Legal

Data Processing Terms

Entity
TechBrot Inc. (Delaware C-Corporation)
Effective
Last updated

1. Scope & Roles

These Data Processing Terms (“DPT”) govern the processing of Client Data by TechBrot Inc. (“TechBrot”) in the course of providing services to a client (“Client”). These DPT form part of, and are incorporated into, the written engagement agreement between TechBrot and the Client.

With respect to Client Data processed in the delivery of services, the Client is the controller and TechBrot is the processor. The Client determines the purposes and means of processing; TechBrot processes Client Data on the Client’s behalf and on its documented instructions. This is distinct from personal information TechBrot collects as a controller through its website, which is governed by the Privacy Policy.

2. Definitions

  • Client Data means financial, accounting, payroll, and related business data that TechBrot accesses or processes in the course of delivering services, including data within the Client’s accounting systems.
  • Processing means any operation performed on Client Data, including accessing, recording, organizing, categorizing, reconciling, storing, and transmitting.
  • Sub-processor means a third party engaged by TechBrot to assist in processing Client Data.
  • Controller and Processor have the meanings given under applicable data-protection law.

3. Processing on Documented Instructions

TechBrot processes Client Data only to provide the services described in the engagement scope and on the Client’s documented instructions, except where processing is required by applicable law. TechBrot does not use Client Data for any other purpose — it does not sell Client Data, does not use it for marketing, and does not use it to train machine-learning models.

If TechBrot believes an instruction infringes applicable data-protection law, it will inform the Client. TechBrot will not be required to act on instructions that would cause it to violate applicable law.

4. Access Model

Wherever practical, TechBrot processes Client Data by working as an authorized accountant-user inside the Client’s own accounting system (such as the Client’s QuickBooks file). Under this model:

  • The Client’s data remains in the Client’s own system and under the Client’s control;
  • Access is granted by the Client and may be revoked by the Client at any time;
  • TechBrot does not require the Client to export Client Data into a separate TechBrot-owned system as a condition of service;
  • The system’s audit trail records actions taken and remains visible to the Client.

Where limited copies of Client Data must be handled outside the Client’s system to deliver services (for example, working documents or reports), TechBrot handles them under the security measures in Section 6.

5. Confidentiality

TechBrot treats Client Data as confidential. Personnel and operators authorized to process Client Data are bound by confidentiality obligations and are granted access only to the extent needed to perform their roles. TechBrot limits access to Client Data on a need-to-know basis.

6. Security Measures

TechBrot implements and maintains administrative, technical, and organizational measures designed to protect Client Data against unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encrypted connections for working sessions and file transfers;
  • Access controls and authentication for systems used to process Client Data;
  • The principle of working within the Client’s own systems to minimize data duplication;
  • Limiting access to authorized personnel and operators on a need-to-know basis;
  • Periodic review of security practices.

The Client is responsible for maintaining the security of its own accounting systems and credentials, including managing the access it grants to TechBrot.

7. Sub-Processors

TechBrot may engage sub-processors to assist in delivering services — for example, secure file storage, document management, scheduling, and communication tools. Where TechBrot engages a sub-processor to process Client Data, it does so under written terms requiring the sub-processor to maintain confidentiality and apply data-protection obligations consistent with these DPT.

TechBrot remains responsible to the Client for its sub-processors’ processing of Client Data. The Client may request information about the sub-processors used in its engagement by contacting [email protected].

8. Network Operators

Where an engagement is delivered through a TechBrot network operator, the operator processes Client Data to deliver that engagement under confidentiality and data-handling obligations consistent with these DPT. Operators are independent practices required to maintain appropriate security and confidentiality standards as a condition of participating in the network.

9. Data Incidents

If TechBrot becomes aware of a data incident affecting Client Data — meaning a confirmed unauthorized access to, or disclosure of, Client Data in TechBrot’s control — TechBrot will notify the affected Client without undue delay after becoming aware, and will provide information reasonably available to assist the Client in meeting any obligations it may have. TechBrot will take reasonable steps to mitigate the incident and prevent recurrence.

10. Data Subject Requests

Where a Client receives a request from an individual to exercise data-protection rights regarding Client Data that TechBrot processes, TechBrot will provide reasonable assistance to enable the Client to respond, taking into account the nature of the processing and the information available to TechBrot. Because TechBrot typically works within the Client’s own systems, the Client generally retains direct access to the underlying data.

11. Return & Deletion of Data

Because TechBrot generally works within the Client’s own accounting system, Client Data ordinarily remains with the Client throughout and after the engagement; the Client retains its data when TechBrot’s access ends.

For any working copies of Client Data held by TechBrot outside the Client’s systems, upon termination of the engagement TechBrot will, at the Client’s direction, return or delete such Client Data within a reasonable period, except where retention is required by applicable law or professional obligation. TechBrot may retain engagement records as required for legal, tax, and professional-standards purposes.

12. General

These DPT form part of the engagement agreement between TechBrot and the Client. In the event of a conflict between these DPT and the body of the engagement agreement regarding the processing of Client Data, these DPT control with respect to data processing. These DPT are governed by the law specified in the engagement agreement.

TechBrot may update these DPT from time to time; the “Last updated” date reflects the most recent revision. Material changes affecting active engagements will be communicated to affected Clients.

Questions about these Data Processing Terms may be directed to TechBrot Inc. at [email protected].

These Data Processing Terms should be read together with our Disclaimer, Privacy Policy, and Terms of Service.

TechBrot Inc. is an independent Certified QuickBooks ProAdvisor firm. QuickBooks is a registered trademark of Intuit Inc. TechBrot Inc. is not affiliated with Intuit Inc.