Last Updated: November 10, 2025
Version: 2.0

INTRODUCTION

Thank you for choosing to be part of our community at Profit Solutions Pro Inc., a corporation incorporated under the laws of the State of Florida, registered at 9702 SW 83rd Way, Gainesville, FL 32608 (referred to in this document as “Profit Solutions,” “PS,” “we,” “us,” or “our”). We are committed to protecting your personal information and your right to privacy.

When you visit our website https://profitsolutions.com/ (the “Website”), use our services, and interact with our platforms, you trust us with your personal information. We take your privacy very seriously. In this Privacy Policy, we seek to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it.

If you have any questions or concerns about our Privacy Policy, or our practices with regards to your personal information, please contact us at:

• General Privacy Inquiries: privacy@profitsolutions.com
• General Information: info@profitsolutions.com
• Data Subject Rights Requests: privacy@profitsolutions.com

This Privacy Policy complies with the requirements set forth by:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Florida Information Protection Act (FIPA)
• Other applicable state and federal privacy laws

This Privacy Policy is designed to provide the highest privacy and data protection standards applicable globally.

IMPORTANT: This Privacy Policy applies to all information collected through our Website (https://profitsolutions.com/), and any related services, sales, marketing, or events (collectively, the “Services”). This includes our three primary service lines:

1. Tax Resolution Services – IRS and state tax controversy resolution
2. Tax Optimization Services – Tax planning and strategy implementation
3. Bookkeeping & Accounting Services – Financial record-keeping and reporting

Please read this Privacy Policy carefully as it will help you make informed decisions about sharing your personal information with us. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Website and Services.

TABLE OF CONTENTS

1. What Information Do We Collect?
   II. How Do We Collect Your Personal Information?
   III. How Do We Use Your Information?
   IV. Why Do We Process Your Personal Data?
   V. Will Your Information Be Shared With Anyone?
   VI. Do We Use Cookies and Other Tracking Technologies?
   VII. How Long Do We Keep Your Information?
   VIII. How Do We Keep Your Information Safe?
   IX. What Are Your Privacy Rights?
   X. Do We Collect Information From Minors?
   XI. Controls for Do-Not-Track Features
   XII. Do California Residents Have Specific Privacy Rights?
   XIII. International Data Transfers
   XIV. Third-Party Services and Integrations
   XV. Do We Make Updates to This Policy?
   XVI. External Links
   XVII. How Can You Contact Us About This Policy?

I. WHAT INFORMATION DO WE COLLECT?

We collect the following categories of personal data while you use our Services and/or Website, as further described in this Privacy Policy:

Personal Information Provided by You

Contact and Identity Information:

• Name, alias, postal address, email address, phone number, mobile number
• Date of birth, Social Security Number (SSN), or Federal Employer Identification Number (FEIN)
• Professional credentials and occupation
• County of residence

Financial Information:

• Bank account numbers, credit card numbers, debit card numbers
• Payment card information (processed securely via PCI-DSS compliant processor)
• Tax return information and financial statements
• Income, assets, liabilities, and net worth information
• IRS account transcripts and state tax records
• Account balances and transaction history

Tax and Accounting Records:

• Current and prior year tax returns (federal and state)
• IRS Form 433-A (Collection Information Statement for Wage Earners)
• IRS Form 433-B (Collection Information Statement for Businesses)
• IRS notices, letters, and correspondence
• State tax authority notices and correspondence
• Financial statements (Balance Sheet, Profit & Loss, Cash Flow)
• QuickBooks data files and accounting records
• Receipts, invoices, and supporting documentation
• 1099 forms and other tax documents

Business Information:

• Entity type, structure, and ownership information
• Business operations and activities
• Employee information (for family employment strategies)
• Entity formation documents
• Operating agreements and corporate records

Service-Related Information:

• Service agreements and engagement contracts
• Payment history and billing records
• Communication preferences
• Service requests and support tickets
• Feedback and survey responses

Information Automatically Collected

Device and Usage Information:

• IP address, browser type, and device characteristics
• Operating system and language preferences
• Device name, country, and location information
• Referring URLs and pages visited
• Time spent on pages and navigation patterns
• Search queries and interaction with Website features

Cookies and Tracking Data:

• Session cookies and persistent cookies
• Web beacons and pixel tags
• Analytics data from third-party providers
• Marketing attribution information

Inferences and Derived Information

Profile and Preference Data:

• Tax optimization opportunities based on financial information
• Projected tax savings and strategy recommendations
• Service preferences and communication history
• Risk profiles and strategy implementation patterns
• Client success metrics and engagement levels

Information From Third-Party Sources

Public and Commercial Sources:

• Public database information
• Marketing leads and contact lists
• Social media profile information (if you connect accounts)
• Search results and paid listing information
• Credit reporting agencies (for payment plan eligibility)
• Professional licensing databases

Sensitive Personal Information

Under applicable privacy laws, the following categories are considered “sensitive” and receive additional protections:

• Social Security Numbers and Tax Identification Numbers
• Financial account numbers and payment card information
• Precise geolocation data
• Information revealing tax liabilities or financial distress

II. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

Information You Provide Directly

Service Enrollment and Engagement:

• When you complete intake forms or engagement agreements
• When you schedule Discovery Calls or Implementation Calls
• When you provide documents during service delivery
• When you sign up for recurring services

Communication Channels:

• Email correspondence with our team
• Phone calls and text messages
• Secure client portal uploads
• Contact forms on our Website
• Live chat interactions

Payment Processing:

• Credit card authorization forms
• ACH payment setup information
• Billing address and contact details

Information Automatically Collected

Website Analytics: We automatically collect certain information when you visit or navigate our Website or use our Services. This includes:

• Device and usage information via cookies and similar technologies
• Page views, time on site, and navigation patterns
• Traffic sources and referral information
• Search terms used to find our Website

We use third-party analytics providers (such as Google Analytics) to gather data about your usage of the Website. This helps us understand how our Services are used and improve user experience.

Cookies and Tracking Technologies: Like many businesses, we collect information through cookies and similar technologies. We use cookies to:

• Enhance your experience and remember your preferences
• Provide insights into how our Services are used
• Assist in marketing efforts and measure campaign effectiveness
• Maintain security and prevent fraud

For more information about cookies and how to manage them, see Section VI below.

Information From Third-Party Sources

Public Databases and Partners: We may obtain information about you from:

• Public databases and records
• Joint marketing partners and referral sources
• Social media platforms (if you interact with us)
• Credit reporting agencies (for payment plan qualification)
• Professional licensing databases

Service Provider Integrations:

• QuickBooks Online (when you grant us access)
• Financial institutions (via bank feeds and account access)
• Payment processors (transaction confirmation data)
• Tax software providers (e-filing confirmation)

We will inform you about the source of information and the type of information we have collected about you within a reasonable period after obtaining the personal data, but at the latest within one month.

Information Through Document Uploads

Tax Resolution Services:

• IRS and state tax notices and correspondence
• Financial disclosure forms (433-A, 433-B)
• Bank statements and asset documentation
• Prior year tax returns

Tax Optimization Services:

• Tax returns for analysis
• Financial statements and projections
• Entity formation documents
• Retirement plan information

Bookkeeping Services:

• Receipts and expense documentation
• Invoices and revenue records
• Bank and credit card statements
• Loan documents and contracts

III. HOW DO WE USE YOUR INFORMATION?

In Short: We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.

We use personal information collected via our Services for a variety of business purposes described below. We indicate the specific processing grounds we rely on next to each purpose.

Service Delivery and Performance

Providing Services (Contract Performance):

• Providing Tax Resolution Services: representing you before IRS/state authorities, negotiating settlements, preparing forms and documentation
• Providing Tax Optimization Services: analyzing tax returns, creating Preliminary Tax Optimization Reports (PTOR), developing Wealth Acceleration Blueprints (WAB), implementing tax strategies
• Providing Bookkeeping Services: recording transactions, reconciling accounts, preparing financial statements
• Coordinating with your other professionals (tax preparers, attorneys, financial advisors)
• Conducting quarterly reviews and annual planning sessions

Client Communication (Contract Performance & Legitimate Interest):

• Responding to your inquiries and support requests
• Providing service updates and status reports
• Sending deadline reminders and compliance alerts
• Delivering completed work product and deliverables
• Scheduling meetings and appointments
• Requesting additional information or documentation

Payment and Billing

Transaction Processing (Contract Performance):

• Processing payments and managing billing
• Charging recurring monthly fees for ongoing services
• Processing down payments and payment plan installments
• Applying credit card processing fees (3%)
• Managing payment defaults and collections
• Issuing invoices and payment confirmations

Payment Card Security (Legal Obligation & Legitimate Interest):

• Maintaining PCI-DSS compliance for payment card data
• Encrypting and tokenizing payment information
• Detecting and preventing fraudulent transactions
• Processing refunds when applicable

Marketing and Communications

Marketing and Promotions (Consent & Legitimate Interest):

• Sending marketing emails about our services
• Providing educational content and tax tips
• Announcing new services or features
• Inviting you to webinars and events
• Sharing success stories and case studies
• You can opt-out of marketing communications at any time

Targeted Advertising (Consent & Legitimate Interest):

• Displaying relevant advertisements on third-party platforms
• Measuring effectiveness of marketing campaigns
• Tailoring content based on your interests
• Retargeting visitors who have shown interest in our Services

Referral Programs (Consent):

• Processing referrals when you recommend our Services
• Tracking referral rewards and incentives
• Communicating with referred prospects

Business Operations

Administration and Operations (Legitimate Interest):

• Managing client accounts and relationships
• Maintaining client portal access
• Organizing and storing client documents
• Quality assurance and training purposes
• Internal reporting and analytics

Security and Fraud Prevention (Legitimate Interest & Legal Obligation):

• Monitoring for fraudulent activity and unauthorized access
• Protecting against security threats and cyberattacks
• Investigating suspicious transactions or activities
• Maintaining system security and data integrity
• Enforcing our Terms of Service and policies

Analytics and Improvement (Legitimate Interest):

• Analyzing usage trends and service effectiveness
• Identifying areas for service improvement
• Evaluating marketing campaign performance
• Conducting customer satisfaction surveys
• Developing new features and services
• Using aggregated and anonymized data for research

Legal and Compliance

Legal Obligations (Legal Obligation):

• Complying with IRS regulations and Circular 230
• Responding to subpoenas and legal process
• Meeting professional licensing requirements
• Complying with state and federal tax laws
• Maintaining required records and documentation
• Responding to regulatory inquiries

Dispute Resolution (Legitimate Interest & Legal Obligation):

• Enforcing our Terms of Service and engagement agreements
• Defending against legal claims or litigation
• Participating in arbitration proceedings
• Collecting unpaid fees through legal means
• Investigating and resolving client complaints

Vital Interests (Vital Interest):

• Preventing illegal activities or suspected fraud
• Protecting safety of individuals
• Investigating potential policy violations
• Taking action regarding threats to any person

Specialized Service Uses

Tax Resolution Specific:

• Communicating with IRS and state tax authorities on your behalf
• Preparing and filing Powers of Attorney (Form 2848)
• Negotiating Offers in Compromise and installment agreements
• Representing you in audits, appeals, and collections matters
• Analyzing tax account transcripts and notices

Tax Optimization Specific:

• Creating proprietary tax strategies customized to your situation
• Developing and delivering Wealth Acceleration Blueprints (WAB)
• Implementing entity restructuring recommendations
• Coordinating with your tax preparer for proper return preparation
• Monitoring ongoing compliance with implemented strategies

Bookkeeping Specific:

• Managing QuickBooks Online on your behalf
• Reconciling bank and credit card accounts
• Preparing monthly financial statements
• Processing sales tax filings (if contracted)
• Coordinating year-end closes and adjustments

IV. WHY DO WE PROCESS YOUR PERSONAL DATA?

In Short: We only process information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share data based on the following legal bases:

Consent

• We may process your data if you have given us specific consent to use your personal information for a specific purpose
• You provide consent when you sign engagement agreements or accept our Terms of Service
• You may withdraw your consent at any time by contacting privacy@profitsolutions.com
• Withdrawal of consent does not affect processing that occurred before withdrawal

Performance of a Contract

• Where we have entered into an engagement agreement with you, we process your personal information to fulfill the terms of our contract
• This includes delivering Tax Resolution, Tax Optimization, or Bookkeeping Services
• Processing payments and managing billing obligations
• Providing support and responding to service requests

Legitimate Interests

• We may process your data when it is reasonably necessary to achieve our legitimate business interests, provided your rights do not override these interests
• Legitimate interests include:
  • Fraud prevention and security
  • Network and information security
  • Improving and providing our Services
  • Marketing our services to potential clients
  • Analytics and business intelligence
  • Protecting our intellectual property rights
  • Enforcing our legal rights and contracts

Legal Obligations

• We may process your information where we are legally required to do so
• This includes:
  • Complying with IRS Circular 230 regulations
  • Responding to court orders, subpoenas, or legal process
  • Meeting state and federal tax law requirements
  • Fulfilling professional licensing obligations
  • Responding to government requests
  • Complying with PCI-DSS requirements for payment data

Vital Interests

• We may process your information where we believe it is necessary to:
  • Investigate, prevent, or take action regarding potential violations of our policies
  • Protect against suspected fraud or illegal activities
  • Safeguard situations involving potential threats to safety of any person
  • Serve as evidence in litigation in which we are involved
  • Respond to emergency situations

V. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

In Short: We only share information with your consent, to comply with laws, to provide you with services, or to protect our rights.

We take every effort to protect your personal data and have taken necessary steps to this end. Our employees have access to personal data only to the extent necessary to properly perform their individual tasks. We only share personal information with third parties if it is necessary to serve the applicable purpose.

Third-Party Service Providers

Vendors and Contractors (Service Performance): We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work:

Payment Processing:

• Payment gateway providers (PCI-DSS compliant)
• Credit card processors
• ACH processing services
• Fraud detection and prevention services
• Billing and invoicing platforms

Technology and Infrastructure:

• Cloud hosting services (secure servers in United States)
• Data storage providers
• Email delivery services
• Customer relationship management (CRM) systems
• Client portal platforms
• Backup and disaster recovery services

Professional Services:

• Indian CPA team for document creation (under strict confidentiality)
• Tax software providers for e-filing
• QuickBooks and accounting software platforms
• Legal counsel (when necessary)
• Professional liability insurance carriers

Analytics and Marketing:

• Website analytics providers (e.g., Google Analytics)
• Email marketing platforms
• Advertising networks
• Social media platforms
• Marketing automation tools

When third parties process your personal data, this is only possible according to instructions given by us. We ensure that all third parties with access to your personal information have implemented appropriate technical and organizational measures to maintain our intended level of privacy and security.

Business Transfers

Mergers and Acquisitions: We may share or transfer your information in connection with, or during negotiations of:

• Merger with another company
• Sale of company assets
• Financing or investment transactions
• Acquisition of all or a portion of our business by another company
• Bankruptcy or insolvency proceedings

In such cases, we will ensure the acquiring party agrees to protect your personal information consistent with this Privacy Policy.

Legal and Regulatory Authorities

Government and Legal Compliance: We may disclose your information if we believe in good faith that such disclosure is necessary to:

• Comply with U.S. federal and state laws or other applicable laws
• Respond to court orders, judicial requests, subpoenas, or warrants
• Comply with IRS summons or administrative requests
• Respond to state tax authority investigations
• Meet national security or law enforcement requirements
• Comply with regulatory inquiries from licensing boards

Protection of Rights and Safety

Legal Defense and Enforcement: We reserve the right to disclose information that we believe, in good faith, is appropriate or necessary to:

• Protect Profit Solutions from fraudulent or unlawful usage
• Investigate and defend ourselves against third-party claims or allegations
• Enforce our Terms of Service, engagement agreements, or other policies
• Protect the security and integrity of our Services
• Protect the rights, property, or safety of Profit Solutions, our clients, or others
• Collect unpaid fees through legal means
• Pursue arbitration or litigation

With Your Consent

Authorized Disclosures: We may share your information with third parties when you have given us explicit permission to do so:

• Sharing your tax strategies with your personal tax preparer (with your authorization)
• Providing information to your attorney or financial advisor (with your consent)
• Sharing information with family members or business partners you designate
• Referrals to other professionals you request

Information We Do NOT Share

Prohibited Disclosures:

• We do NOT sell your personal information to third parties
• We do NOT rent or trade your information for promotional purposes
• We do NOT share your tax strategies or proprietary Blueprints without authorization
• We do NOT disclose information to competitors or unauthorized parties

VI. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We use cookies and similar tracking technologies to collect and store your information.

What Are Cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners to make their websites work more efficiently and to provide reporting information.

Types of Cookies We Use

Essential Cookies (Required):

• Session management and authentication
• Security and fraud prevention
• Load balancing and performance
• User preference storage
• These cookies are necessary for the Website to function and cannot be disabled

Analytics Cookies (Optional):

• Google Analytics for usage statistics
• Page view tracking and navigation patterns
• Traffic source and referral analysis
• User behavior and engagement metrics
• These help us understand how visitors use our Website

Marketing Cookies (Optional):

• Advertising network cookies
• Retargeting and remarketing pixels
• Campaign attribution tracking
• Conversion tracking
• Social media integration pixels
• These help us serve relevant advertisements

Preference Cookies (Optional):

• Language and region preferences
• Display settings and accessibility options
• Form auto-fill information
• These enhance your user experience

Third-Party Cookies

We may use third-party services that place cookies on your device:

• Google Analytics for website analytics
• Facebook Pixel for advertising
• LinkedIn Insight Tag for B2B marketing
• Other advertising networks and partners

These third parties may use cookies to track your activity across websites and build profiles for targeted advertising.

Cookie Management

How to Control Cookies:

Most web browsers are set to accept cookies by default. You can:

• Browser Settings: Configure your browser to refuse cookies or alert you when cookies are being sent
• Cookie Preferences: Use our cookie preference center (if available) to manage optional cookies
• Opt-Out Tools: Use industry opt-out tools at http://www.aboutads.info/choices/
• Do Not Track: Enable Do-Not-Track settings in your browser (see Section XI)

Effect of Disabling Cookies: If you choose to remove cookies or reject cookies, this could affect certain features or services of our Website:

• You may need to re-enter information more frequently
• Some website features may not function properly
• Your preferences may not be saved
• Analytics and personalization may be limited

However, disabling cookies will NOT prevent you from accessing our core Services.

Other Tracking Technologies

Web Beacons and Pixels:

• Small graphic images used to track page views and email opens
• Help us understand email campaign effectiveness
• May be disabled by blocking images in emails

Local Storage:

• Browser-based storage for preferences and settings
• Can be cleared through browser settings
• May be used for client portal functionality

VII. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.

General Retention Periods

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law.

Active Client Records:

• Retained for duration of engagement plus 7 years
• Required by IRS recordkeeping requirements
• Necessary for potential audits or disputes

General Account Information:

• 7 years after service termination or last activity
• Aligns with IRS statute of limitations
• Supports legal defense and compliance

Financial and Tax Records:

• Minimum 7 years per IRS requirements
• May be longer for certain complex matters
• Includes tax returns, financial statements, supporting documentation

Payment and Billing Records:

• 7 years for accounting and tax purposes
• Required for IRS audit support
• Necessary for dispute resolution

Marketing and Communications Data:

• 3 years after last interaction or opt-out
• Can be deleted sooner upon request
• Maintains suppression lists indefinitely (to honor opt-outs)

Website Usage Data:

• 2 years after collection
• Used for analytics and improvement
• Can be deleted sooner upon request

Employment Records (if applicable):

• 7 years after employment termination
• Complies with employment law requirements

Special Retention Circumstances

Legal Holds: If information is subject to legal proceedings, investigations, or disputes, we will retain it until the matter is resolved, even if beyond normal retention periods.

Regulatory Requirements: Certain records may need to be retained longer based on:

• IRS regulations and Circular 230
• State licensing board requirements
• Professional liability insurance requirements
• Specific state recordkeeping laws

Data Deletion and Anonymization

When Retention Period Ends: When we have no ongoing legitimate business need to process your personal information, we will either:

• Delete the information securely and permanently
• Anonymize the data so it no longer identifies you
• Archive it securely with restricted access until deletion is possible

Backup Archives: If immediate deletion is not possible because your personal information has been stored in backup archives, we will:

• Securely store your personal information
• Isolate it from any further processing
• Delete it as soon as technically feasible

Right to Request Deletion: You may request deletion of your personal information at any time by contacting privacy@profitsolutions.com. We will comply with your request subject to legal retention requirements.

VIII. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a comprehensive system of organizational and technical security measures.

Technical Security Measures

Encryption and Data Protection:

• Data in Transit: TLS 1.2+ encryption for all data transmission
• Data at Rest: AES-256 encryption for stored data
• Payment Card Data: PCI-DSS Level 2 compliance standards
• CVV Codes: Never stored after initial transaction
• Tokenization: Credit card numbers stored as encrypted tokens only

Network Security:

• Multi-layered firewall protection
• Network segmentation to isolate sensitive systems
• Intrusion detection and prevention systems
• DDoS protection and mitigation
• Regular security patches and updates
• Vulnerability scanning and penetration testing

Access Controls:

• Multi-factor authentication (MFA) for system access
• Role-based access controls (RBAC)
• Principle of least privilege (minimum necessary access)
• Unique user credentials for all personnel
• Automatic session timeouts
• Password complexity requirements

Application Security:

• Secure coding practices and code reviews
• Input validation and sanitization
• SQL injection and XSS prevention
• CSRF protection
• Security headers and configurations
• Regular security testing and audits

Physical Security Measures

Facility Security:

• Controlled access to office facilities
• Surveillance systems and security monitoring
• Visitor logs and escort requirements
• Secure document storage (locked cabinets)
• Clean desk policy for sensitive information
• Secure document destruction (cross-cut shredding)

Device Security:

• Encrypted laptops and mobile devices
• Remote wipe capabilities
• Automatic screen locks
• Prohibited use of personal devices for sensitive data
• Secure disposal of hardware

Organizational Security Measures

Personnel Security:

• Background checks for employees with data access
• Confidentiality and non-disclosure agreements
• Regular security awareness training
• Clear security policies and procedures
• Incident response training
• Limited personnel access to sensitive data

Vendor Management:

• Due diligence on all third-party providers
• Written data protection agreements (DPAs)
• Regular vendor security assessments
• Verification of vendor security certifications
• Contractual security requirements

Business Continuity:

• Regular data backups (encrypted and tested)
• Disaster recovery plans and procedures
• Business continuity planning
• Incident response plans
• Data redundancy and failover systems

Monitoring and Response

Security Monitoring:

• 24/7 security monitoring and alerts
• Log analysis and anomaly detection
• Regular security audits and reviews
• Compliance assessments
• Threat intelligence monitoring

Incident Response:

• Documented incident response procedures
• Rapid response team activation
• Forensic investigation capabilities
• Breach notification procedures (see Section VIII.D)
• Post-incident review and improvement

Compliance and Certifications

Standards and Regulations:

• PCI-DSS compliance for payment card data
• GDPR-compliant data protection measures
• CCPA/CPRA privacy compliance
• SOC 2 Type II principles (security, availability, confidentiality)
• IRS Publication 4557 (Safeguarding Taxpayer Data)

Regular Assessments:

• Annual security assessments
• Quarterly vulnerability scans
• Penetration testing
• Compliance audits
• Third-party security reviews

Data Breach Notification

In the Event of a Data Breach:

If we discover a data breach that affects your personal information, we will:

1. Investigate Immediately:
   • Contain the breach and secure affected systems
   • Determine scope and impact of the breach
   • Identify affected individuals and data types
2. Notify You Promptly:
   • Within timeframe required by applicable law (typically 30-72 hours)
   • Via email to your address on file
   • Through prominent notice on our Website if widespread
3. Provide Details:
   • Description of the incident and date discovered
   • Types of information involved
   • Steps we have taken to address the breach
   • Recommended actions you should take
   • Contact information for questions
4. Offer Assistance:
   • Credit monitoring services if financial data exposed (as required by law)
   • Identity theft protection resources
   • Dedicated support contact for breach-related questions
5. Regulatory Notification:
   • Notify applicable regulators as required by law
   • Cooperate with law enforcement investigations
   • File required reports with state attorneys general

Limitations and User Responsibility

No Guarantee of Absolute Security: While we implement industry-standard security measures, we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk.

Your Responsibilities:

• Use strong, unique passwords for your account
• Enable multi-factor authentication when available
• Keep your login credentials confidential
• Do not share your account access
• Use secure internet connections (avoid public Wi-Fi for sensitive activities)
• Keep your devices and software updated
• Report suspicious activity immediately
• Review your statements and accounts regularly

You should only access the Services within a secure environment.

IX. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area and California, you have rights that allow you greater access to and control over your personal information.

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

Universal Rights (All Users)

Right of Access:

• You have the right to receive a copy of the personal information we hold about you
• You can verify that we are lawfully processing your data
• Request available within 30 days of request

Right to Correction:

• You may request that incomplete or incorrect information be corrected or supplemented
• We will update inaccurate information promptly
• You can update some information through your account settings

Right to Deletion (“Right to be Forgotten”):

• You can request deletion of your personal information
• Subject to legal retention requirements (see Section VII)
• We will delete data when no longer needed for legitimate purposes
• Some data may be retained in backup systems temporarily

Right to Limit Processing:

• You can request that we temporarily or permanently stop processing your personal data
• May affect our ability to provide certain services
• We will honor requests except where processing is required by law

Right to Data Portability:

• You can request a copy of your personal data in a structured, commonly used format
• You can request transfer to another service provider (where technically feasible)
• Applies to data you provided to us

Right to Object to Processing:

• You can object to processing of your personal data for certain purposes
• Particularly for direct marketing (see opt-out options)
• We will cease processing unless we have compelling legitimate grounds

Right to Withdraw Consent:

• You have the right to withdraw previously granted consent
• Withdrawal does not affect processing that occurred before withdrawal
• May affect our ability to continue providing certain services

GDPR Rights (EEA Residents)

If you are a resident of the European Economic Area (EEA), you have additional rights under GDPR:

Right to Lodge Complaint:

• You can complain to your local data protection supervisory authority
• Contact details available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
• You can also contact us first to try to resolve the issue

Right Regarding Automated Decision-Making:

• Right to request human intervention in automated decisions
• Right to express your point of view
• Right to contest the decision
• Applies to services involving automated decision-making or profiling

Data Protection Officer:

• You can contact our privacy team at privacy@profitsolutions.com
• We will respond to all GDPR requests within one month

California Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You may request that we disclose:

• The categories of personal information we have collected about you
• The categories of sources from which personal information is collected
• The business or commercial purpose for collecting or selling your personal information
• The categories of third parties with whom we share personal information
• The specific pieces of personal information we have collected about you

Right to Delete:

• Request deletion of personal information we have collected from you
• Subject to certain exceptions (legal obligations, fraud prevention, etc.)
• We will notify third parties of deletion requests where applicable

Right to Correct:

• Request correction of inaccurate personal information (added by CPRA)
• We will use commercially reasonable efforts to correct information

Right to Opt-Out of Sale:

• We do NOT sell personal information as defined by CCPA/CPRA
• This right is therefore not applicable, but we include it for transparency

Right to Limit Use of Sensitive Personal Information:

• Request to limit use and disclosure of sensitive personal information
• Sensitive information includes SSN, financial account information, precise geolocation
• We use sensitive information only as necessary to provide services

Right to Non-Discrimination:

• We will not discriminate against you for exercising any CCPA/CPRA rights
• You will not be denied services, charged different prices, or provided different quality of service

Authorized Agents:

• You may designate an authorized agent to make requests on your behalf
• Agent must provide written authorization from you
• We may require you to verify your identity directly

Shine the Light Law:

• California residents can request information about disclosure of personal information to third parties for direct marketing
• We do not share information for third-party direct marketing purposes

Florida Residents

If you are a Florida resident, you may have additional rights under the Florida Information Protection Act (FIPA) and other state laws.

Making Privacy Rights Requests

How to Exercise Your Rights:

To exercise any of these rights, please contact us at:

• Email: privacy@profitsolutions.com (put “Privacy Rights Request” in subject line)
• Mail: Profit Solutions Pro Inc. Attn: Privacy Rights Request 9702 SW 83rd Way Gainesville, FL 32608

Information We Need:

• Your full name and contact information
• Specific right you wish to exercise
• Details of your request
• Verification information (to confirm your identity)

Verification Process:

• We must verify your identity before responding to requests
• May require additional information or documentation
• Verification requirements vary based on sensitivity of request
• We will only use verification information to confirm identity

Response Timeline:

• We will respond to your request within 30 days
• May extend by additional 30 days for complex requests (with notice)
• Will provide explanation if we cannot fulfill request

No Fee for Requests:

• We do not charge a fee for making privacy rights requests
• May charge reasonable fee for manifestly unfounded or excessive requests
• May refuse to act on manifestly unfounded or excessive requests

Cookies and Tracking Opt-Out

Cookie Management:

• Most web browsers are set to accept cookies by default
• You can set your browser to remove cookies and reject cookies
• If you remove or reject cookies, some features may not work properly
• Visit http://www.aboutads.info/choices/ to opt-out of interest-based advertising

Do Not Sell My Personal Information:

• We do not sell personal information
• You do not need to opt-out of sales

X. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

Age Restrictions

Minimum Age Requirement:

• Our Services are not directed to individuals under 18 years of age
• We do not knowingly solicit data from or market to children under 18
• By using the Services, you represent that you are at least 18 years old
• If you are under 18, you must have parent or guardian consent to use Services

Parental Consent:

• If you are a parent or guardian and consent to your minor dependent’s use of the Services
• You agree to be responsible for your minor dependent’s use
• You accept responsibility for all actions taken by the minor

If We Learn of Minor Data Collection

Our Response: If we learn that personal information from users less than 18 years of age has been collected:

• We will deactivate the account immediately
• We will take reasonable measures to promptly delete such data from our records
• We will cease processing the minor’s data
• We will not use the information for any purpose

Notification: If you become aware of any data we have collected from children under age 18, please contact us immediately at:

• Email: privacy@profitsolutions.com
• Subject line: “Minor Data Collection Concern”

We will investigate and take appropriate action within 48 hours.

XI. CONTROLS FOR DO-NOT-TRACK FEATURES

Current Status: Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.

No Uniform Standard: At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

Future Changes: If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

Alternative Privacy Controls: While we don’t respond to DNT signals, you can:

• Manage cookies through your browser settings (see Section VI)
• Opt-out of interest-based advertising at http://www.aboutads.info/choices/
• Adjust your marketing communication preferences
• Use privacy-focused browser extensions

XII. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Consumer Privacy Act (CCPA) Rights

California Civil Code Section 1798.100 et seq., also known as the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants California residents specific rights regarding their personal information.

Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, including:

• The categories of personal information we collected about you
• The categories of sources from which the personal information was collected
• Our business or commercial purpose for collecting or selling personal information
• The categories of third parties with whom we share personal information
• The specific pieces of personal information we collected about you

Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions:

• Information necessary to complete a transaction or provide requested services
• Information necessary to detect security incidents or protect against fraud
• Information necessary to debug or repair errors
• Information necessary to exercise free speech or comply with law
• Information necessary for internal uses reasonably aligned with consumer expectations

Right to Correct: You have the right to request correction of inaccurate personal information that we maintain about you.

Right to Opt-Out of Sale or Sharing:

• We do NOT sell personal information as defined by CCPA/CPRA
• We do NOT share personal information for cross-context behavioral advertising
• Therefore, no opt-out is necessary, but this right is available if our practices change

Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to:

• Purposes necessary to perform services reasonably expected by consumers
• Purposes specified in CCPA regulations

We collect and use sensitive personal information (SSN, financial account numbers) only as necessary to provide our tax and financial services.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not:

• Deny you goods or services
• Charge you different prices or rates
• Provide you a different level or quality of goods or services
• Suggest that you may receive a different price or level of quality

How to Exercise Your CCPA/CPRA Rights:

Making a Request: To exercise your CCPA/CPRA rights, please contact us at:

• Email: privacy@profitsolutions.com
• Phone: (888) 450-3451
• Mail: Profit Solutions Pro Inc. Attn: California Privacy Rights 9702 SW 83rd Way Gainesville, FL 32608

Verification: Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

We must verify your identity before responding to your request. Verification requirements include:

• Matching information you provide with information we have on file
• May require government-issued ID for sensitive requests
• For authorized agents: written authorization from consumer

Response Timeline:

• We will confirm receipt of your request within 10 business days
• We will respond to your request within 45 days
• May extend response by additional 45 days if necessary (with notice to you)
• If we cannot fulfill your request, we will explain why

Frequency:

• You may make verifiable consumer requests up to twice in a 12-month period

California “Shine the Light” Law

California Civil Code Section 1798.83: California residents who have an established business relationship with us may request information about whether we have disclosed personal information to third parties for their direct marketing purposes.

Our Practice: We do NOT share personal information with third parties for their direct marketing purposes without your explicit consent. Therefore, you do not need to make a “Shine the Light” request.

If You Want to Confirm: If you are a California resident and would like to make such a request, please submit your request in writing to:

• Email: privacy@profitsolutions.com
• Subject: “Shine the Light Request”

California Minors

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services.

To Request Removal:

• Contact us at privacy@profitsolutions.com
• Include the email address associated with your account
• Include a statement that you reside in California
• We will ensure the data is not publicly displayed
• Note: Data may not be completely removed from all systems (backups, etc.)

XIII. INTERNATIONAL DATA TRANSFERS

In Short: Your personal information may be transferred to and processed in countries other than your country of residence, including the United States.

Data Transfer Locations

Server Locations: Our servers are primarily located in the United States. When you use our Services, your personal information may be:

• Stored on servers in the United States
• Processed by our team in the United States and India (CPA document creation team)
• Accessed by third-party service providers operating globally

Cross-Border Transfers: If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.

Data Protection for International Transfers

Different Laws: Countries outside your residence may have data protection laws that are different from the laws of your country. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy.

Safeguards for EEA Transfers: For transfers of data from the European Economic Area (EEA) to countries outside the EEA, we use:

Standard Contractual Clauses (SCCs):

• Approved by the European Commission
• Provide appropriate safeguards for personal data transfers
• Ensure equivalent level of protection as required by GDPR
• Create enforceable rights for data subjects

Adequacy Decisions:

• Where possible, we transfer data to countries with adequacy decisions from the European Commission
• These countries are deemed to provide adequate level of data protection

Additional Safeguards:

• Technical and organizational measures to protect data
• Encryption during transmission and storage
• Access controls and authentication requirements
• Regular security assessments of transfer recipients

Your Rights for International Transfers

EEA Residents: If you are in the EEA, you have the right to:

• Obtain information about safeguards in place for your data transfers
• Request copies of Standard Contractual Clauses
• Lodge complaints with your local supervisory authority
• Contact us at privacy@profitsolutions.com for more information about our transfer mechanisms

UK Residents: Following Brexit, transfers from the UK are governed by UK GDPR and UK adequacy regulations. We comply with UK data transfer requirements.

Data Processing Locations by Service

Tax Resolution Services:

• Primary processing: United States
• Document creation support: India (under strict confidentiality agreements)
• IRS/State communications: United States

Tax Optimization Services:

• Primary processing and strategy development: United States
• Document creation support: India (under strict confidentiality agreements)
• Blueprint development: United States

Bookkeeping Services:

• Primary processing: United States
• QuickBooks hosting: United States (Intuit servers)
• Support services: May involve India team for routine tasks

XIV. THIRD-PARTY SERVICES AND INTEGRATIONS

In Short: We integrate with various third-party services to provide and enhance our Services. These third parties have their own privacy policies.

Third-Party Service Providers

QuickBooks Online (Intuit):

• We access your QuickBooks Online account with your authorization
• Intuit’s privacy policy applies to their services: https://www.intuit.com/privacy/
• We do not control Intuit’s data practices
• You maintain your agreement directly with Intuit

Financial Institutions:

• We may access your bank accounts and credit cards through secure connections
• Your financial institution’s privacy policy applies to their services
• We use read-only access and do not store your banking credentials
• All connections use bank-level encryption

Payment Processors:

• We use PCI-DSS compliant payment processors for credit card transactions
• Payment processor privacy policies apply to payment data
• We do not store complete credit card numbers or CVV codes
• Payment data is tokenized for security

Tax Software and E-Filing:

• We use IRS-approved e-filing software
• Software provider privacy policies may apply
• E-filed returns transmitted through secure IRS channels
• We maintain copies per professional standards

Email and Communication Platforms:

• Email services (e.g., Google Workspace, Microsoft 365)
• SMS/text messaging services
• Video conferencing platforms (e.g., Zoom, Microsoft Teams)
• Provider privacy policies apply to communications through their platforms

Analytics and Marketing:

• Google Analytics: https://policies.google.com/privacy
• Facebook/Meta: https://www.facebook.com/privacy/explanation
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• These providers may collect data about your Website usage

Cloud Storage and Backup:

• Amazon Web Services (AWS): https://aws.amazon.com/privacy/
• Microsoft Azure: https://privacy.microsoft.com/
• Other cloud providers with appropriate security certifications

Your Control Over Third-Party Integrations

Authorization Required:

• We will not access third-party services without your explicit authorization
• You can revoke access at any time through your account settings
• Revoking access may limit our ability to provide certain services

Review Third-Party Policies: We encourage you to review the privacy policies of any third-party services you use in connection with our Services. We are not responsible for the privacy practices of these third parties.

Data Shared with Third Parties: When you authorize integrations, the following types of data may be shared:

• QuickBooks: All accounting data, transactions, financial reports
• Banks: Account balances, transactions, account details
• Payment Processors: Payment amount, date, method
• Tax Software: Tax return data for e-filing
• Communication Platforms: Contact information, message content

XV. DO WE MAKE UPDATES TO THIS POLICY?

In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws and reflect changes to our practices.

Policy Updates

Regular Reviews: We may update this Privacy Policy from time to time for reasons including:

• Changes to our Services or business practices
• Changes in applicable privacy laws or regulations
• Enhancements to security measures
• Addition of new features or services
• Feedback from privacy regulators
• Industry best practice updates

Effective Date: The updated version will be indicated by an updated “Last Updated” date at the top of this Privacy Policy. The updated version will be effective as soon as it is accessible.

Notification of Material Changes

Material Changes: If we make material changes to this Privacy Policy that significantly affect your rights, we may notify you by:

• Prominently posting a notice of such changes on our Website
• Sending you an email notification to the email address on file
• Displaying an in-app notification when you log in
• Requiring acknowledgment of updated policy before continued use

Examples of Material Changes:

• New ways we collect personal information
• Changes to how we share personal information with third parties
• Changes to your privacy rights
• Changes to data retention periods
• New uses of sensitive personal information

Non-Material Changes: For non-material changes (such as clarifications or administrative updates), we will simply update the policy and adjust the “Last Updated” date.

Your Continued Use

Acceptance of Changes: We encourage you to review this Privacy Policy frequently to stay informed of how we are protecting your information. Your continued use of the Services after we post changes constitutes your acceptance of the updated Privacy Policy.

If You Disagree: If you do not agree to the updated Privacy Policy, you must stop using our Services and contact us to close your account (subject to outstanding obligations).

Version History

Current Version: 2.0 (November 10, 2025) Previous Version: 1.0 (November 5, 2025)

Major changes in Version 2.0:

• Added comprehensive service-specific privacy details for Tax Resolution, Tax Optimization, and Bookkeeping Services
• Enhanced security measures documentation
• Expanded California privacy rights (CPRA updates)
• Added data breach notification procedures
• Enhanced third-party service provider disclosures
• Added retention period details by data category

XVI. EXTERNAL LINKS

In Short: Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites.

Third-Party Websites

Links on Our Website: Our Website may display links to third-party websites, including:

• Professional resources and tools
• Industry associations
• Regulatory agencies (IRS, state tax authorities)
• Educational content
• Partner services
• Social media platforms

Not Our Responsibility: Unless these other websites are affiliated with Profit Solutions, we are not responsible for:

• The privacy policies these other websites use
• The content displayed on external sites
• The security practices of external sites
• Data collection by external sites
• Transactions conducted on external sites

Your Responsibility: We advise you to:

• Read the privacy policies on external websites before providing personal information
• Understand the terms of service for external websites
• Be cautious about what information you provide to third parties
• Review security indicators (HTTPS, security certificates)

No Endorsement: The presence of a link to an external website does not constitute an endorsement by Profit Solutions. We provide links for convenience and informational purposes only.

Social Media

Social Media Platforms: We maintain presence on various social media platforms:

• Facebook
• LinkedIn
• Twitter/X
• YouTube
• Instagram

Platform Privacy Policies: When you interact with us on social media:

• The platform’s privacy policy governs data collection
• We may see public information you share
• Platform may share limited information with us
• Your privacy settings on the platform control what we see

User-Generated Content: If you post comments or reviews about our Services on social media or review sites:

• Your post is governed by the platform’s terms
• We may reference or share positive reviews (with attribution)
• Your post may be publicly visible depending on platform settings

XVII. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

If you have questions or comments about this Privacy Policy, or if you wish to exercise your privacy rights, please contact us using the information below:

Contact Information

Privacy Team (For Privacy Rights and Data Requests):

• Email: privacy@profitsolutions.com
• Subject Line: Include “Privacy Rights Request” or specific nature of inquiry

General Inquiries:

• Email: info@profitsolutions.com
• Phone: (888) 450-3451
• Website: https://profitsolutions.com/contact

Mailing Address: Profit Solutions Pro Inc.
Attn: Privacy Officer
9702 SW 83rd Way
Gainesville, FL 32608
United States

Business Hours: Monday-Friday: 9:00 AM – 6:00 PM EST
Saturday-Sunday: By Appointment

Response Timeline

General Inquiries:

• We will respond to general privacy questions within 5 business days

Privacy Rights Requests:

• We will confirm receipt within 10 business days
• We will provide substantive response within 30 days
• May extend by additional 30 days for complex requests (with notice)

Data Breach Concerns:

• Report suspected data breaches immediately to privacy@profitsolutions.com
• Include “URGENT: Security Concern” in subject line
• We will respond within 24 hours

Complaints and Escalation

If You’re Not Satisfied: If you are not satisfied with our response to your privacy concern:

United States Residents:

• File complaint with Federal Trade Commission (FTC): https://www.ftc.gov/
• Contact your state Attorney General’s consumer protection division
• Contact Florida Department of Agriculture and Consumer Services: 1-800-HELP-FLA

California Residents:

• California Attorney General’s Office: https://oag.ca.gov/
• California Privacy Protection Agency: https://cppa.ca.gov/

European Economic Area Residents:

• Contact your local data protection supervisory authority
• Directory: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

Industry Resources:

• Better Business Bureau: https://www.bbb.org/
• National Association of Tax Professionals (NATP) ethics hotline

APPENDIX: GLOSSARY OF TERMS

Personal Information/Personal Data: Any information relating to an identified or identifiable individual.

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Data Controller: The entity that determines the purposes and means of processing personal data. Profit Solutions is the data controller for information we collect.

Data Processor: An entity that processes personal data on behalf of the data controller (e.g., our third-party service providers).

Sensitive Personal Information: Information that reveals sensitive characteristics such as SSN, financial account information, precise geolocation, or information about tax liabilities.

PCI-DSS: Payment Card Industry Data Security Standard, a set of security requirements for handling credit card information.

GDPR: General Data Protection Regulation, European Union regulation governing data privacy.

CCPA: California Consumer Privacy Act, California law governing consumer privacy rights.

CPRA: California Privacy Rights Act, amendments to CCPA providing additional protections.

Cookies: Small data files stored on your device by websites you visit.

Encryption: The process of encoding information so only authorized parties can read it.

Third Party: Any entity other than you and Profit Solutions.

DOCUMENT INFORMATION

Last Updated: November 10, 2025
Version: 2.0
Replaces: Version 1.0 (November 5, 2025)

Document History:

• Version 2.0: Comprehensive update for all service lines with enhanced protections
• Version 1.0: Initial Privacy Policy

Review Cycle: This Privacy Policy is reviewed annually and updated as needed to reflect changes in our practices or applicable laws.

Effective Date: This Privacy Policy is effective as of the date listed above and applies to all information collected before and after this date.

© 2025 Profit Solutions Pro Inc. All rights reserved.

This Privacy Policy is proprietary and confidential. No part may be reproduced or distributed without written permission.

END OF PRIVACY POLICY