Privacy Policy
Effective Date: [01/01/2023]
1. Introduction Your privacy is important to us. This Privacy Policy explains how Set Apart CPAs Consulting & Advisory collects, uses, discloses, and safeguards your personal information. By using our services, you consent to the data practices described in this policy.
2. Information We Collect We may collect personal information that you provide to us, including but not limited to:
Contact Information: Name, address, email, phone number.
Financial Information: Tax documents, bank account details, income details, credit information.
Identification Information: Social Security Number, EIN, TIN, driver's license numbers.
Other Personal Information: Any other data you provide in the course of our services.
3. How We Use Your Information We use the information we collect for various purposes, including to:
Provide accounting, tax preparation, and advisory services.
Communicate with you about your account and our services.
Prepare and file tax returns.
Maintain and improve our services.
Comply with legal and regulatory obligations.
4. Sharing Your Information We do not sell or rent your personal information to third parties. We may share your information with:
Service Providers: Third parties who assist us in delivering services, such as IT providers or cloud storage services, under strict confidentiality agreements.
Legal Compliance: Governmental authorities or law enforcement if required by law.
Professional Advisers: Accountants, auditors, lawyers, and other professional advisers who are bound to confidentiality.
5. Data Security We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
6. Retention of Your Information We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, or for other legitimate business purposes.
7. Your Rights You have the right to:
Access and request a copy of your personal information.
Request correction of any inaccuracies in your personal information.
Request deletion of your personal information, subject to legal and regulatory requirements.
Withdraw your consent to the use of your personal information, where applicable.
8. Changes to This Privacy Policy We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically to stay informed about how we are protecting your information.
9. Contact Us If you have any questions about this Privacy Policy or our data practices, please contact us at:
Set Apart CPAs
Phone: 423-689-CPAs
PCI Compliance Policy
Effective Date: 01/01/2023
1. Introduction Set Apart CPA is committed to protecting the privacy and security of our clients' payment card information. This PCI Compliance Policy outlines the measures we take to ensure compliance with the Payment Card Industry Data Security Standards (PCI DSS).
2. Scope This policy applies to all employees, contractors, and third parties who handle, process, store, or transmit payment card information on behalf of Set Apart CPAs Consulting & Advisory.
3. Payment Card Information Handling To protect payment card information, we follow these guidelines:
Limit Data Storage: We do not store cardholder data unless absolutely necessary and only for as long as required for business or legal purposes.
Data Masking: When payment card information must be displayed, only the first six and last four digits of the card number are shown.
Secure Storage: All cardholder data is stored in a secure environment with strong encryption and access controls.
Prohibited Data Storage: We do not store sensitive authentication data, such as the full magnetic stripe data, CVV codes, or PIN numbers, after authorization.
4. Access Control Access to payment card information is restricted to authorized personnel only:
Role-Based Access: Access is granted based on job responsibilities and is regularly reviewed to ensure it is still necessary.
User Authentication: Strong passwords and two-factor authentication are required for systems accessing cardholder data.
Physical Security: Any physical records containing payment card information are kept in a secure, access-controlled environment.
5. Data Transmission Security We use secure methods to transmit payment card information:
Encryption: All cardholder data transmitted over networks must be encrypted using strong cryptography.
Secure Channels: Payment card information is only transmitted over secure, trusted channels (e.g., HTTPS, VPNs).
6. Network Security To protect our network and systems from unauthorized access, we implement the following controls:
Firewalls: We use firewalls to protect our internal network from unauthorized access.
Antivirus/Antimalware: Regularly updated antivirus and antimalware software is installed on all systems handling cardholder data.
System Monitoring: We continuously monitor our systems for suspicious activity and implement intrusion detection/prevention systems (IDS/IPS).
7. Regular Audits and Vulnerability Assessments We conduct regular audits and assessments to ensure ongoing compliance with PCI DSS:
Self-Assessments: We perform internal self-assessments and maintain a record of our compliance efforts.
External Audits: Where applicable, we engage with external auditors to verify our PCI compliance.
Vulnerability Scans: Regular vulnerability scans are performed on all systems that process or store cardholder data.
8. Incident Response Plan In the event of a data breach involving payment card information, we have an incident response plan in place:
Immediate Actions: We will immediately contain the breach, notify affected parties, and preserve evidence for investigation.
Reporting: We will report the breach to the appropriate regulatory bodies and payment card brands as required by law.
Remediation: We will take steps to prevent future breaches, including patching vulnerabilities and updating security measures.
9. Employee Training and Awareness All employees handling payment card information receive training on PCI compliance:
Initial Training: New employees receive PCI compliance training during onboarding.
Ongoing Training: Employees are required to complete annual refresher training on PCI DSS requirements.
10. Third-Party Service Providers When engaging third-party service providers who may have access to payment card information, we ensure they are PCI compliant:
Due Diligence: We perform due diligence on all third-party service providers before engagement.
Contractual Obligations: We include PCI compliance requirements in all contracts with third-party service providers.
11. Policy Review This policy is reviewed and updated annually or as needed to ensure it reflects current PCI DSS requirements and our business practices.
We are a Certified Public Accounting Firm that provides Tax Preparation, Accounting Services, Consulting & Advisory Services.