Privacy policy

This policy applies to Finrose, Inc. ("Finrose," "we") and covers our website at finrose.co, inquiries received through that site, and the work we perform for engaged clients. For engaged clients, this policy operates alongside the confidentiality provisions in the relevant engagement letter; where the engagement letter addresses a matter more specifically, that letter controls.

1. Information we collect

Information you provide. When you submit the contact form, book an intro call, or engage us for services, you may share your name, email address, company, role, phone number, and the content of any messages you send. Engaged clients share additional information required to perform accounting, finance, and payroll & tax work, including company financial records, bank and credit-card transactions, payroll data, tax filings, vendor and customer records, and identifying information for owners, officers, and employees as needed to meet professional and regulatory obligations.

Information collected automatically. When you visit our website we log basic request information (IP address, browser and device type, pages viewed, timestamps) to operate the site and to monitor for abuse. We do not use third-party advertising or behavioral-tracking cookies.

Information from client integrations. Engaged clients grant us access to systems such as QuickBooks, bank feeds, payroll providers, and billing platforms. We use that data solely to perform the services contracted for.

2. How we use information

We use the information we collect to:

• Respond to inquiries and prepare proposals.
• Deliver the accounting, finance, and payroll & tax services our clients have engaged us for.
• Communicate with clients about their engagements, including periodic reviews and required compliance matters.
• Maintain the financial records, working papers, and supporting documentation we are required to keep under applicable professional and regulatory standards.
• Operate, secure, and improve our website and internal systems.
• Comply with applicable laws and respond to lawful requests from authorities.

We do not sell personal information, and we do not use client data for advertising or for training commercial models.

3. Confidentiality and professional standards

Client information is treated as confidential and is accessible only to members of the Finrose team and authorized subprocessors who need it to perform their work. Our confidentiality obligations are described in each client's engagement letter and are consistent with the standards expected of professional accounting firms.

4. Sharing and disclosure

We share information only in limited circumstances:

• With service providers and subprocessors who support our operations, for example secure document exchange, practice management, email delivery, and cloud hosting. Each is bound by contractual confidentiality and data-security obligations.
• With client-directed recipients such as a client's bank, payroll provider, investors, lenders, auditors, or legal and tax counsel, acting on the client's instructions.
• With government authorities when required by law (for example, in responding to lawful subpoenas or tax-authority requests).
• In a corporate transaction, such as a merger, acquisition, or financing, where information transfers to a successor entity subject to the protections of this policy.

We do not sell, rent, or trade personal information to third parties.

5. Data security

Finrose operates on bank-grade encryption in transit and at rest, role-based access controls, multi-factor authentication on internal systems, and a SOC 2-aligned controls program reviewed at least annually. We use vetted tools and bank-direct feeds, and we do not retain long-lived credentials to client bank or tax authority accounts in any shared location. No system is perfectly secure; if you believe your information has been misused, please contact us immediately at security@finrose.co.

6. Data retention

Client financial records, working papers, and supporting documentation are retained for the periods required by applicable professional and tax standards, typically seven years, and longer where an open matter requires it or where a client directs continued retention. Inquiry information submitted via our website is retained for as long as it remains reasonably useful and is then deleted.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict the processing of personal information, and to receive a portable copy of that information. You may also object to certain processing or withdraw consent where processing is based on consent. To exercise any of these rights, contact us at privacy@finrose.co. We will respond within the timelines required by applicable law.

California residents have additional rights under the CCPA and CPRA, including the right to know what categories of personal information we collect and the sources, purposes, and recipients of that information. The descriptions above are provided to meet that requirement.

8. Children's privacy

Our services are directed to businesses and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

9. International users

Finrose is based in the United States and operates primarily for US-based businesses. Information collected through our website or during an engagement is stored and processed in the United States.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the website and, for existing clients, through engagement communications. The effective date above reflects the most recent version.

11. Contact

For privacy questions, requests, or complaints:

Finrose, Inc.
Attn: Privacy
privacy@finrose.co