Privacy Policy

Effective Date: May 14, 2026 Last Updated: May 14, 2026

DR Tax and Business Solutions (“we,” “our,” “us,” or the “Company”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://drtaxandbusinesssolutions.com/, use our tax preparation, accounting, or bookkeeping services, or otherwise engage with us.

As a tax preparation firm, accounting service, and bookkeeping service provider, we are subject to specific legal and ethical obligations under:

  • The FTC Safeguards Rule (Gramm-Leach-Bliley Act)
  • IRS Circular 230 (Treasury Department regulations)
  • Statement on Standards for Tax Services (SSTS) effective January 2024
  • North Carolina state laws governing accountants and tax preparers

This Policy applies to information collected through:

  • Our website https://drtaxandbusinesssolutions.com/
  • Mobile applications (if any)
  • Phone calls, text messages (SMS), and emails
  • In-person meetings at our office: 300 W Hargett St #324, Raleigh, NC 27601
  • Video call consultations
  • Third-party platforms we use to provide our services

By using our services, you consent to the collection, use, and disclosure of your information as described in this Policy. If you do not agree with these terms, please do not use our website or services.

2. Information We Collect

We collect two types of information: Personal Data (identifies you) and Non-Personal Data (does not identify you).

A. Information You Provide to Us

CategoryExamples
Identity InformationFull name, date of birth, Social Security Number (SSN), Individual Taxpayer Identification Number (ITIN), Employer Identification Number (EIN)
Contact InformationEmail address, phone number, physical address, mailing address
Tax and Financial InformationIncome (W-2, 1099, etc.), deductions, credits, bank account numbers, investment statements, business financial records, prior tax returns
Dependent InformationNames, SSNs, and relationship of dependents
Payment InformationCredit/debit card details, billing address
CommunicationsRecords of our conversations (phone, email, video calls, in-person)

B. Information Automatically Collected

CategoryExamples
Device DataIP address, operating system, browser type, device identifiers
Usage DataPages visited, time spent, links clicked, search queries
Cookies and TrackingSession cookies, persistent cookies, analytics tools

C. Information from Third Parties

We may receive information about you from:

  • Prior tax preparers (with your authorization)
  • The IRS and state tax authorities
  • Employers (via W-2 forms)
  • Financial institutions (via 1099 forms)
  • Credit reporting agencies

3. How We Use Your Information

We use your information for the following purposes:

PurposeLegal Basis
Prepare and file federal and state tax returnsContractual obligation / Legal requirement
Provide bookkeeping and accounting servicesContractual obligation
Process payments and refundsContractual obligation
Communicate with you about your tax situationContractual obligation
Respond to IRS or state tax authority inquiriesLegal requirement
Detect and prevent fraudLegitimate interest
Improve our website and servicesLegitimate interest
Comply with record-keeping requirements (7 years)Legal requirement
Defend against legal claimsLegal requirement

4. FTC Safeguards Rule Compliance (GLBA)

DR Tax and Business Solutions is classified as a “financial institution” under the Gramm-Leach-Bliley Act (GLBA) and is subject to the FTC Safeguards Rule (16 CFR Part 314) .

In compliance with this rule, we have implemented a Written Information Security Program (WISP) that includes:

  • Designated Security Coordinator responsible for data protection
  • Regular risk assessments documented in writing
  • Access controls limiting who can view client data
  • Encryption of sensitive data in transit and at rest
  • Multi-Factor Authentication (MFA) required for all systems accessing client information (as required by the Safeguards Rule effective June 2023)
  • Secure disposal of client information when no longer needed
  • Annual staff training on data security
  • Oversight of third-party service providers (tax software, cloud storage, etc.)

5. Multi-Factor Authentication (MFA)

As required by the FTC Safeguards Rule (effective June 9, 2023), we require Multi-Factor Authentication (MFA) for all systems, applications, and devices that access client information.

MFA requires at least two of the following:

  • Something you know (password)
  • Something you have (code sent via SMS or authenticator app)
  • Something you are (biometric)

You may be required to use MFA when accessing any client portal or secure system we provide.

6. SSTS 2024 Compliance (Tax Preparation Standards)

We adhere to the Statement on Standards for Tax Services (SSTS) issued by the AICPA, effective January 1, 2024. Specifically:

  • SSTS No. 1.3: We make reasonable efforts to safeguard taxpayer data using encryption, security software, firewalls, and secure data-sharing platforms.
  • SSTS No. 1.4: Use of tax software, AI tools, or third-party platforms does not relieve us of professional responsibility. We exercise professional judgment and due care.
  • SSTS No. 7: We will notify you if we outsource any part of your tax preparation to third parties and will ensure those third parties protect your data appropriately.

7. SMS and Text Messaging

Your consent to receive SMS messages is strictly for communication purposes with DR Tax and Business Solutions related to appointments, tax filing reminders, and document requests.

A. No Third-Party Sharing

SMS consent and phone numbers are NOT shared with any third parties or affiliates for their own marketing purposes. Your phone number will only be used for the specific communication you requested.

B. Opt-Out

You may unsubscribe from SMS at any time by replying STOP or UNSUBSCRIBE to any of our messages. For help, reply HELP.

C. Costs

Message and data rates may apply. Message frequency varies based on your interaction with us.

D. Data Collection for SMS

When you opt into SMS, we collect your mobile phone number, name, and (if applicable) appointment details.

8. Sharing Your Information

We may share your information only in the following circumstances:

RecipientReason
Tax software providersTo prepare and file your tax returns (e.g., Drake, UltraTax, Lacerte)
Payment processorsTo process your payments (e.g., Stripe, Square)
Cloud storage providersTo securely store your documents (e.g., Box, Dropbox Business)
IRS and state tax authoritiesAs required by law to file your returns
Legal or government authoritiesWhen required by subpoena, court order, or applicable law
Successor organizationIn the event of a merger, acquisition, or sale of assets

We DO NOT sell your personal information to third parties.

9. Data Security

We implement the following security measures:

  • Encryption: All sensitive data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Only authorized personnel can access client data
  • Multi-Factor Authentication (MFA): Required for all staff and client portals
  • Firewalls and Antivirus: Enterprise-grade protection on all systems
  • Regular Backups: Encrypted backups stored securely
  • Incident Response Plan: Documented procedure for data breaches
  • Staff Training: Annual training on data protection and phishing prevention

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Data Retention

We retain your personal information as required by law and professional standards:

Type of InformationRetention Period
Tax returns and supporting documents7 years (per IRS record-keeping requirements)
Bookkeeping records7 years
Client communications3-5 years
Payment informationAs long as needed for fraud prevention (typically 3-5 years)

After the retention period expires, we will securely delete or anonymize your information.

11. Your Rights and Choices

Depending on your state of residence (e.g., California, Virginia, Colorado, Connecticut), you may have the following rights:

RightDescription
Right to KnowRequest disclosure of what personal information we collect, use, and share
Right to AccessRequest a copy of your personal information
Right to CorrectRequest correction of inaccurate information
Right to DeleteRequest deletion of your personal information (subject to legal retention requirements)
Right to Opt-OutOpt-out of the sale of personal information (we do not sell data)
Right to Non-DiscriminationWe will not discriminate against you for exercising these rights

California Residents (CCPA/CPRA)

If you are a California resident, California law provides you with additional rights regarding your personal information. To exercise any of these rights, please contact us using the information in Section 18.

Note: We cannot delete tax information required to be retained by the IRS or state tax authorities (typically 7 years).

Marketing Communications

You may opt-out of marketing emails by clicking the “unsubscribe” link in any marketing email or by contacting us directly.

12. Children’s Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected such information, we will delete it immediately.

For tax purposes: We may collect information about dependent children (names, SSNs, birth dates) as required by the IRS for tax return preparation. This information is used solely for tax filing purposes.

13. Third-Party Service Providers (Outsourcing)

We may use third-party service providers to assist with:

  • Tax preparation software
  • Document storage and sharing
  • Payment processing
  • Appointment scheduling

All third-party providers are contractually required to:

  • Protect your data with at least the same level of security we use
  • Use your data only for the specific services they provide to us
  • Delete or return your data when the contract ends
  • Notify us immediately of any data breach

If we outsource any part of your tax preparation to a third party (including offshore providers), we will notify you in advance as required by SSTS No. 7.

14. International Data Transfers

We primarily store and process data within the United States. If we use third-party providers that store data outside the U.S., we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

15. Breach Notification

In the event of a data breach affecting your personal information:

  • We will notify you without unreasonable delay (typically within 72 hours)
  • We will notify the FTC and relevant state authorities as required by law (within 30 days if 500+ consumers affected)
  • We will provide specific information about what data was affected and steps you can take to protect yourself

16. Changes to This Privacy Policy

We reserve the right to update this Policy at any time. If we make material changes:

  • We will post the revised Policy on our website
  • We will update the “Effective Date” at the top of this page
  • For significant changes, we may notify you via email or SMS

Your continued use of our services after any changes constitutes your acceptance of the revised Policy.

17. WISP Availability (FTC Safeguards Rule)

Our Written Information Security Program (WISP) is available for review by regulatory authorities upon request. Clients may request a summary of our security practices by contacting us directly.

18. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or would like to report a security concern:

DR Tax and Business Solutions 300 W Hargett St #324, Raleigh, NC 27601

By Email: rkesenia@gmail.com

By Phone: (786) 468-4328