Effective Date: January 1st, 2025 

 

1. Introduction   

Nexus One LLC DBA Bookkeeper Guy (“we,” “us,” or “our”) provides cloud‑based bookkeeping and related advisory services to U.S. small businesses. Protecting your privacy and your financial data is central to our commitments under the Gramm‑Leach‑Bliley Act Safeguards Rule and applicable state and international privacy laws. 

 

2. Scope   

This Notice applies to personal information collected via www.bookkeeperguy.com, our client portal, email, phone, or other interactions. It does not cover information we process strictly as a service provider acting under our clients’ instructions (e.g., when a client shares its employees’ payroll data). 

 

3. Information We Collect   

Category | Examples | Source   

—|—|—   

Identifiers | name, postal address, email, phone, IP address, EIN, SSN (last 4 digits) | you, your employer   

Financial & Tax Data | bank account numbers (tokenized), account balances, invoices, receipts, tax IDs, Xero files | you, linked accounts, accounting platforms   

Commercial Information | business expenses, revenue figures, subscriptions | bookkeeping integrations   

Internet Activity | log‑file data, cookies, analytics, chat transcripts | automated collection   

 

Sensitive data (e.g., full bank‑account numbers) is collected only when required to perform our bookkeeping engagement. 

 

4. How We Use Personal Information   

• Provide, maintain, and secure bookkeeping services and your client portal  
• Prepare financial reports, management accounts, and tax filings  
• Authenticate you, prevent fraud, and comply with “know‑your‑customer” rules  
• Respond to inquiries, schedule consultations, and send service‑related notices  
• Improve our website and develop new features (aggregated or de‑identified where possible)  
• Marketing: We do not sell personal information. We use first‑party analytics and may send occasional newsletters; you can opt out at any time.

 

5. Legal Bases (GDPR/EU Visitors)   

Where the GDPR applies, we process data under one or more of the following bases: contract performance, legitimate interests (e.g., fraud prevention), legal obligation, or with your consent (for optional cookies or marketing). 

 

6. Sharing & Disclosure   

We share information only as necessary:   

1. Service Providers – secure cloud hosting, payment processors, e‑signature, email, analytics   

2. Accounting Platforms – Xero, QuickBooks Online, Gusto payroll (pursuant to data‑processing agreements)   

3. Professional Advisors – auditors, attorneys, or insurers bound by confidentiality   

4. Authorities – IRS or state tax agencies when legally required   

5. Business Transfers – in connection with a merger or acquisition, with notice to you 

 

We impose contractual duties on vendors to keep your data confidential and implement safeguards comparable to ours. 

 

7. Cookies & Similar Technologies   

We use strictly‑necessary cookies for site security and session management. Analytics cookies are set only with consent via our banner. See “Cookie Preferences” at the footer to adjust settings. 

 

8. Data Security   

We maintain an information‑security program consistent with the FTC Safeguards Rule, including: encryption in transit and at rest, annual risk assessments, least‑privilege access controls, employee security training, and an incident‑response plan that includes mandatory breach notification to regulators and affected individuals when required. 

 

9. Data Retention   

Financial records are retained for 7 years (IRS guideline) unless a longer period is required for audits or litigation. Non‑essential web logs are deleted within 14 months. 

 

10. Your Privacy Rights   

Depending on where you live, you may have some or all of the following rights (subject to verification and certain exceptions): 

 

Jurisdiction (statute) | Access | Delete | Correct | Portability | Opt‑out of ads/sale/profiling   

—|—|—|—|—|—   

California (CCPA/CPRA) | ✔ | ✔ | ✔ | ✔ | ✔   

Colorado (CPA) | ✔ | ✔ | ✔ | ✔ | ✔   

Connecticut (CTDPA) | ✔ | ✔ | ✔ | ✔ | ✔   

Delaware (DPDPA – Jan 1 2025) | ✔ | ✔ | ✔ | ✔ | ✔   

Florida (FDBR – Jul 1 2024) | ✔ | ✔ | ✔ | ✔ | ✔   

Iowa (ICDPA – Jan 1 2025) | ✔ | ✔ | ✖ | ✔ | ✔   

Maryland (MODPA – Oct 1 2025) | ✔ | ✔ | ✔ | ✔ | ✔   

Minnesota (MNCDPA – Jul 31 2025) | ✔ | ✔ | ✔ | ✔ | ✔   

Nebraska (NDPA – Jan 1 2025) | ✔ | ✔ | ✔ | ✔ | ✔   

New Jersey (NJDPA – Jan 15 2025) | ✔ | ✔ | ✔ | ✔ | ✔   

Oregon (OCPA – Jul 1 2024) | ✔ | ✔ | ✔ | ✔ | ✔   

Tennessee (TIPA – Jul 1 2025) | ✔ | ✔ | ✔ | ✔ | ✔   

Texas (TDPSA – Jul 1 2024) | ✔ | ✔ | ✔ | ✔ | ✔   

Utah (UCPA) | ✔ | ✔ | ✖ | ✔ | ✔   

Virginia (VCDPA) | ✔ | ✔ | ✔ | ✔ | ✔   

EU / UK (GDPR) | ✔ | ✔ | ✔ | ✔ | ✔   

 

Even if a particular state law does not apply to us because of revenue or record‑volume thresholds, we will honor comparable rights for all U.S. residents whenever feasible. 

 

How to Exercise Your Rights   

Submit a request through mail@bookkeeperguy.com. We will verify your identity (and, when required, your authority as an agent) and respond within the timeframe specified by applicable law (usually 45 days, with a possible 45‑day extension). 

 

11. International Data Transfers   

We host data on servers in the United States. Where GDPR applies, we rely on Standard Contractual Clauses (SCCs) for any onward transfers to sub‑processors located outside adequate‑protection jurisdictions. 

 

12. Children’s Privacy   

Our services are directed to business owners and are not intended for minors under 16. We do not knowingly collect children’s personal information. If you believe we have done so, contact us to delete the data. 

 

13. Changes to This Policy   

We will post any material updates here and, for significant changes, notify you by email or prominent site notice at least 15 days before the new policy takes effect. 

 

14. Contact Us   

Questions? Email mail@bookkeeperguy.com