Privacy Policy
How B4Q CPA collects, uses, and protects your personal information when you engage with our services.
Scope & Who We Are
B4Q CPA is a full-service accounting and tax firm based in Spokane, Washington, USA. We provide bookkeeping, tax compliance, payroll, auditing, SOC 1/2/3 attestation, valuation, and advisory services to businesses across the United States.
This Policy applies to all personal data we process in connection with our website and client engagements. We act as a data controller when determining the purposes and means for processing your personal data. Where we engage third-party technology providers (e.g., cloud hosting, CRM), those providers act as processors under contractual obligations to us.
Data We Collect
We collect only what is necessary to provide our services and improve your experience.
Name, business email address, phone number, company name, and job title — provided when you fill out a form or contact us directly.
Financial records, tax documents, audit materials, project scope details, and other business documentation you share during an engagement.
IP address, device type, browser, pages visited, session duration, and cookie data collected automatically when you use our website.
Financial or regulated data processed only when required for a professional engagement or with your explicit consent, in accordance with applicable law.
Purposes & Legal Basis for Processing
We process your personal data for the following purposes:
To provide accounting, tax, audit, and advisory services — necessary for the performance of our engagement agreement with you.
To respond to inquiries, schedule consultations, and deliver service updates — based on our legitimate interest and contractual relationship.
To meet our legal obligations, including financial record-keeping, tax reporting, and anti-money laundering requirements.
To send relevant newsletters or updates — only where you have provided consent, and you may withdraw it at any time.
To analyze how our site is used so we can improve performance and user experience — based on our legitimate interests.
How We Share Your Data
We do not sell or rent your personal data. We may share it in limited circumstances:
- Service Providers / Processors — Cloud hosting, CRM, and other technology vendors operating under strict data processing agreements.
- Regulators & Legal Authorities — When required by law, court order, or regulatory body.
- Professional Partners — Affiliated professionals (e.g., attorneys, specialists) engaged to deliver your specific service, with your awareness.
- Audit & Certification Bodies — Third-party organizations providing attestation or validation services as part of SOC engagements.
International Data Transfers
Our primary operations are based in the United States. If your data is ever processed or stored outside your home country, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) recognized under applicable data protection law
- Data Processing Agreements with all third-party vendors
- Adequacy decisions where applicable under GDPR or equivalent frameworks
Data Retention
We retain your personal data only for as long as necessary. Retention periods are determined by:
- The duration of our engagement or contractual relationship with you
- Applicable legal, tax, and regulatory obligations (IRS record-keeping typically requires 7 years)
- Our legitimate business interests, such as resolving disputes or enforcing agreements
Upon expiry of the applicable retention period, your data is securely deleted or anonymized so it can no longer be linked to you.
Security Measures
As a CPA firm that performs SOC 2 attestations for clients, we hold ourselves to the same high standards we apply to their audits. Our security practices include:
All data is encrypted in transit (TLS) and at rest using industry-standard protocols.
Role-based access ensures that only authorized personnel can access client information.
We conduct regular vulnerability assessments and internal reviews to maintain the integrity of our systems.
Your Privacy Rights
Depending on your location and applicable law, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at info@b4q.us. Please specify your request and, if applicable, your jurisdiction. We will respond within 30 days.
Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to improve your browsing experience. We use:
- Essential Cookies — Required for core site functionality such as navigation and form submission.
- Analytics Cookies — Help us understand how visitors interact with our site (e.g., pages visited, time spent) so we can improve our content and services.
- Preference Cookies — Remember settings you have chosen to personalize your experience.
You can manage or disable cookies at any time through your browser settings. Please note that disabling certain cookies may affect site functionality.
Third-Party Links
Our website may contain links to external sites, such as professional associations, partner platforms, or resource directories. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policy of any external site before submitting personal information.
Updates to This Policy
We may update this Privacy Policy from time to time as our business, technology, or legal obligations evolve. Any material changes will be reflected on this page with a new revision date.
We encourage you to review this page periodically. Continued use of our website or services after a change constitutes acceptance of the updated Policy.
Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please reach out to us: