Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect personal information you provide directly to us, including but not limited to:

• Name, email address, phone number, and mailing address
• Business information including company name, tax ID, and industry type
• Financial information necessary for bookkeeping and consulting services
• Payment information (processed securely through Stripe, Inc.)
• Communications, correspondence, and service requests submitted through our client portal
• Account credentials and authentication information
• Documents and files uploaded through our client dashboard or document management system
• Referral program participation data, including referral codes and referred contact information

1.2 Automatically Collected Information

• IP address, browser type, and operating system
• Device identifiers and mobile device information
• Website usage data, page views, and click-through rates
• Geographic location data (city/state level)
• Cookies and similar tracking technologies data
• Client portal activity, including dashboard interactions, widget preferences, and feature usage patterns

1.3 AI Chatbot and Conversational Data

Our website includes an AI-powered chatbot designed to answer questions about our services and help visitors navigate the site. When you interact with the chatbot:

• We collect the text of your messages and the chatbot's responses
• Session identifiers are used to maintain conversation context
• We may record response quality metrics, processing times, and confidence scores for service improvement
• Chatbot conversations may be reviewed to improve response accuracy and identify knowledge gaps
• We do not use chatbot conversations to build individual user profiles for advertising purposes

The chatbot is not a substitute for professional advice. Do not submit sensitive personal information, passwords, Social Security numbers, or financial account numbers through the chatbot.

1.4 Third-Party Sources

We may receive information about you from third-party services, including QuickBooks Online, financial institutions, and other business software platforms when you connect these services to our platform. If you connect your Google Drive account to our platform, we access only the specific folders and files necessary to provide document management services as described in your service agreement.

1.5 Newsletter and Marketing Communications

When you subscribe to our newsletter or marketing communications, we collect your email address and any preferences you indicate. We may track email open rates, click-through rates, and engagement metrics to improve our communications. You can unsubscribe at any time using the link in any email or by visiting our unsubscribe page.

2. How We Use Your Information

We use collected information for the following business purposes:

• Provide, maintain, and improve our bookkeeping, consulting, automation, and web design services
• Process payments, manage billing, and maintain financial records
• Operate and improve our client portal, dashboard, and document management features
• Power AI chatbot responses and improve conversational accuracy using aggregated interaction data
• Communicate service updates, account information, and customer support responses
• Send marketing communications about new services and offerings (with consent)
• Deliver newsletter campaigns and measure engagement
• Manage referral program participation, track referral credits, and process rewards
• Analyze website usage and service performance for improvement purposes
• Comply with legal obligations and enforce our Terms of Service
• Prevent fraud, security breaches, and other harmful activities
• Personalize user experience, including dashboard widget configuration and content preferences

3. Information Sharing and Disclosure

We do not sell, rent, or trade personal information to third parties. We may share information in the following circumstances:

3.1 Service Providers

• Supabase: Database hosting, user authentication, file storage, and serverless function execution
• Stripe: Payment processing, subscription management, invoicing, and financial transaction services
• QuickBooks Online (Intuit): Bookkeeping and accounting software integration
• Google: Google Drive file synchronization and backup services (when connected by the client)
• AI model providers: Processing chatbot queries (conversation text is sent to AI model providers for response generation; no personally identifiable information is intentionally included beyond the message content)
• Email delivery services: Sending transactional emails, newsletter campaigns, and service notifications
• Cloud storage providers: Secure document storage and backup services

3.2 Legal Requirements

• To comply with applicable laws, regulations, or legal processes
• To respond to government requests or court orders
• To protect our rights, property, or safety, or that of our users
• To investigate and prevent fraud or security violations

3.3 Business Transfers

In connection with any merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

3.4 Referral Program

If you participate in our referral program, we share limited information (such as referral status and credit amounts) with referring parties as necessary to administer the program. We do not share the referred party's personal details with the referrer beyond confirmation of successful referral.

4. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience:

4.1 Types of Cookies

• Essential Cookies: Required for website functionality, authentication, and security
• Analytics Cookies: Help us understand website usage and performance
• Preference Cookies: Remember your settings, dashboard layout, and customizations
• Marketing Cookies: Used to deliver relevant advertisements (with consent)

You can control cookie preferences through your browser settings. Disabling certain cookies may limit website functionality and service availability, including client portal features.

5. Data Security and Protection

We implement industry-standard security measures to protect your information:

• SSL/TLS encryption for all data transmission
• Row-level security policies ensuring clients can only access their own data
• Multi-factor authentication support for account access
• Regular security audits and vulnerability assessments
• Role-based access controls separating client and administrative data
• Secure cloud infrastructure with access controls and encryption at rest
• Data backup and disaster recovery procedures
• Rate limiting and circuit breaker protections on AI and API services

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will promptly notify you of any known data breaches as required by law.

6. Data Retention and Storage

We retain personal information for the following periods:

• Active account information: For the duration of your service agreement
• Financial records: 7 years as required by federal tax regulations
• Client portal data and uploaded documents: For the duration of the service relationship, plus 90 days after termination for transition purposes
• AI chatbot conversation logs: 12 months for service improvement, then aggregated and anonymized
• Newsletter subscription data: Until you unsubscribe or opt-out
• Referral program records: For the duration of program participation plus 2 years
• Website analytics: 26 months for performance analysis
• Legal compliance data: As required by applicable laws

Data is stored securely in the United States using cloud infrastructure providers that comply with applicable data protection standards.

7. Your Privacy Rights

7.1 General Rights

• Access: Request copies of your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations and data retention requirements)
• Portability: Request transfer of your data in a machine-readable format
• Objection: Object to processing of your personal information for marketing purposes
• Chatbot Data: Request deletion of your chatbot conversation history

7.2 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know what personal information is collected, used, shared, and sold
• Right to request deletion of personal information
• Right to opt-out of the sale or sharing of personal information (we do not sell personal information)
• Right to correct inaccurate personal information
• Right to limit use and disclosure of sensitive personal information
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at [email protected]. We will verify your identity before processing requests and respond within 45 days.

8. Children's Privacy

Our services are designed for business use and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will delete such information immediately.

9. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your jurisdiction. We ensure appropriate safeguards are in place to protect your information during such transfers.

10. Third-Party Links, Services, and Integrations

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Our website links to external verification platforms (such as Credly and Intuit's ProAdvisor directory) for credential verification purposes. When you click these links, you leave our website and are subject to those platforms' privacy policies.

If you connect third-party services to your account (such as Google Drive or QuickBooks), those integrations are governed by both this Privacy Policy and the respective third-party service's privacy policy. You can disconnect third-party integrations at any time through your account settings.

11. AI and Automated Decision-Making

We use artificial intelligence in the following ways:

• Chatbot: Our website chatbot uses AI to respond to visitor questions about services, pricing, and general business topics. The chatbot does not make decisions about your account or services.
• Content Generation: Some blog and knowledge base content may be AI-assisted in drafting, but all published content is reviewed and approved by our team.
• Analytics: We may use AI-assisted tools to analyze service performance and identify areas for improvement. These tools process aggregated data and do not make individual decisions about clients.

No automated decision-making processes are used to determine service eligibility, pricing, or access to your account. All significant decisions affecting your service relationship are made by human team members.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes by email or prominent notice on our website at least 30 days before the changes become effective. Your continued use of our services after such notification constitutes acceptance of the updated policy.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: