Privacy policy (Short Form)

---

1. Introduction

Hellman & Associates, LLC d/b/a Tax Prep Tech (“the Firm,” “EA,” “we,” “our”) is committed to protecting

the privacy and confidentiality of our clients’ personal and financial information. This Privacy Policy describes the types of information we collect, how we use and protect that information, and your rights regarding your data. It applies to all clients and former clients of the Firm.

This policy is maintained in compliance with the Gramm-Leach-Bliley Act (GLBA), the FTC Safeguards Rule (16 CFR Part 314), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and IRS Publication 4557.

2. Information We Collect

In the course of providing tax preparation, bookkeeping, advisory, and related professional services, we collect nonpublic personal information from the following sources:

• Information you provide directly on applications, tax organizers, worksheets, engagement agreements, authorization forms, and other documents.
• Information about your transactions with us, our affiliates, or others, including payment history and service records.
• Information we receive from consumer-reporting agencies.
• Information we receive from third parties, such as other tax return preparers, financial institutions, employers, or government agencies, in connection with the preparation of your tax return.
• Information generated or derived in the course of preparing your tax return, including work product, analysis, and correspondence.

The categories of personal information we collect may include: names, addresses, Social Security numbers, employer identification numbers, dates of birth, bank account and routing numbers, income and financial data, employment information, investment and brokerage data, tax filing history, and other information relevant to the services we provide.

3. How We Use Your Information

We use your personal information for the following purposes:

• Preparing and filing your tax returns and related documents.
• Providing bookkeeping, advisory, payroll, and consulting services.
• Communicating with you about your engagement, deadlines, and deliverables.
• Researching tax positions, analyzing financial data, and drafting correspondence on your behalf.
• Processing payments and managing billing.
• Complying with legal and regulatory requirements.
• Technology-assisted processing: With your written consent (obtained through our Taxpayer Consent to Use Tax Return Information form), we may use artificial intelligence tools and technology-assisted systems to support tax research, analysis, return review, and document preparation. Our current AI service providers are identified in the consent form. We employ data minimization practices and remove directly identifying information where practicable before transmitting data to AI providers. See §19 of your engagement agreement for additional details.

4. How We Protect Your Information

We maintain physical, electronic, and procedural safeguards that comply with federal and state regulations to guard your nonpublic personal information. These safeguards are described in detail in our Written Information Security Plan (WISP) and include:

• Encryption of data at rest and in transit.
• Multi-factor authentication on all systems where available.
• Secure document exchange exclusively through our encrypted client portal.
• Anti-virus and anti-malware protection on all firm devices.
• Regular security monitoring, log reviews, and vulnerability assessments.
• A three-tier data classification system (Confidential, Sensitive, General) that governs how different categories of information are handled, stored, and transmitted.

We are a fully virtual office. For the protection of your information, all documents must be submitted through our client portal. We do not accept tax documents by email, text message, or regular mail. We do not download email attachments or open links from unknown sources.

5. Disclosure of Your Information

We do not disclose nonpublic personal information about our clients or former clients to anyone, except as permitted or required by law.

We restrict access to your nonpublic personal information to those members of our firm who need to know that information to provide services to you. Permitted disclosures include:

• Disclosures to the IRS, state tax authorities, and other government agencies as required for the preparation and filing of your tax returns.
• Disclosures to other tax return preparers who assist in the preparation process, with your consent.
• Disclosures to third-party technology providers (including AI service providers) as described in Section 3 above, with your written consent under IRC §7216.
• Disclosures required by summons, subpoena, court order, or other legal process.
• Disclosures for quality or peer review as permitted by Treas. Reg. §301.7216-2.

We do not sell your personal information. Please review our Consent for Disclosure and Taxpayer Consent to Use Tax Return Information (TIGTA Consent Form) forms for additional details regarding authorized disclosures.

6. Data Retention and Destruction

We retain client work product and records in accordance with our Document Retention Policy. Tax returns and workpapers are retained for seven (7) years from the date of completion. After the retention period expires, all documents—including paper files, electronic files, and data stored in cloud platforms—are securely destroyed without further notice.

Documents shared through the client portal are available for the duration of the current tax year only. After that period, documents may be removed from the portal. We strongly encourage you to download and retain your own copies of all documents. For additional details, see §14 of your engagement agreement and our Document Retention Policy.

7. Your Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it was collected, and the categories of third parties with whom it has been shared.
• Right to Delete: You may request that we delete your personal information. This right is subject to our obligation to retain records under federal and state law, including IRS record-keeping requirements, the FTC Safeguards Rule, and applicable statutes of limitations. Personal information collected in connection with our financial services is also substantially exempt from CCPA/CPRA deletion rights under the Gramm-Leach-Bliley Act (Cal. Civ. Code §1798.145(e)). Data subject to a retention obligation will be securely destroyed when the applicable retention period expires per our Document Retention Policy. 
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt Out of Sale: We do not sell your personal information. No opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, please contact us in writing. We will respond to verifiable requests within 45 days.

8. Data Breach Notification

In the event of a data breach involving your personal information, we will notify you in accordance with applicable federal and state law, including Cal. Civ. Code §1798.82. Our Incident Response Plan governs our breach detection, containment, and notification procedures. Notifications will be made as promptly as practicable, consistent with the needs of law enforcement and any measures necessary to determine the scope of the breach.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or

applicable law. The effective date at the top of this document indicates the date of the most recent revision.

Material changes will be communicated to active clients.