← Back to the Tax Strategy Snapshot

Client Security & Privacy Policy

Introduction

At Golden Tree Wealth Partners dba Golden Tree Tax & Accounting, we are committed to safeguarding the privacy and confidentiality of our clients' personal and financial information. This Client Security and Privacy Policy outlines the measures we take to protect your data, as well as your rights in relation to the information we collect, store, and process. Our policies and procedures are designed to adhere to best practices in information security, including those found in the Cybersecurity Maturity Model Certification (CMMC), to ensure the highest level of protection for our clients' data.

Information We Collect

We collect various types of information necessary to provide you with high-quality financial consulting, tax preparation, bookkeeping, payroll services, and other advisory services, including:

• Personal identification details (e.g., name, address, email, phone number)
• Financial and tax-related information (e.g., tax returns, accounting records, financial statements)
• Payment information for billing and subscriptions
• Other business and personal data necessary to provide our services

How We Use Your Information

We use the information we collect to:

• Provide the services you have requested, including financial consulting, tax advisory, bookkeeping, and payroll services
• Communicate with you about your account or services
• Process payments and subscriptions
• Ensure compliance with applicable legal, regulatory, and professional requirements
• Improve the services we provide to you

How We Protect Your Information

Golden Tree Wealth Partners employs a comprehensive set of security measures to protect your data from unauthorized access, disclosure, alteration, and destruction. Our security protocols align with the cybersecurity practices outlined in the Cybersecurity Maturity Model Certification (CMMC), including the following:

• Multi-Factor Authentication (MFA): We use Multi-Factor Authentication (MFA) to provide an additional layer of security for accessing our systems, including client portals and any online accounts related to our services. This ensures that only authorized users can access sensitive data, even if login credentials are compromised.
• Data Encryption: All sensitive data is encrypted using industry-standard encryption algorithms both in transit (when sent over networks) and at rest (when stored on our servers). This ensures that your personal and financial data is secure, even if it is intercepted.
• Network Security: Our network infrastructure is protected by firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) that continuously monitor for unusual activity or potential threats. Additionally, regular vulnerability assessments and penetration testing are conducted to identify and mitigate security risks.
• Access Control: We implement strict access control policies to ensure that only authorized personnel have access to your data. Access to sensitive information is granted based on a "least privilege" principle, meaning that employees and contractors are only given access to the data necessary for their role. Access logs are continuously monitored and audited.
• Regular Security Audits and Assessments: Golden Tree Wealth Partners conducts regular security audits, vulnerability scans, and risk assessments to identify potential weaknesses in our systems and processes. We work with external security experts to ensure compliance with evolving best practices in cybersecurity.
• Employee Training and Awareness: All employees undergo regular cybersecurity training to ensure they are aware of the latest threats, phishing tactics, and data protection best practices. We also have policies in place to immediately report any suspicious activity or potential data breaches.
• Data Backups: We maintain secure, encrypted backups of critical business and client data. These backups are stored in geographically redundant data centers to ensure data availability and recovery in the event of a disaster or system failure.
• End-Point Protection: All devices used to access sensitive client information are secured with anti-virus software, endpoint detection and response (EDR) tools, and automatic updates to protect against malware and other security threats.
• Secure Communication Channels: We use secure communication methods such as encrypted email and virtual private networks (VPNs) for all internal and external communications involving sensitive client data.
• Incident Response Plan: We have an established Incident Response Plan to quickly address any data security incidents. Our plan includes steps for containing, investigating, and remediating data breaches or security events, as well as notifying affected clients in accordance with applicable laws and regulations.

Confidentiality and Data Sharing

We do not share your personal or financial information with third parties except in the following circumstances:

• With your consent or at your request
• As necessary to perform our services (e.g., third-party processors for payment processing or software providers)
• To comply with legal obligations, such as tax reporting or regulatory requirements
• To protect our rights, property, or the safety of our clients, employees, or others

Data Retention

We retain your personal and financial information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. When data is no longer needed, we securely dispose of it in accordance with our data retention policy.

Client Rights

As a client, you have the right to:

• Access the personal and financial information we hold about you
• Request corrections to any inaccurate or incomplete information
• Request the deletion of your data, subject to legal and contractual limitations
• Withdraw consent for certain uses of your data (where applicable)
• Object to or request restriction of the processing of your data

To exercise these rights, please contact us using the details provided below.

Changes to This Policy

We may update this Client Security and Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. We will notify you of any material changes through appropriate channels, such as email or our website.

Contact Us

If you have any questions or concerns regarding this policy or your privacy rights, please contact us at: