Look, we get it - privacy policies can be dull as dishwater. But when you're trusting us with your financial data, you deserve to know exactly how we're handling it. So grab a coffee, and let's walk through this together.
At Valorynth Frontier Accounting, we're all about transparency - not just in financial reporting, but in how we handle your personal and business information too. This policy spells out what data we collect, why we need it, and how we keep it safe.
We're based in Vancouver, BC, and we follow all Canadian privacy laws, including PIPEDA (Personal Information Protection and Electronic Documents Act). If you're outside Canada, we've got you covered there too.
By using our services or website, you're agreeing to the terms laid out here. If something doesn't sit right with you, please reach out - we're happy to chat about your concerns.
When you work with us, we'll typically collect things like your name, email, phone number, business address, and payment details. Pretty standard stuff for any accounting relationship.
This is where it gets more detailed - bank statements, tax returns, revenue figures, expense records, payroll data. Basically everything we need to do our job right and keep your startup's finances on track.
We collect info about your company too - incorporation documents, shareholder details, board resolutions, funding history. Especially important when we're helping with SR&ED claims or fundraising support.
Our website collects some technical bits - IP addresses, browser types, device info, pages you visit. Nothing creepy, just standard analytics to help us improve the user experience.
Emails, phone calls, meeting notes - we keep records of our conversations so we can provide consistent service and refer back when needed. Plus, it's good practice from a compliance standpoint.
We're not in the business of selling data or doing anything sketchy. Here's what we actually do with your info:
We won't use your data for marketing purposes without your explicit consent. If you're on our mailing list, it's because you signed up or agreed to it.
Security isn't just a checkbox for us - it's fundamental to everything we do. Here's how we keep your data locked down:
All data in transit uses TLS encryption (that's the padlock you see in your browser). Data at rest is encrypted using industry-standard AES-256 encryption. Translation: your data's scrambled when it travels and when it sits on our servers.
We use enterprise-grade cloud platforms with SOC 2 Type II certification. Our cloud bookkeeping tools have multiple security layers, regular penetration testing, and 24/7 monitoring.
Not everyone on our team can see everything. We use role-based access controls, multi-factor authentication, and regular access reviews. Your data is only accessible to the folks who need it to do their jobs.
We maintain encrypted backups in geographically separate locations. If something goes sideways, we can restore your data quickly.
Our team gets regular training on privacy and security. They sign confidentiality agreements and understand the seriousness of protecting client data.
Real talk: No system is 100% hack-proof. But we do everything reasonable (and then some) to protect your information. If there's ever a breach, we'll notify you promptly as required by law.
We're pretty protective of your data, but there are times when sharing is necessary or required:
CRA (Canada Revenue Agency), provincial tax authorities, and other regulators when filing your taxes or responding to audits. This isn't optional - it's required by law.
Cloud hosting providers, software platforms (like our bookkeeping tools), payment processors. These folks sign agreements to protect your data and can only use it for the specific services they provide to us.
Sometimes we work with lawyers, auditors, or other specialists on your behalf. They're bound by their own professional confidentiality rules.
If you ask us to share info with your investors, lenders, or other parties, we will - but only with your explicit okay.
Court orders, subpoenas, or other legal processes. We'll notify you if legally permitted to do so.
If we ever sell the business or merge with another firm (not in the plans, but you never know), your info would transfer as part of that. Any new owner would still be bound by this privacy policy.
Our website uses cookies - small text files stored on your device. Nothing sinister, just standard web stuff:
These keep the site working - maintaining your session, remembering your preferences, basic security functions. You can't really turn these off without breaking the site.
We use tools like Google Analytics to understand how people use our site - what pages they visit, where they bounce, how long they stick around. This helps us improve the user experience. The data is aggregated and anonymized.
Most browsers let you block or delete cookies. Check your browser settings if you want to manage this. Just know that blocking cookies might make some parts of the site not work properly.
Note: We don't use advertising cookies or tracking pixels for ad retargeting. We're not following you around the internet with ads - that's not our style.
Under Canadian privacy law (and various international regulations if you're outside Canada), you've got some solid rights when it comes to your personal info:
You can ask to see what personal information we have about you. We'll provide it in a readable format within 30 days (usually faster).
If something's wrong or outdated, let us know and we'll fix it. Actually, please do - accurate data is crucial for good accounting.
You can ask us to delete your personal info. We'll comply unless we're legally required to keep it (like tax records - those have mandatory retention periods).
If you gave consent for something (like marketing emails), you can withdraw it anytime. There's an unsubscribe link in every marketing email we send.
Want to take your data elsewhere? We'll provide it in a structured, machine-readable format where feasible.
If you think we've mishandled your data, you can complain to us directly or to the Office of the Privacy Commissioner of Canada.
To exercise any of these rights, just email us at info@valorynthfrontier.info or call (604) 789-3421. We'll verify your identity and handle your request promptly.
We don't keep data forever (though sometimes it feels like financial records pile up that way). Here's our approach:
Tax returns and supporting documents: minimum 6 years from the end of the last tax year they relate to (that's CRA's requirement). For SR&ED claims, sometimes longer due to potential audits.
Generally 7 years, which exceeds the legal minimum and gives us room for any disputes or audits that pop up late.
Emails and meeting notes: typically 3 years after the engagement ends, unless related to specific transactions that have longer retention requirements.
If you're on our mailing list but not a client, we'll keep your contact info until you unsubscribe or the data becomes stale (usually 3 years of inactivity).
Usually retained for 26 months, then automatically deleted.
When the retention period expires, we securely delete or anonymize your data. "Securely delete" means it's not just sitting in a recycling bin - we use data destruction protocols that make recovery impossible.
We're based in Canada, but the internet doesn't respect borders. Here's the deal with international data stuff:
Some of our cloud platforms have servers in the US or other countries. We choose providers that comply with international privacy frameworks and have strong security practices. Your data might physically sit on servers outside Canada, but it's still protected by contractual safeguards.
If you're a startup doing business internationally, we might need to share info with tax authorities or service providers in other countries. That's just part of handling cross-border tax compliance - one of our specialties.
When data goes outside Canada, we use standard contractual clauses and ensure the receiving party provides adequate protection. If you're in the EU or UK, we comply with GDPR requirements for international transfers.
Bottom line: we're mindful about where your data goes and make sure it's protected no matter where it lands.
Our services aren't directed at children under 16. We don't knowingly collect personal information from minors without parental consent.
If you're a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We'll delete it from our systems.
Realistically, kids aren't usually setting up startup accounting services or filing SR&ED claims. But we include this section to be thorough and compliant with privacy regulations.
Privacy laws evolve, our practices improve, and technology changes. So yeah, this policy might get updated from time to time.
When we make changes, we'll update the "Last Updated" date at the top. For significant changes that materially affect your rights, we'll notify you directly via email or through a prominent notice on our website.
We encourage you to review this policy periodically. Continuing to use our services after changes means you accept the updated policy.
We won't make retroactive changes that reduce your rights without your explicit consent - that'd be shady, and we don't roll like that.