Breadcounter, LLC ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.breadcounter.com (the "Site") or engage with any of our services (collectively, the "Services").
1. Information We Collect
A. Categories of Personal Information Collected (last 12 months)
| Category | Examples |
|---|---|
| Identifiers | Name, email address, phone number, mailing address, company name, IP address, device identifiers, cookies, unique online identifiers |
| Financial Information | Payment-card details (credit-card number, expiration date, CVV, and billing address), bank-account numbers, tax-identification numbers (SSN, EIN, ITIN, etc.), invoices, and financial records that are collected directly from you (including over the telephone). |
| Commercial Information | Services purchased, transaction history, client-engagement data, contract details |
| Internet/Network Activity | Browser type, operating system, device model, pages visited, time spent on Site, referring URLs, click-stream data, analytics data |
| Professional Information | Business role, employer, industry, professional licenses |
| Sensitive Personal Information | Social Security numbers, tax-identification numbers, precise geolocation (when required for service delivery), health-related data voluntarily provided for tax-benefit calculations, biometric data (if ever collected) |
| Inferences | Profile information derived from the above data that reflects preferences, characteristics, or business needs |
B. Sources of Personal Information
- Directly from you when you fill out forms, schedule a consultation, sign a contract, or otherwise interact with us.
- Automatically through cookies, web beacons, Google Analytics, and other tracking technologies while you use the Site.
- Third parties such as payment processors (Stripe, PayPal), referral partners, and publicly available sources (e.g., government registries).
C. Sensitive Personal Information
We collect sensitive data only when strictly necessary to provide tax-preparation, accounting, bookkeeping, CFO, or related advisory services. This includes Social Security numbers, tax-identification numbers, precise geolocation (when required for location-based tax rules), and any health-related information voluntarily provided for tax-benefit calculations.
2. How We Use Your Information
| Business Purpose | Examples of Use |
|---|---|
| Service Delivery | Preparing tax returns, bookkeeping, financial reporting, invoicing, and providing advisory services; processing payments; communicating about your account and service status |
| Business Operations | Improving Site functionality, analyzing usage via Google Analytics, managing client relationships, maintaining accurate records |
| Legal & Regulatory Compliance | Satisfying IRS, state tax-authority, and other governmental reporting requirements; responding to lawful subpoenas, court orders, or regulatory inquiries |
| Marketing & Communications (with consent) | Sending newsletters, promotional offers, or service updates you have opted-in to receive |
| Security & Fraud Prevention | Detecting unauthorized access, preventing fraudulent transactions, enforcing our Terms of Service |
| Data Retention & Management | Retaining records for the periods required by law (see Section 11) |
Data Retention Periods
| Data Type | Retention Period |
|---|---|
| Client financial records (tax, accounting, CFO, advisory) | 7 years after service completion (IRS requirement) |
| Communication records (email, chat) | 3 years after last interaction |
| Marketing data (opt-in communications) | Until you opt-out or 2 years of inactivity |
| Website analytics (Google Analytics) | 26 months (default) |
| Payment information | As required by the payment processor and applicable law (typically 7 years) |
3. Sharing Your Information
A. Categories of Third Parties
| Category | Typical Recipients |
|---|---|
| Service Providers | Payment processors, cloud-hosting providers, email-marketing platforms, document-storage services, accounting software (QuickBooks, Xero) |
| Professional Services | Legal counsel, professional-liability insurers, auditors, vendors related to our services (e.g payroll), etc. |
| Government Entities | IRS, state tax authorities, regulatory agencies as required by law |
| Business Partners | Referral partners (only with your explicit consent) |
B. Internal Access
Personal information may be accessed by Breadcounter, LLC employees and contractors who need the data to perform service delivery, including accounting, tax preparation, bookkeeping, client support, and related functions. All internal parties are bound by confidentiality agreements and are required to follow the same security safeguards described in Section 8 (encryption, access controls, training, etc.).
C. AI-Based Notetaking
During Zoom calls we may record the conversation (participants are notified at the start of each call) and process the audio/video through an AI-powered notetaking service to generate call summaries. The AI service is a third-party processor subject to a data-processing agreement that obligates it to:
- Protect the data using industry-standard security measures.
- Use the data solely for the purpose of creating call summaries that assist with service delivery.
We retain the AI-generated summaries in accordance with the retention periods listed in Section 11.
D. Sale or "Sharing" of Personal Information
We do NOT sell your personal information for monetary consideration. However, we share certain data with analytics providers (e.g., Google Analytics) as described in Section 3 and under California law this is considered "sharing" (not a sale).
Categories shared with analytics providers (last 12 months)
- Identifiers – IP address, device IDs
- Internet/network activity – page views, click-stream data
Purpose of sharing – Website analytics, user-behavior analysis, and service improvement.
E. Disclosures for Business Purposes (last 12 months)
| Category | Disclosed To | Reason |
|---|---|---|
| Identifiers (name, email, IP) | Payment processors, accounting software providers | Process payments & maintain financial records |
| Financial information | Payment processors, accounting software providers | Payment processing & tax compliance |
| Commercial information | Service providers | Service delivery & client relationship management |
| Internet activity | Analytics providers | Site-usage analysis & improvement |
4. Your Privacy Rights
A. California Residents (CCPA/CPRA Rights)
You have the right to:
- Know – Request a copy of the categories of personal information we collect, the sources, the business purpose, and the categories of third parties with whom we share.
- Delete – Request deletion of your personal information, subject to statutory exceptions (e.g., IRS record-retention).
- Correct – Request correction of inaccurate personal information.
- Opt-Out of Sale/Sharing – Opt-out of any "sale" or "sharing" of your personal information (including to analytics providers).
- Limit Use of Sensitive Data – Limit our use of sensitive personal information to the extent necessary to provide services.
- Non-Discrimination – Receive the same price, quality, and service even if you exercise any of these rights.
To Exercise These Rights
Email: info@breadcounter.com
Phone: 305-764-1922
Miami, FL 33131
We will verify your identity and respond within 45 days (extensions up to an additional 45 days allowed if necessary).
B. Virginia Residents (VCDPA)
Virginia residents are entitled to:
- Access – Obtain the personal data we hold about you.
- Correct – Request correction of inaccurate data.
- Delete – Request deletion, except where we must retain for legal obligations.
- Opt-Out of Targeted Advertising – Opt-out of processing for targeted ads.
Requests are made using the same contact methods listed above. We will respond within 45 days.
C. Colorado Residents (CPA)
Colorado residents have the right to:
- Access, Correct, Delete, and Data Portability – Same as CCPA.
- Opt-Out of Targeted Advertising and Sale – Opt-out of processing for targeted advertising or sale of personal data.
Requests must be submitted through the contact information above; we will respond within 45 days.
D. Connecticut Residents (CTDPA)
Connecticut residents may:
- Access, Correct, Delete, and Portability – Same as CPA.
- Opt-Out of Targeted Advertising, Sale, and Profiling – We will honor opt-out requests within 45 days.
E. Utah Residents (UCPA)
Utah residents have the right to:
- Confirm & Access – Verify processing and obtain your data.
- Delete – Request deletion of data you provided.
- Portability – Receive a portable copy of your data.
- Opt-Out – Opt-out of targeted advertising and sale of personal data.
- Opt-Out of Sensitive Data Processing – Opt-out of processing of sensitive personal information (e.g., SSN, precise geolocation).
Requests are handled via the contact methods listed above; response time is 45 days (with a possible 45-day extension).
F. European Economic Area (EEA) Residents (GDPR)
EEA residents have the right to:
- Access – Obtain a copy of your personal data.
- Rectification – Correct inaccurate data.
- Erasure ("Right to be Forgotten") – Request deletion, subject to legal obligations.
- Restriction – Request restriction of processing.
- Data Portability – Receive your data in a structured, commonly used, machine-readable format.
- Object – Object to processing for direct marketing or where we rely on legitimate interests.
- Withdraw Consent – Withdraw consent at any time where processing is based on consent.
- Lodge a Complaint – File a complaint with your local supervisory authority.
To exercise GDPR rights, contact us using the same details as above. We will act within 45 days of receipt.
G. Other U.S. State Residents
If you reside in Virginia, Colorado, Connecticut, Utah, or any other state with a comprehensive privacy law, you may have rights similar to those described above. Contact us to exercise those rights.
H. Rights Concerning AI-Based Notetaking
You may request access to, correction of, or deletion of any personal data that has been processed by our AI-based notetaking service, subject to the statutory retention periods described in Section 11. Requests are made using the same contact information outlined in this section.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your browsing experience, analyze Site usage, and deliver targeted advertising (when you have not opted out).
Types of Cookies
| Type | Purpose |
|---|---|
| Essential Cookies | Required for Site functionality (e.g., session management). |
| Analytics Cookies | Used by Google Analytics to understand user behavior and improve the Site. |
| Marketing Cookies | Enable us or third-party partners to deliver targeted ads (subject to your opt-out). |
Your Choices
- Manage or disable cookies through your browser settings; disabling essential cookies may impair Site functionality.
- Opt out of targeted advertising and sharing of personal information by clicking the "Do Not Sell My Personal Information" link (see Section 6) or by enabling Global Privacy Control (GPC) in your browser.
For full details, see our separate Cookie Policy (linked from the footer of the Site).
6. Do Not Sell or Share My Personal Information
We do not sell your personal information for monetary consideration. However, we share certain data with analytics providers (e.g., Google Analytics) as described in Section 3 and under California law this is considered "sharing" (not a sale).
How to Opt-Out
- Click the Do Not Sell My Personal Information link on our Site.
- Enable Global Privacy Control (GPC) in your browser – we will honor a GPC signal as an opt-out request.
- Email info@breadcounter.com with "Opt-Out Request" in the subject line.
We will honor opt-out requests within 45 days.
7. Limit the Use of My Sensitive Personal Information
Sensitive personal information (SSN, tax-identification numbers, precise geolocation, health-related data, biometric data) is used only to the extent necessary to provide tax, accounting, bookkeeping, and CFO services.
- California Residents – May limit our use of sensitive data beyond the required service purpose.
- Utah Residents – May opt-out of any processing of sensitive data.
- All Other Jurisdictions – May request limitation; we will comply unless a statutory exception applies.
Submit limitation requests via the contact information in Section 4.
8. Security Measures
We implement industry-standard administrative, technical, and physical safeguards, including:
- Encryption – TLS for data in transit and AES-256 encryption at rest for stored files.
- Access Controls – Role-based access, multi-factor authentication for privileged accounts.
- Regular Audits – Periodic security assessments, vulnerability scans, and penetration testing.
- Employee Training – Ongoing privacy and security awareness programs, including PCI-DSS training for staff handling payment information.
While we strive to protect your data, no security system is impenetrable; we cannot guarantee absolute security.
9. International Data Transfers
If you are located outside the United States, your information may be transferred to and processed in the United States (or other jurisdictions).
- For EEA residents, we rely on Standard Contractual Clauses approved by the European Commission to provide adequate safeguards.
- For other international transfers, we use appropriate contractual safeguards (e.g., SCCs, BCRs) or rely on the recipient's lawful basis.
By using our Services, you consent to such transfers.
10. Children's Privacy
Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.
- California – We do not sell or share personal information of minors under 16 without affirmative opt-in consent from the child (13-15) or a parent/guardian (under 13).
- Utah – We require verifiable parental consent for children under 13 (UCPA).
If we discover that we have inadvertently collected a child's data without proper consent, we will promptly delete it.
11. Data Retention
| Data Type | Retention Period |
|---|---|
| Client financial records (tax, accounting, CFO) | 7 years (IRS requirement) |
| Communication records (email, chat) | 3 years after last interaction |
| Marketing data (opt-in communications) | Until opt-out or 2 years of inactivity |
| Website analytics (Google Analytics) | 26 months |
| Payment information | As required by the payment processor and applicable law (generally 7 years) |
When the retention period expires, we will securely delete or anonymize the data unless a longer period is required by law.
12. Third-Party Websites
Our Site may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any external sites you visit.
13. Updates to This Privacy Policy
We may revise this Privacy Policy to reflect changes in our practices, legal requirements, or business operations.
Notice of Material Changes
We will:
- Post a prominent notice on our Site.
- Email registered users (if an email address is on file).
- Update the "Effective Date" at the top of this Policy.
We encourage you to review this page periodically.
14. Contact Us
If you have questions, concerns, or wish to exercise any of your privacy rights, please contact us:
Breadcounter, LLC
Email: info@breadcounter.com
Phone: 305-764-1922
Miami, FL 33131
California Residents: You may also designate an authorized agent to make requests on your behalf.
EEA Residents: If you have concerns about our data practices, you may also contact your local data-protection supervisory authority.
15. Accessibility
We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you experience difficulty accessing any part of this Policy, please contact us at info@breadcounter.com and we will provide an accessible version.
16. Financial Information (Revised Clause)
Financial Information – Includes payment-card details (credit-card number, expiration date, CVV, and billing address), bank-account numbers, tax-identification numbers (SSN, EIN, ITIN, etc.), invoices, and financial records that are collected directly from you (including over the telephone).
- Method of collection: When you provide a credit-card number by phone, the information is entered immediately into a PCI-DSS-compliant, encrypted payment gateway (e.g., Stripe, PayPal, Authorize.Net). Full card numbers are never stored on our servers; they are tokenized by the processor and retained only as a payment token for future transactions.
- Legal basis for processing:
- Contractual necessity – processing is required to complete the purchase of services you have requested.
- Legal obligation – we must retain certain tax-identification numbers and transaction records to comply with IRS and state tax-reporting requirements.
- Legitimate interests – limited use for fraud detection and security (balanced against your privacy rights).
- Security safeguards: All phone-collected payment data is transmitted over TLS-encrypted lines and immediately handed off to the third-party processor. We employ tokenization, restricted-access controls, and multi-factor authentication for any internal systems that can view the tokenized data. Our staff receive PCI-DSS training and are prohibited from writing down or manually storing full card numbers.
- Retention period:
- Payment-card tokens are retained as long as you remain an active client and for seven (7) years after the last transaction to satisfy tax-record-keeping obligations.
- Bank-account numbers, tax-IDs, and invoices are retained seven (7) years from the date of service completion, as required by the IRS (IRC § 6103) and applicable state statutes.
- Sharing: The only entities that receive your full payment-card data are the PCI-DSS-certified payment processors listed in our Service Provider list (e.g., Stripe, PayPal). No other third parties receive your card number or bank-account details.
- Your rights: You may request, at any time, a copy of the payment-token information we retain, ask for correction of any inaccurate data, or request deletion of your data (subject to the statutory 7-year retention requirement).
17. Non-Discrimination
We do not discriminate against you for exercising any of your privacy rights (e.g., the right to access, delete, or opt-out of data sharing). In particular, we will not deny goods or services, charge a higher price, or provide a lower quality of service solely because you exercise those rights. However, we may charge different fees or offer different service tiers when the variation is based on legitimate business factors such as the size of the engagement, the complexity of the services requested, the volume of transactions, or the level of professional expertise required. Such price or service differences are not considered discrimination under the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act, the Connecticut Data Privacy Act, or the Utah Consumer Privacy Act, because they are unrelated to any exercise of privacy rights.
If we ever provide a discount or a special offer that is tied to your consent to retain or share your data, we will disclose the value of that data and the reason for the discount in a clear, written notice, as required by CCPA/CPRA.