Your Data, Protected

We take data security seriously. Here is how we protect your financial information.

WISP Maintained

We maintain a Written Information Security Policy (WISP) that outlines our data protection procedures and protocols.

US-Only Data Handling

Your financial data never leaves the United States. All team members and subcontractors are US-based.

No Offshore Labor

We do not outsource any bookkeeping, tax prep, or data entry to offshore teams. Your data stays domestic.

SOC-2 Aligned Vendors

We only use vendors (QuickBooks, TaxDome, etc.) that meet or exceed SOC-2 security standards.

Access Controls

Role-based access controls ensure team members only see the data they need for their role.

Client Rights (CCPA-Style)

You have the right to access, correct, or delete your data. We respect your privacy and comply with California-style data rights.

Data Retention Policy

We retain your data according to IRS requirements and industry best practices:

  • Financial records: 7 years (IRS requirement)
  • Tax returns: Permanent
  • Communication logs: 3 years
  • Bank statements: 7 years
  • Invoices and receipts: 7 years

You may request deletion of your data at any time, subject to legal retention requirements.

Our Trusted Vendors

We carefully vet all technology vendors to ensure they meet our security standards:

QuickBooks Online

SOC-2 Type II certified; GDPR and CCPA compliant

TaxDome / Canopy

Secure client portal with bank-level encryption

Email

TLS encryption for all email communication

Document Storage

Encrypted at rest and in transit (AES-256)

Questions About Our Security?

We are happy to discuss our security practices in detail. If you have specific compliance or security requirements, let us know.

Contact us with security questions →