CPA Tax Services

Privacy Policy

Last updated: April 7, 2026

CPA Tax Services ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website and services.

1. Information We Collect

Personal Information: Name, email address, phone number, mailing address, Social Security Number (SSN), Employer Identification Number (EIN), date of birth, occupation, and filing status.

Financial Information: Income details, tax documents (W-2s, 1099s, etc.), bank account information (for direct deposit), investment records, cryptocurrency transaction history, foreign bank account details, and other financial data necessary for tax preparation.

Technical Information: IP address, browser type, device information, pages visited, and cookies for site functionality and analytics.

Communications: Messages sent through our secure portal, emails, and any other correspondence with our firm.

2. How We Use Your Information

  • To prepare, review, and file your federal and state tax returns with the IRS and applicable state agencies
  • To comply with FBAR (FinCEN 114), FATCA (Form 8938), and other foreign reporting requirements
  • To communicate with you about your case, provide quotes, and deliver completed documents
  • To process payments through our secure payment processor (Stripe)
  • To improve our services and website functionality
  • To comply with legal obligations and professional standards (AICPA, state CPA board requirements)
  • To assist with AI-powered document analysis (see Section 6)

3. Data Security

We implement industry-standard security measures to protect your personal and financial information:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256-GCM) in our cloud infrastructure
  • Sensitive PII: Social Security Numbers, EINs, bank account numbers, and routing numbers are encrypted with AES-256-GCM before storage and are never stored in plain text
  • Access Control: Only your assigned CPA and authorized firm personnel have access to your case data
  • Cloud Infrastructure: Data is stored in Google Cloud / Firebase with enterprise-grade security, SOC 2 compliance, and geographic redundancy
  • Payment Processing: Credit card information is processed by Stripe and never stored on our servers. Stripe is PCI DSS Level 1 certified

4. CPA-Client Privilege

Communications between you and your CPA are protected by CPA-client privilege under applicable federal and state law (IRC §7525). This privilege applies to tax advice communications and is similar to attorney-client privilege. We will not disclose privileged communications except as required by law or with your written consent.

5. Information Sharing

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

  • IRS and Tax Authorities: As necessary to file your tax returns and comply with legal obligations
  • Payment Processor: Stripe processes your payments; they receive only the information necessary to process transactions
  • Cloud Service Providers: Google Cloud/Firebase for secure data storage (data is encrypted)
  • Legal Requirements: When required by law, subpoena, court order, or government regulation
  • Professional Obligations: As required by AICPA standards, state CPA board regulations, or IRS Circular 230

6. AI-Powered Document Analysis

We use artificial intelligence (Google Gemini) to assist with document analysis and tax form preparation. Important disclosures:

  • AI analysis is used as a tool to assist your CPA — all AI-generated results are reviewed and verified by a licensed CPA before filing
  • PII Protection: Sensitive personally identifiable information (SSN, EIN, bank account numbers, routing numbers, addresses, dates of birth) is NEVER sent to the AI service. These values are redacted before AI processing and injected directly into forms only after AI analysis is complete
  • Non-sensitive information (names, income amounts, filing status, occupation) may be sent to Google Gemini for analysis purposes
  • AI-generated tax forms are drafts for CPA review only and are not filed with the IRS without CPA verification

7. Data Retention

We retain your tax records and case data for a minimum of seven (7) years from the date of filing, as recommended by the IRS and required by professional standards. After the retention period, data may be securely deleted upon your written request.

8. Your Rights

You have the right to:

  • Access your personal information stored in our systems
  • Request correction of inaccurate information
  • Request deletion of your data (subject to legal retention requirements)
  • Receive a copy of your tax documents and case files
  • Withdraw consent for non-essential data processing
  • File a complaint with applicable regulatory authorities

9. Cookies

We use essential cookies for authentication and site functionality. We do not use third-party advertising cookies. Analytics cookies may be used to improve our services.

10. International Data Transfers

If you are located outside the United States (including South Korea), your data will be transferred to and processed in the United States where our servers and CPA are located. By using our services, you consent to this transfer.

11. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: contact@example.com