Privacy Notice

Effective Date: November 13, 2025
Last Updated: November 13, 2025
Version: 1.1

Kong and Associates, CPAs, LLC (“we,” “our,” or “the Firm”) is committed to protecting your privacy. This notice explains how we collect, use, disclose, and safeguard your personal information through our website, client portals, and professional services.

Use of our website and services is also subject to our Terms of Use, which outline engagement scope, disclaimers, and dispute resolution procedures.

1. Overview

We collect only the information needed to serve you, protect it with secure systems, and never sell it. We share data only when necessary to deliver services or comply with the law. You have rights to access, correct, restrict, or object to how your data is used. We verify all requests and respond promptly.

By using our services or submitting information through our portals, clients acknowledge and accept the terms of this Privacy Notice.

2. Information We Collect

We may collect personal information through:

  • Direct interactions (e.g., tax documents, emails, phone calls)
  • Secure portals and accounting platforms
  • Website usage (e.g., cookies, IP addresses)

Types of data include:

  • Identifiers: Name, address, email, phone, SSN, date of birth
  • Financial: Tax returns, income, investments, banking details
  • Business: Entity documents, ownership, payroll records
  • Digital: Device info, browser type, usage patterns
  • Dependent Information: Names, birthdates, and Social Security numbers of children under 13 when required for tax filing and financial planning
3. How We Use Your Information

We use your data to:

  • Deliver tax, accounting, and advisory services
  • Fulfill legal and regulatory obligations
  • Communicate about deadlines, updates, and planning
  • Improve service delivery and website functionality
  • Coordinate with third-party professionals at your request

We collect only the minimum data necessary and use it solely for the purposes stated above.

4. Consent and Client Responsibilities

We obtain your consent through signed engagement letters, secure portal use, and affirmative opt-ins for communications. You may withdraw consent at any time.

Clients are responsible for using secure methods (e.g., our client portal) when submitting sensitive information. We are not liable for data transmitted through unsecure channels such as regular email.

5. Sharing and Disclosure

We do not sell your personal information. We may share it:

  • With your explicit consent
  • With trusted service providers under confidentiality agreements
  • As required by law, regulation, or court order
  • To protect the rights or safety of our firm or others
6. Third-Party Platforms and Data Handling

We use secure third-party platforms to facilitate document exchange, communication, tax preparation, bookkeeping, and payment processing. These platforms maintain their own privacy and security standards:

  • Dot.It by IRIS Software Group
    Used for secure document submission and workflow management. See IRIS’s Privacy Policy.

  • SwipeSimple (by CardFlight)
    Used to process client payments securely. See SwipeSimple’s Safety and Security Statement.

  • UltraTax by Thomson Reuters
    Used for professional tax preparation and compliance. See Thomson Reuters’ Privacy Statement.

  • QuickBooks Online by Intuit
    Used for bookkeeping and financial reporting. See Intuit’s Privacy Policy.

  • Other Platforms
    We may also use additional secure portals (e.g., SmartVault, Intuit Link). These platforms maintain their own privacy policies, available on their respective websites.

We conduct due diligence on all service providers to ensure they meet our privacy and security standards.

7. Data Retention and Recordkeeping

We retain personal information only as long as necessary to:

  • Fulfill service obligations
  • Comply with legal and regulatory requirements

After that, data is securely deleted or archived. We maintain audit trails and documentation of client interactions, filings, and data access in accordance with IRS Circular 230 and Arizona State Board of Accountancy requirements. Records are retained for a minimum of [insert years] or as required by law.

8. Your Rights

You may:

  • Request access to or correction of your personal data
  • Withdraw consent for non-essential communications
  • Request restriction, objection, or portability of your data

To submit a request, contact us using the details below. We respond within 30 business days.

9. Verification of Requests

We may verify your identity before processing data access or correction requests to protect your privacy and security.

10. Security Measures

We implement technical and organizational safeguards including:

  • Encrypted communications and secure portals
  • Role-based access controls and logging of data access
  • Staff confidentiality agreements and annual training
  • Business continuity and breach response protocols
  • Internal monitoring and audit trails

We comply with IRS Publication 4557: Safeguarding Taxpayer Data, and maintain a Written Information Security Program (WISP) in accordance with the FTC Safeguards Rule under the Gramm-Leach-Bliley Act. This includes regular risk assessments, employee training, access controls, and oversight of service providers.

Our WISP includes:

  • Designation of a qualified individual (see Section 19)
  • Annual risk assessments and system testing
  • Encryption of sensitive data in transit and at rest
  • Vendor management and contract review
  • Incident response and breach notification protocols
11. Data Classification and Handling

We classify and handle data according to sensitivity level, with protocols for secure transmission, storage, and disposal. Staff are trained annually on these procedures. Classification levels include:

  • Public: Non-sensitive firm materials
  • Confidential: Client contact and engagement information
  • Restricted: Taxpayer identification numbers, financial data, and dependent information
12. Employee Access and Disciplinary Policy

Access to client data is limited to authorized personnel based on role and necessity. All staff are bound by confidentiality agreements and undergo regular training.

Unauthorized access, disclosure, or misuse of client data by employees is subject to disciplinary action, up to and including termination.

13. Breach Notification Protocol

In the event of a data breach, we will notify affected individuals within the timeframe required by applicable law and take all reasonable steps to mitigate harm. Notifications will include the nature of the breach, affected data types, and recommended actions.

14. Data Transfers and Hosting Locations

Client data may be stored or processed on servers located outside Arizona or the United States. We ensure appropriate safeguards are in place, including secure hosting environments and contractual data protection clauses.

15. Children’s Privacy

While our services are not marketed to children, we may collect personal information about individuals under the age of 13 when required to fulfill legitimate tax and financial planning obligations. This includes dependent information necessary for:

  • Filing accurate federal and state tax returns
  • Performing financial analysis and projections
  • Complying with IRS and state reporting requirements

We collect this data only from parents or legal guardians and use it solely for lawful, service-related purposes. We do not use, disclose, or retain children’s data for marketing or unrelated activities. If you believe we have collected such information in error or without proper authorization, please contact us immediately.

16. Cookies and Website Tracking

Our website may use cookies and similar technologies to:

  • Enhance user experience
  • Analyze traffic
  • Improve functionality

You can adjust your browser settings to manage cookie preferences.

17. Third-Party Links

Our website and portals may link to third-party services. We are not responsible for their privacy practices and encourage you to review their policies.

18. Professional Standards and Legal Disclaimers

Kong and Associates, CPAs, LLC complies with the rules and ethical standards of the Arizona State Board of Accountancy, including confidentiality, independence, and professional conduct requirements.

Our services are provided in accordance with applicable professional standards and engagement terms. We do not provide legal advice, and clients should consult legal counsel for legal matters. Liability is limited to the scope of our engagement and subject to applicable laws.

19. Designated Compliance Officer

Our designated Compliance and Privacy Officer, Violet Michael, oversees implementation of our data protection program and ensures adherence to IRS, FTC, and state-level requirements. She is responsible for:

  • Maintaining our Written Information Security Program (WISP)
  • Conducting risk assessments and staff training
  • Responding to data access and correction requests
  • Coordinating breach response and regulatory reporting
20. Changes to This Notice

We may update this Privacy Notice periodically. The revised version will be posted with the updated effective date.

21. Contact Information

If you have questions or concerns about this Privacy Notice or our data practices, please contact:

Kong and Associates, CPAs, LLC
5300 N Central Ave, STE 200
Phoenix, AZ 85012
Phone: (602) 776-6350
Email: Admin@KongCPAs.com
Privacy & Compliance Officer: Violet Michael

Scroll to Top