Privacy Policy

This Privacy Policy describes how Eiduk Tax & Wealth ("we," "us," "our," or "the Firm") collects, uses, shares, and protects personal and financial information about our clients, prospective clients, and visitors to our websites. As a CPA and CFP® practice, we handle highly sensitive tax, financial, and personal data, and we take that responsibility seriously.

1. Who We Are

Eiduk Tax & Wealth is a professional tax advisory and wealth management practice operated by John Eiduk, CPA, CFP®. We serve individuals, S-Corporation owners, partnerships, LLCs, sole proprietors, trusts, and other entities with tax planning, tax preparation, advisory, and accounting services.

As a CPA firm, we are bound by the American Institute of Certified Public Accountants (AICPA) Code of Professional Conduct, including strict confidentiality requirements under Rule 1.700 and federal tax preparer confidentiality rules under IRC Section 7216. As a CFP® practitioner, we are additionally bound by the CFP Board's Code of Ethics and Standards of Conduct.

2. Scope of This Policy

This Privacy Policy applies to:

• Our websites: eiduktaxandwealth.com, app.eiduktaxandwealth.com, and tools.eiduktaxandwealth.com
• Our client portal and tax advisory platform
• Our marketing communications, including email, SMS, and advertising
• In-person, phone, and virtual meetings with clients and prospective clients

For SMS-specific disclosures, please also see our SMS Privacy Policy, which supplements this policy.

3. Information We Collect

3.1 Information You Provide Directly

When you become a client, request services, or engage with us, we collect:

• Identity information — full legal name, date of birth, Social Security Number or ITIN, government-issued ID (when required for tax filing or KYC)
• Contact information — mailing address, email address, mobile phone number
• Tax and financial information — income (W-2, 1099, K-1, business income), deductions, credits, prior-year tax returns, investment statements, bank account details, retirement account balances, real estate holdings, business financials, entity structure, and related tax documents
• Family and household information — spouse information, dependent information, filing status
• Business information (for entity clients) — EIN, formation documents, ownership structure, payroll data, books and records
• Communications — emails, messages, portal communications, call records, and meeting notes
• Engagement and payment information — signed engagement letters, service tier, fees, payment method details (processed through third parties; see Section 6)

3.2 Information Collected Automatically

When you visit our websites or use our platform, we automatically collect certain technical information:

• IP address, device type, browser type, operating system, and screen resolution
• Pages visited, time spent, navigation paths, and referring URLs
• Session data and authentication tokens (for logged-in users of the client portal)
• Cookies and similar tracking technologies (see Section 12)

3.3 Information From Third Parties

With your authorization (typically through Form 8821, Form 2848, or equivalent), we may receive information from:

• The Internal Revenue Service (IRS) and state tax authorities
• Your prior accountant or tax preparer
• Financial institutions, brokerage firms, and custodians (e.g., Charles Schwab)
• Payroll providers and bookkeeping service providers

4. How We Use Your Information

We use your information to:

• Provide professional services — preparing and filing tax returns, providing tax planning and advisory services, managing wealth and financial planning services, and representing you before tax authorities
• Communicate with you — responding to inquiries, sending appointment confirmations, sending tax payment reminders, providing document requests, and delivering service updates
• Process payments — invoicing, collecting fees, and managing billing
• Maintain records — complying with IRS, state, and professional recordkeeping requirements
• Improve our services — analyzing how our platform is used to enhance features and client experience (using de-identified data where possible)
• Comply with legal obligations — responding to lawful requests from regulators, courts, or government agencies
• Protect our firm and our clients — detecting fraud, preventing unauthorized access, and protecting the security of your data

We use your tax return information only to prepare and deliver the services you engage us for, as required by IRC §7216. We do not use tax return information for any other purpose without your specific written consent.

5. How We Share Information

We do not sell, rent, or trade your personal or financial information. We share information only in the following limited circumstances:

5.1 With Your Consent

We share information with third parties (e.g., your financial advisor, attorney, lender, or spouse) only when you expressly authorize us to do so, typically in writing via an engagement letter addendum or a signed consent form.

5.2 With Service Providers

We share information with trusted third-party service providers who help us deliver our services. These providers are bound by confidentiality obligations and may not use your information for their own purposes. See Section 6 for a complete list.

5.3 For Legal and Regulatory Compliance

We may disclose information when required by law, including:

• In response to subpoenas, court orders, or valid legal process
• To comply with IRS or state tax authority requirements
• To respond to lawful regulatory or professional licensing body inquiries
• To comply with suspicious activity reporting requirements under applicable law

5.4 In Connection With a Business Transition

If our firm is acquired, merged, or sold, your information may be transferred as part of that transaction. Any successor entity will be bound by this Privacy Policy or a substantially similar policy, and we will notify you of any material changes.

6. Third-Party Service Providers

We rely on the following categories of service providers to operate our firm. Each is contractually bound to protect your information and use it only for the purpose of providing their service to us:

This list may change as we update our service providers. We will update this page when changes occur.

7. Data Security

Protecting your information is central to our practice. We maintain administrative, technical, and physical safeguards aligned with IRS Publication 4557 ("Safeguarding Taxpayer Data"), the Gramm-Leach-Bliley Act Safeguards Rule, and AICPA professional standards, including:

• Encryption in transit (TLS 1.2+) and encryption at rest for all sensitive data
• Multi-factor authentication on all staff and client portal accounts
• Role-based access controls and principle of least privilege
• Written information security program (WISP) reviewed annually
• Regular security training for all staff
• Background checks on all staff with access to client information
• Incident response procedures with legally required breach notification
• Secure document transmission via encrypted client portals (not unencrypted email)

No system is entirely secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you in accordance with applicable law.

8. Data Retention

We retain your information for as long as needed to provide services and to comply with legal, regulatory, and professional obligations:

• Tax returns and supporting documents — minimum 7 years after filing, per IRS recommendations and AICPA professional standards (some states require longer)
• Engagement letters and client correspondence — minimum 7 years from engagement termination
• Financial planning records — minimum 7 years, or longer if legally required
• Payment and billing records — minimum 7 years
• Website analytics and cookies — typically 13 months or less
• SMS opt-in consent records — retained indefinitely as proof of consent
• Marketing communication records — until you unsubscribe, plus a reasonable period thereafter for compliance

After the applicable retention period, we securely delete or de-identify your information.

9. Your Rights

Subject to applicable law and professional obligations, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your information (subject to our retention obligations — e.g., we cannot delete tax returns required by IRS)
• Opt out of marketing communications at any time
• Object to certain uses of your information
• Receive a copy of your tax returns we prepared for you
• Withdraw consent where our use of your information is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or a shorter period if required by applicable law).

10. California Residents — CCPA / CPRA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you additional rights regarding your personal information.

10.1 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information from California residents:

• Identifiers (name, address, email, phone number, SSN for tax filing)
• Financial information (bank accounts, income, tax records)
• Commercial information (services purchased, engagement history)
• Internet or network activity (website usage, portal activity)
• Professional information (business ownership, employment)
• Inferences (service preferences, tax strategy fit)

10.2 Sources of Information

We collect information directly from you, from your authorized representatives, from IRS and state tax authorities (with your consent), and from our service providers. See Section 3.3.

10.3 Business Purposes for Collection

We collect this information for the business purposes described in Section 4.

10.4 Your California Rights

You have the right to:

• Know what personal information we collect, use, disclose, and sell (we do not sell)
• Delete personal information we hold about you, subject to legal exceptions
• Correct inaccurate personal information
• Opt out of sale or sharing — we do not sell personal information and do not share it for cross-context behavioral advertising
• Limit use of sensitive personal information — we use sensitive personal information only for the purposes permitted under the CPRA
• Non-discrimination — we will not discriminate against you for exercising these rights

10.5 How to Submit a Request

To submit a CCPA/CPRA request, email us at [email protected] with "CCPA Request" in the subject line. We will verify your identity before fulfilling the request and respond within 45 days (extendable by another 45 days if needed).

10.6 Authorized Agents

You may designate an authorized agent to make a request on your behalf. The agent must provide written authorization, and we may verify the agent's authority directly with you.

11. SMS and Mobile Communications

Eiduk Tax & Wealth may send transactional SMS text messages to clients and prospective clients who have explicitly opted in through our consent forms. SMS messages include estimated tax payment reminders, appointment confirmations, document request notifications, onboarding confirmations, and service updates.

For complete information about our SMS program, including message frequency, opt-out instructions, and data retention, please see our SMS Privacy Policy and SMS Terms & Conditions.

12. Cookies and Website Analytics

Our websites use cookies and similar technologies to:

• Maintain your login session on the client portal
• Remember your preferences
• Analyze website traffic and performance (via tools such as Google Analytics and Meta Pixel)
• Deliver and measure advertising effectiveness on platforms like Facebook and Google

You can control cookies through your browser settings. Disabling essential cookies may affect portal functionality. We honor "Do Not Track" signals where technically feasible and respect the Global Privacy Control (GPC) signal for California residents.

13. Children's Privacy

Our services are not directed to children under 18, and we do not knowingly collect personal information from children under 18, except in the context of tax filings that include dependent information provided by the filing adult. If you believe we have collected information from a child in a manner inconsistent with this policy, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Material changes will be communicated via email to active clients and via a notice on our website at least 30 days before taking effect. The "Last Updated" date at the top of this policy reflects the most recent revision.

15. Contact Us

If you have questions about this Privacy Policy, want to exercise any of your rights, or want to report a privacy concern, please contact us: