Privacy Policy

Part I: Introduction and Scope of This Policy

Last Updated: 8/15/2025

(“the Firm,” “we,” “us,” “our”) is deeply committed to maintaining the trust and confidence of our clients. Protecting the privacy and security of your personal information is a core component of our professional responsibility and a fundamental aspect of our business operations. This Privacy Policy outlines our practices regarding the collection, use, protection, and disclosure of personal information.

This policy applies to all personal information we collect, whether through our public website(s), our secure client portal(s), email and other electronic communications, or in the course of providing professional accounting, tax, advisory, and related services (“Services”). As a provider of professional financial services, we are classified as a “financial institution” under federal law and are dedicated to protecting your nonpublic personal information in accordance with all applicable federal and state laws and our professional standards of confidentiality. In our capacity as the entity that determines the purposes and means of processing your personal data, we act as the “data controller” for the information you provide.

Part II: Information We Collect and How We Collect It

To provide our Services effectively and operate our business, we collect various types of personal information. The nature and sensitivity of this information vary depending on your interaction with us. We collect information through several distinct methods, reflecting a hierarchy from general website interaction data to the highly sensitive financial information necessary for our professional engagements.

A. Information You Provide Directly to Us

We collect personal information that you voluntarily provide to us when you interact with our digital platforms or engage with our team. This includes information submitted through:

  • Contact forms, inquiry forms, or proposal requests on our website.
  • Registration for newsletters, webinars, events, or other marketing communications.
  • Account creation and use of our secure client portal.
  • Tax organizers, engagement letters, applications, and other forms you complete as part of our client onboarding and service delivery process.

The categories of personal information collected through these direct means typically include Identifiers (such as your real name, alias, postal address, email address, and telephone number) and Professional or Employment-Related Information.

B. Information We Collect in the Course of Providing Services

The performance of our professional Services necessitates the collection and processing of detailed and often highly sensitive personal and financial information. This information is essential for us to fulfill our contractual and professional obligations to you. The categories of information collected in this context are extensive and may include, but are not limited to:

  • Sensitive Personal Identifiers: Social Security numbers, driver’s license numbers, passport numbers, and other government-issued identifiers.
  • Personal Financial Information: Bank account numbers, brokerage and investment account statements, credit and debit card numbers, income and earnings records, records of personal property, tax documents, and credit history.
  • Protected Classification Characteristics: Information such as your age, date of birth, marital status, and information about your spouse or dependents as required for tax and financial planning purposes.

This type of information constitutes “Nonpublic Personal Information” (NPI) under the federal Gramm-Leach-Bliley Act (GLBA) and may include “Sensitive Personal Information” (SPI) under state laws like the California Privacy Rights Act (CPRA). We treat this information with the highest level of care and security.

C. Information We Collect Automatically

When you visit our website or interact with our digital platforms, we may automatically collect certain technical information about your device and browsing activity. This is primarily done to ensure the security and functionality of our website and to improve user experience. This category of data includes:

  • Internet or Other Electronic Network Activity: Your Internet Protocol (IP) address, browser type and version, operating system, the pages you view on our site, the time and duration of your visit, and page interaction information (such as scrolling and clicks).
  • Cookies and Similar Technologies: We use cookies, which are small data files stored on your device, to help our website function and to gather analytical data. A detailed explanation of our use of cookies is provided in Part IX of this policy.

D. Information We May Obtain from Third Parties

In some circumstances, and only with your explicit authorization, we may obtain personal information about you from third-party sources to supplement the information you provide. This is typically done to complete a specific service you have requested. Examples include:

  • Obtaining consumer credit reports from credit bureaus.
  • Receiving information from other financial institutions, legal counsel, or investment advisors as directed by you.

Part III: How and Why We Use Your Information (Legal Basis for Processing)

We collect and process your personal information only for specific, explicit, and legitimate purposes. We are committed to the principles of purpose limitation and data minimization, meaning we only collect information that is reasonably necessary and proportionate to achieve the stated purpose, and we do not use it for purposes incompatible with those disclosed to you. Every use of your personal data is justified by a valid legal basis.

  • To Provide and Manage Our Services: The primary use of your personal and financial information is to fulfill our contractual obligations to you. This includes preparing tax returns, performing audits and attest services, providing bookkeeping and payroll services, offering financial planning and advisory services, and managing your client account and documents through our portal. For example, we use Social Security Numbers and financial account details as required by tax authorities to prepare and file your tax returns. The legal basis for this processing is the performance of a contract with you and compliance with our legal obligations.
  • To Communicate With You: We use your contact information to respond to your inquiries, provide updates on the status of your projects, send important service-related notices, and deliver automated reminders for deadlines or document requests. This is necessary for the performance of our contract and for our legitimate interest in maintaining effective client communication.
  • For Marketing and Business Development: With your consent or where a pre-existing business relationship exists, we may use your contact information to send you firm newsletters, invitations to events, or information about new or existing services that we believe may be of interest to you. You have the right to opt out of these communications at any time, as described in Part VII. The legal basis for this is your consent or our legitimate interest in growing our business.
  • To Operate and Improve Our Website: We use automatically collected data for website analytics to understand how visitors use our site, which allows us to improve its functionality, content, and user experience. We also use this data for security purposes, such as monitoring for and protecting against malicious activity. The legal basis is our legitimate interest in maintaining a secure and effective online presence.
  • To Comply with Legal and Professional Obligations: We are subject to various legal, regulatory, and professional obligations that may require us to use and retain your personal information. This includes responding to lawful requests such as subpoenas or court orders, cooperating with government and regulatory bodies (e.g., the Internal Revenue Service, the Securities and Exchange Commission, the Public Company Accounting Oversight Board), and complying with professional standards of conduct.

Part IV: How We Share and Disclose Your Information

Our firm maintains a strict policy of confidentiality. We do not sell your personal information to third parties for their marketing purposes, nor do we share it except in the limited and necessary circumstances described below.

  • Service Providers and Contractors: We engage third-party companies and individuals to perform essential functions on our behalf. These may include providers of secure cloud hosting, IT infrastructure and support, practice management software, payment processing, and data backup services. These service providers are granted access to personal information only to the extent necessary to perform their designated functions. They are bound by strict contractual obligations to maintain the confidentiality and security of the data and are prohibited from using it for any other purpose. This practice is a key component of our compliance with the GLBA Safeguards Rule, which holds us responsible for overseeing the security practices of our vendors.
  • As Required by Law or for Legal Protection: We may be required to disclose your personal information to comply with applicable laws, regulations, or valid legal processes, such as a subpoena, court order, or government request. We may also disclose information when we believe it is necessary to establish, exercise, or defend our legal rights, or to protect the rights, property, or safety of our firm, our clients, or others.
  • With Your Explicit Consent: We will only share your personal information with other parties at your specific direction and with your written consent. For example, we may share information with your attorney, investment advisor, or mortgage broker upon receiving your explicit authorization to do so.
  • Business Transfers: In the event of a merger, acquisition, divestiture, or sale of all or a portion of our firm’s assets, your personal information may be transferred to the acquiring entity as part of the transaction. The successor entity would be bound by the commitments made in this Privacy Policy.

Part V: Data Security: Our Commitment to Protecting Your Information

We are dedicated to protecting the security, confidentiality, and integrity of your personal information. To this end, we have developed, implemented, and maintain a comprehensive Written Information Security Program (WISP) that contains administrative, technical, and physical safeguards. This program is designed to be appropriate for the size and complexity of our firm, the nature of our activities, and the sensitivity of the client information we handle, as required by the Federal Trade Commission’s (FTC) Safeguards Rule under the Gramm-Leach-Bliley Act.

Our WISP is the internal framework that governs our security practices, and this Privacy Policy serves as a public attestation to that program. Our security measures include, but are not limited to, the following:

  • Encryption: We use encryption to protect your sensitive personal information both “in transit” (as it travels over the internet) and “at rest” (while it is stored on our systems and servers).
  • Access Controls: Access to personal information is strictly limited to authorized personnel who have a legitimate business need to access it (the “principle of least privilege”). We regularly review these access rights to ensure they remain appropriate.
  • Authentication: We implement multi-factor authentication (MFA) for access to all systems containing sensitive client information. MFA adds a critical layer of security beyond just a password, requiring at least two forms of verification to gain access.
  • Physical Security: We maintain physical security measures to protect our premises and the physical documents and devices stored therein. This includes secure, locked storage for sensitive paper records and access controls for our offices.
  • Employee Training: All of our employees and partners receive regular, mandatory training on data security, privacy principles, and their obligations under our WISP and applicable laws. This training includes awareness of emerging threats like phishing and social engineering.
  • Vendor Management: We conduct due diligence on our third-party service providers to ensure they can maintain appropriate safeguards for the information they handle on our behalf, as mandated by the Safeguards Rule.

Part VI: Data Retention and Disposal

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or professional reporting requirements.

The specific retention periods for your information are determined by our internal data retention schedule, which is based on a complex set of factors. These include regulations from the IRS, which may require us to keep tax-related records for three to six years or longer, and professional standards that often recommend retaining engagement files for seven years or more to defend against potential claims. Certain business ownership records, such as formation documents, must be retained permanently.

This legal obligation to retain records for extended periods creates a necessary exception to certain data deletion rights, as further explained in Part VIII. When personal information is no longer required for its original purpose or for a legally mandated retention period, we securely destroy it in accordance with our WISP and secure disposal policies.

Part VII: Your Privacy Rights and Choices

We are committed to ensuring you have control over your personal information. All clients and users of our website have the following rights and choices:

  • Access and Correction: You have the right to review the personal information we maintain about you and to request that we correct any inaccuracies. We will make commercially reasonable efforts to ensure your information is accurate and up-to-date.
  • Communication Preferences: You have the right to opt out of receiving promotional or marketing communications from us at any time. You can exercise this right by clicking the “unsubscribe” link provided in our marketing emails or by contacting us directly using the information in Part XIII. Please note that even if you opt out of marketing messages, we will continue to send you essential service-related communications regarding your account and our ongoing work for you.
  • Gramm-Leach-Bliley Act (GLBA) Opt-Out Right: Under the GLBA, you have the right to opt out of having your nonpublic personal information (NPI) shared with certain non-affiliated third parties. However, this right is subject to numerous exceptions under the law, including sharing with service providers who assist us in our business operations, sharing for joint marketing with other financial institutions (with whom we have a contractual agreement), and sharing as required or permitted by law (e.g., for legal process or fraud prevention). Our firm’s information sharing practices, as described in Part IV, fall entirely within these legal exceptions. Therefore, as we do not share your NPI in a manner that would trigger the opt-out right, there is no need for you to opt out.

Part VIII: State-Specific Privacy Rights (Addendum)

A. For Residents of California

This section supplements the information in our Privacy Policy and applies solely to residents of California. We provide this notice to comply with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA).

Exemption for Information Governed by the Gramm-Leach-Bliley Act (GLBA): It is important to understand that much of the data we collect and process in the course of providing financial and tax services is considered “nonpublic personal information” and is governed by the federal GLBA. The CCPA provides a specific exemption for personal information that is “collected, processed, sold, or disclosed pursuant to” the GLBA. Therefore, the CCPA rights described below may not apply to your financial information that is subject to the GLBA. These rights do apply to any of your personal information that is not covered by the GLBA exemption, such as information collected for marketing purposes or through general use of our public website.

For your non-GLBA covered personal information, you have the following rights:

  • The Right to Know and Access: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purposes for collecting or sharing it, and the categories of third parties with whom we have shared it.
  • The Right to Delete: You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions. As noted in Part VI, we may deny your deletion request if retaining the information is necessary for us to comply with our legal and professional record-keeping obligations.
  • The Right to Correct: You have the right to request the correction of inaccurate personal information that we maintain about you.
  • The Right to Opt-Out of Sale or Sharing: We do not “sell” your personal information as that term is traditionally understood. Under the CCPA, “sharing” refers to disclosing personal information for cross-context behavioral advertising. We do not engage in such sharing. You may visit our “Do Not Sell or Share My Personal Information” page for more information.
  • The Right to Limit Use of Sensitive Personal Information (SPI): You have the right to direct us to limit our use and disclosure of your SPI to only that which is necessary to perform the Services or for other permitted purposes under the law. You may visit our “Limit the Use of My Sensitive Personal Information” page to exercise this right.
  • The Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge you different prices, or provide you a different level or quality of services for exercising your rights.

Part IX: Cookies and Tracking Technologies

Our website uses “cookies” and similar tracking technologies to enhance your browsing experience, analyze site traffic, and ensure the security of our platform. Cookies are small text files placed on your device. We use different types of cookies:

  • Essential Cookies: These are necessary for the website to function properly, such as for security and user authentication in our client portal.
  • Analytics Cookies: These help us understand how visitors interact with our website by collecting information anonymously. This allows us to improve our site’s performance and content.

You can control and manage cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our website and your ability to use certain features, such as the client portal. For more information, please see our separate Cookie Policy [Link to Cookie Policy].

Part X: Children’s Privacy

Our Services and website are not directed to or intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected such information, we will take steps to delete it as soon as possible.

Part XI: International Data Transfers

Our firm is based in the United States, and our servers and primary data processing facilities are located in the U.S. If you are accessing our Services from outside the U.S., please be aware that your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

For any transfers of personal data from jurisdictions such as the European Union or the United Kingdom, we will take appropriate measures to ensure that your personal information receives an adequate level of protection. This may include entering into Standard Contractual Clauses (SCCs) as approved by relevant authorities or relying on your explicit consent for the transfer. By providing us with your personal data, you consent to this transfer, storage, and processing.

Part XII: Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy and, where required by law, by providing more prominent notice (such as by posting a notice on our website or sending you a direct notification). We encourage you to review this policy periodically to stay informed about our data protection practices.

Part XIII: How to Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, or if you wish to exercise any of your privacy rights, please contact us. The GLBA Safeguards Rule requires us to designate a qualified individual to oversee our information security program, and this individual or their team is responsible for addressing your inquiries.

You can reach us via:

  • Email: contact@gsdaccountants.com
  • Toll-Free Telephone: 559-475-8887
  • Postal Mail: Attn: Privacy Officer, 755 E Nees Ave, #27961, Fresno, CA 93729