1. Introduction & Scope

This Privacy Policy (“Policy”) describes how TechBrot Inc. (“TechBrot,” “we,” “us,” or “our”), a Delaware C-Corporation, collects, uses, shares, and protects personal information when you visit https://techbrot.com (the “Site”), use our bookkeeping, accounting setup, or consulting services (the “Services”), or interact with our team in any way.

By accessing the Site, submitting information, or using our Services, you agree to this Policy and to our Terms & Conditions (“Terms”). If any conflict exists between this Policy and the Terms, the Terms govern (see Terms, Sections 1–2).

2. Interpretation & Definitions

Interpretation: Capitalized words have meanings assigned in this section. Definitions apply whether singular or plural.

• “Account” means a unique profile created to access our Services.
• “Company” refers to TechBrot Inc., a Delaware Corporation.
• “Cookies” means small data files stored on your device, including browser cookies, session cookies, persistent cookies, HTML5 local storage, and Flash Local Shared Objects.
• “Device” means any device capable of accessing the Service (computer, smartphone, tablet, etc.).
• “Personal Data” means any information identifying or reasonably linkable to an individual.
• “Service” or “Services” refers to the Site and all business offerings provided by TechBrot Inc.
• “Service Provider” means any third-party performing tasks on our behalf (e.g., hosting, analytics, payment processing).
• “Third-Party Social Media Service” means platforms used to create or authenticate an account (Google, Microsoft, etc.).
• “Usage Data” means automatically collected technical information, including logs, device identifiers, interaction metadata, and analytics.
• “You” means the user or the legal entity accessing the Service.

3. Business Disclaimer & Third-Party Independence

We may reference software or products (e.g., Intuit QuickBooks, Stripe, Twilio, Google Analytics). TechBrot Inc. is not affiliated with, sponsored by, or endorsed by Intuit, QuickBooks, or any third party, unless explicitly stated.

If you submit data to a third-party platform directly (e.g., a payment screen hosted by Stripe), that interaction is governed by their privacy policy. Data shared with third-party processors is governed by written data processing agreements (DPAs) where required (Terms, Section 9).

4. Types of Data We Collect

4.1 Personal Data You Provide

• Name, email, phone, address, business information.
• Billing details, payment confirmations, and transaction information.
• Uploaded documents, bookkeeping files, financial data.
• Communications with support or onboarding teams.

4.2 Automatically Collected Usage Data

We collect Usage Data including:

• IP address, device ID, browser type, OS information.
• Session timestamps, pages visited, time spent, clickstream.
• Fraud-prevention data, device fingerprint, geolocation indicators.
• Mobile device metadata when accessing via mobile.

4.3 Tracking Technologies

We use:

• Browser Cookies
• Flash Cookies / Local Shared Objects (used for certain security and preference functions)
• Web Beacons / Pixel Tags / Clear GIFs (view tracking, open tracking)
• Session & Persistent Cookies
• Server Logs & Application Logs

Cookie preferences may be managed via browser or our cookie banner. Disabling cookies may impair functionality.

5. Categories of Data Collected (CCPA)

• Identifiers (name, email, IP, device ID).
• Commercial information (purchase history, invoices).
• Internet activity (session data, interactions).
• Professional information (business type, role).
• Inferences (service preferences, estimated needs).

6. How We Use Personal Information

• To provide, operate, and improve our Services (Terms, Section 4).
• To process payments, billing, ACH authorizations (Terms, Section 6).
• To verify identity and prevent fraud (Terms, Section 7.3 & 7.5).
• To retain evidence for chargeback disputes (highly important for compliance).
• To communicate updates, notices, service messages.
• To comply with legal obligations (IRS, state agencies, financial laws).
• To enforce agreements, protect rights, and resolve disputes (Terms, Section 21).
• To analyze usage patterns and improve functionality.
• For business continuity, disaster recovery, and internal analytics.

7. Legal Bases for Processing (GDPR)

• Contract performance
• Legal compliance (tax, security, accounting)
• Legitimate interests (fraud prevention, service enhancement)
• Consent (marketing, cookies)

8. Data Sharing, Processors & Third Parties

We do not sell personal information. We may share data with:

• Payment processors (Stripe, banks)
• Cloud hosting providers
• Email and SMS platforms
• Analytics and performance tools
• Telephony & support infrastructure providers
• Contractors assisting in bookkeeping or advisory work

All processors are bound by confidentiality and DPAs where required (Terms, Section 15).

9. Cookies, Tracking, Analytics, Advertising

We use necessary, functional, analytical, and (where consented) advertising cookies. Cookies may include persistent identifiers and behavioral tracking for fraud detection and personalization.

You may decline non-essential cookies through your browser or our cookie banner.

10. International Transfers

If you are located outside the United States, your information may be transferred to and processed in the U.S. We implement appropriate safeguards (e.g., SCCs) where required by law.

11. Data Retention

We retain data as long as necessary for:

• contractual obligations, onboarding, and service delivery
• tax, accounting, and legal compliance (minimum 7 years)
• fraud prevention records
• chargeback evidence (until the legal window expires)
• ACH mandates (minimum 2 years)

When data is no longer needed, we securely delete or anonymize it.

12. Security Practices

We use administrative, technical, and physical safeguards (encryption, access controls, secure backups). However, no system is fully secure. In a breach requiring notification, we will notify affected users as required by law.

13. Social Media Logins

If you authenticate or interact through a Third-Party Social Media Service, the Service may receive profile data permitted by that platform. That platform’s privacy policy controls data you provide them.

14. Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect data from minors.

15. Public Areas & User Interactions

If you post information or interact publicly (e.g., comments, forums), that information may be visible to others. We are not responsible for data voluntarily disclosed by you in public areas.

16. California Privacy Rights (CCPA / CPRA)

California residents may request:

• Disclosure of collected data categories
• Deletion (with legal exceptions)
• Correction
• Opt-out of sale/sharing (if ever applicable)
• Non-discrimination

Submit requests to: [email protected].

California “Shine the Light” Rights

Once per year, California residents may request information regarding disclosures to third parties for direct marketing.

California Minor Users

California residents under 18 may request removal of publicly posted content. Removal may not be complete due to technical or legal limitations.

17. GDPR Rights (EU/EEA)

GDPR provides rights including:

• Access
• Rectification
• Erasure (with exceptions)
• Restriction
• Portability
• Objection
• Withdrawal of consent

Submit requests to [email protected].

18. Business Transfers

We may transfer data during mergers, acquisitions, financing, restructuring, or sale of assets. We will notify users where required by law.

19. Law Enforcement & Legal Requirements

We may disclose information to comply with subpoenas, investigations, legal processes, or to:

• protect our rights and property
• investigate wrongdoing
• ensure user or public safety
• prevent fraud (see Terms, Section 13)

20. Evidence for Disputes & Fraud Prevention

To defend against chargebacks, unauthorized payment claims, and disputes, we may retain and use:

• IP logs and browser fingerprints
• Bank confirmation data and payment processor logs
• Communication records
• Digital signatures and clickstream evidence
• Device and session data

This aligns with Terms, Section 7.5 (Evidence Consent).

21. Marketing & Communication

We may send service-related communications. Marketing communications require consent or legitimate interest. You can opt out anytime.

22. Links to Other Websites

Our Site may link to external sites not controlled by us. We are not responsible for their privacy practices. Review their policies before submitting data.

23. International, Federal & State Law Compliance

We monitor changes in privacy laws (GDPR, CPRA, Virginia CDPA, Colorado CPA, FTC guidance) and update this Policy as required.

24. Changes to This Policy

We may update this Policy. Updated versions will appear on this page. Continued use of our Services after updates constitutes acceptance. Changes are governed by Terms, Section 23.

25. Contact Us

Email: [email protected]
Legal: [email protected]
Phone: (877) 751-555
Address: 651 N Broad St, Suite 201, Middletown, DE 19709