Information Security Policy

Effective Date: Jan 15th , 2026
This Information Security Policy describes our baseline safeguards for client information.

1. Security Principles

We aim to protect confidentiality, integrity, and availability of client data through reasonable safeguards aligned with small business best practices for professional services firms.

2. Secure Systems & Access Controls

• Role-based access: only authorized personnel may access client data.

• Strong authentication and password standards; multi-factor authentication where available.

• Least-privilege access for systems and file storage.

• Account access is removed promptly when team roles change.

3. Secure Document Handling

• We require clients to use our secure upload portal for sensitive documents whenever possible.

• We discourage sending Social Security numbers and full tax documents via unencrypted email.

• We store documents in controlled-access systems and follow standard document management practices.

4. Payment Security (Stripe)

• Payments are processed by Stripe.

• We do not store full payment card numbers on our website or internal systems when processed through Stripe-hosted checkout/payment elements.

5. Monitoring & Incident Response

• We maintain logs where available and monitor for suspicious access attempts.

• If we suspect unauthorized access affecting sensitive data, we will investigate and take reasonable steps to contain and remediate.

• Where required by law, we will provide notifications to impacted individuals and/or regulators.

6. Data Retention & Disposal

• We retain client records according to operational and legal/professional requirements.

• When disposal is appropriate, we use secure deletion methods and controlled destruction practices.

7. Client Responsibilities

You agree to:

• Keep your portal credentials confidential.

• Use secure networks/devices when uploading sensitive documents.

• Notify us promptly if you suspect your account has been compromised.