out mechanism.

13. Professional Standards and Ethical Obligations

Beyond legal requirements, we are bound by professional standards that impose additional confidentiality obligations:

13.1 AICPA Code of Professional Conduct

• Prohibits disclosure of confidential client information without specific consent
• Requires safeguarding of client information
• Establishes ethical standards exceeding legal minimums

13.2 Internal Revenue Code Section 7216

• Federal criminal statute prohibiting unauthorized disclosure or use of tax return information
• Violations subject to fines up to $1,000 per violation and/or imprisonment up to one year
• Applies to all tax return preparers, including enrolled agents and CPAs

13.3 California Business and Professions Code

• State-level confidentiality requirements for CPAs and tax preparers
• Prohibits disclosure without client consent, except as required by law

13.4 State Board of Accountancy Rules

• Professional licensing boards enforce strict confidentiality standards
• Violations can result in license suspension or revocation

These professional obligations ensure your information receives the highest level of protection, regardless of whether specific legal requirements apply.

14. International Data Transfers

All client information is processed and stored exclusively within the United States. We do not transfer data to foreign countries or utilize offshore service providers. This domestic-only approach:

• Ensures compliance with U.S. privacy laws
• Minimizes data security risks
• Provides clients with U.S. legal protections
• Aligns with our commitment to superior data security

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or industry standards.

How We Notify You:

• Material Changes: For significant changes affecting how we use your information, we will provide prominent notice on our website and via email to active clients at least 30 days before the changes take effect
• Non-Material Changes: For minor updates (e.g., clarifications, contact information updates), we will update the "Last Updated" date at the top of this policy

Your Continued Use: Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with changes, you may discontinue services and request deletion of your information (subject to legal retention requirements).

Reviewing Changes: We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information.

16. Contact Information and Privacy Officer

Privacy Inquiries

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Contact Information

Complaint or Concern Process

If you believe we have not adequately addressed your privacy concern:

1. Contact Us First: Please give us the opportunity to resolve your concern by contacting our Privacy Officer
2. California Privacy Protection Agency: California residents may file complaints with the California Privacy Protection Agency at https://cppa.ca.gov or by calling 916-217-3320
3. State Board of Accountancy: Professional conduct complaints may be filed with the California Board of Accountancy at www.cba.ca.gov

17. Accessibility

We are committed to ensuring our Privacy Policy is accessible to all individuals. If you have difficulty accessing this policy due to a disability, please contact us at contact@truearctax.com or (747) 224-7392, and we will provide the information in an alternative format.

18. State-Specific Privacy Rights

California

Detailed California privacy rights under CCPA/CPRA are described in Section 7.1 above.

Other States

If you reside in a state with specific privacy laws (e.g., Virginia, Colorado, Connecticut), you may have additional rights. Please contact us at contact@truearctax.com to inquire about rights specific to your state.