Legal · Confidentiality

Privacy Policy

Effective Date: May 12, 2026 · Last Updated: May 12, 2026

Young Xcellence Advisory Group, Inc. ("YXAG," "we," "us," or "our") takes the privacy and security of your personal and financial information seriously. This Privacy Policy describes the categories of information we collect, how we use and protect it, and the rights you have over your data. As a tax preparation firm, we are bound by stricter privacy obligations than most businesses under federal law — including IRS Section 7216, the FTC Safeguards Rule, and the Gramm-Leach-Bliley Act (GLBA).

1. Scope of This Policy

This Privacy Policy applies to information collected through our website (yxadvisorygroup.com), our client portal, in-person meetings, phone calls, emails, and any other interaction you have with YXAG. It covers individuals who are clients, prospective clients, visitors to our website, and other individuals whose information we receive in connection with our tax, bookkeeping, payroll, and advisory services.

2. Information We Collect

The information we collect depends on how you interact with us. Categories include:

2.1 Information You Provide Directly

  • Identifying information: Full legal name, date of birth, Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN), driver's license or state ID number, signature
  • Contact information: Mailing address, email address, phone numbers
  • Family information: Spouse and dependent names, SSNs, dates of birth, relationship
  • Financial information: Income from all sources, bank account and routing numbers, investment account information, retirement account details, mortgage and loan information, business financial records, K-1s, 1099s, W-2s, prior tax returns
  • Business information: EIN, entity formation documents, bookkeeping records, payroll records, contractor 1099 data, business bank statements, expense receipts
  • Health and dependent care information: Only as necessary for tax deductions (medical expenses, dependent care credits)
  • Other information: Charitable contribution records, vehicle information, real estate transactions, and any other data necessary to prepare accurate returns

2.2 Information Collected Automatically

  • Website data: IP address, browser type, device type, pages visited, time spent, referring URL
  • Cookies and similar technologies: See Section 9 below
  • Portal activity logs: Login timestamps, documents accessed, e-signatures applied (these logs are required for IRS compliance)

2.3 Information from Third Parties

  • From the IRS: Tax transcripts, account information, notices (with your authorization via Form 8821 or 2848)
  • From financial institutions: Year-end statements, 1099s, K-1s, as you direct
  • From your prior preparer: Prior-year returns and workpapers, if you authorize the transfer
  • From your employer or payroll provider: W-2s, payroll registers

3. How We Use Your Information

We use your information only for purposes related to the professional services you have engaged us to provide:

  • Preparing and filing federal, state, and local tax returns
  • Maintaining bookkeeping records and producing financial statements
  • Processing payroll, including direct deposit and tax remittance
  • Forming legal entities (LLCs, S-Corps, C-Corps) on your behalf
  • Responding to IRS or state tax authority notices and inquiries
  • Providing tax planning, advisory, and consultation services
  • Communicating with you about your engagement, scheduling, billing, and tax matters
  • Complying with our legal, regulatory, and professional obligations (IRS Circular 230, AICPA standards, state CPA board requirements)
  • Detecting and preventing fraud, identity theft, and unauthorized access
  • Improving our services and website functionality (using aggregated, non-identifying data only)

We do NOT use your information to: sell to third parties, train artificial intelligence models, target you with advertising, or for any purpose unrelated to the services you have engaged us to provide.

4. When We Share Information

Your tax return information is among the most sensitive data you possess, and federal law restricts how it can be shared. We share information only in the following circumstances:

4.1 With Government Authorities

We file your tax returns electronically with the IRS and applicable state tax authorities. We may share information with these agencies as required to respond to notices, audits, or other authorized inquiries, with your knowledge.

4.2 With Service Providers Under Strict Contracts

We use trusted third-party service providers to operate our practice, including:

  • Secure client portal provider (e.g., TaxDome, Canopy, SmartVault) — SOC 2 Type II audited, contractually required to maintain confidentiality and security
  • Tax preparation software (e.g., Drake, Crosslink, ProSeries) — encrypted, GLBA-compliant
  • Bookkeeping software (QuickBooks, Xero) — SOC 2 audited
  • Payroll processors (Gusto, ADP, RUN) — audited, encrypted
  • Email and communication providers (Microsoft 365, Google) — encrypted, HIPAA/GLBA capable
  • Payment processors (Stripe, CPACharge) — PCI-DSS compliant; we never store full credit card numbers ourselves

All providers are contractually bound to use your information only for the purposes for which we engage them and to maintain its confidentiality and security.

4.3 With Your Authorization

We will share your information with banks, lenders, attorneys, financial planners, or other professionals only when you specifically authorize us to do so in writing, typically via IRS Form 8821 (Tax Information Authorization), Form 2848 (Power of Attorney), or our own written consent forms.

4.4 As Required by Law

We may disclose information if compelled by a valid subpoena, court order, or law enforcement request. When legally permitted, we will notify you before complying so you may seek a protective order.

4.5 In Connection with a Business Transition

If YXAG is sold, merged, or transitioned to another firm, your information may transfer to the successor firm. You will be notified in advance and given the option to decline the transfer of your records.

5. IRS Section 7216 Consent

Under IRS Code Section 7216 and 26 C.F.R. § 301.7216, tax preparers are prohibited from disclosing or using a taxpayer's tax return information for any purpose other than preparing the return, except with the taxpayer's specific written consent that meets strict format requirements.

YXAG does not use tax return information for marketing, cross-selling additional services, or any purpose outside the scope of our engagement without first obtaining your separate, written Section 7216 consent. Any such consent will be a standalone document — not buried in our engagement letter — and you may revoke it at any time without affecting our ability to complete your return.

Violation of Section 7216 by a preparer is a federal crime punishable by fines of up to $1,000 per violation and up to one year imprisonment. We take this obligation seriously.

6. How We Protect Your Information

As a tax preparation firm, we are required by the FTC Safeguards Rule (16 C.F.R. Part 314) to maintain a Written Information Security Plan (WISP). Our security measures include:

6.1 Technical Safeguards

  • Encryption: All sensitive data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Multi-factor authentication (MFA): Required for all staff accessing client data, and available to clients accessing the portal
  • Access controls: Role-based access — staff can only access information necessary for their work
  • Audit logging: All access to client records is logged and reviewed
  • Endpoint protection: Anti-malware, firewall, and device encryption on all firm devices
  • Secure backup: Encrypted, geographically distributed backups

6.2 Administrative Safeguards

  • Designated security coordinator (as required by FTC Safeguards Rule)
  • Annual risk assessments and security training
  • Background checks for employees with data access
  • Written information security plan reviewed annually
  • Incident response procedures

6.3 Physical Safeguards

  • Locked storage for any paper records
  • Secure shredding of paper documents no longer needed
  • Clean-desk policy for offices handling tax returns

Important reminder: Email is not a secure channel. Please do not send sensitive information (SSNs, account numbers, full tax documents) via email. Use our encrypted client portal for all document exchange.

7. Data Retention

We retain client records for the periods required by IRS regulations, state CPA board rules, and professional standards:

  • Tax returns and supporting documents: Minimum 7 years from filing date (IRS recommendation; some states require longer)
  • Engagement letters and signed authorizations: 7 years
  • Bookkeeping records: 7 years per IRS substantiation requirements
  • Payroll records: Minimum 4 years per IRS, 6 years for state in NY
  • Audit and representation files: 7 years after case closure
  • Communications: Retained for the duration of the engagement plus 7 years

After the retention period, records are securely deleted (digital records overwritten or cryptographically erased; paper records cross-shredded). You may request a copy of your records at any time during the retention period.

8. Your Rights and Choices

8.1 All Clients

  • Access: Request a copy of the information we hold about you
  • Correction: Request that we correct inaccurate information
  • Portability: Receive your records in a structured, machine-readable format
  • Withdrawal of consent: Revoke any Section 7216 consent or other authorization at any time
  • Complaint: File a complaint with the IRS, FTC, or your state attorney general if you believe we have mishandled your information

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete (subject to our legal retention obligations), the right to correct inaccurate information, and the right not to be discriminated against for exercising these rights. To exercise these rights, contact us at privacy@yxag.com.

YXAG does not "sell" personal information as defined by the CCPA, and we do not engage in "sharing" for cross-context behavioral advertising.

8.3 New York Residents

Under the New York SHIELD Act (Stop Hacks and Improve Electronic Data Security Act) and applicable New York consumer protection laws, New York residents have rights regarding the security and handling of their private information. We maintain reasonable safeguards as required by N.Y. Gen. Bus. Law § 899-bb to protect the private information of New York residents. Contact us at privacy@yxag.com to inquire about the personal information we hold about you, request corrections, or raise any privacy-related concerns.

As a tax preparer registered with the New York State Department of Taxation and Finance, we are also bound by New York Tax Law § 32 and the professional standards established by the New York State Society of CPAs (NYSSCPA).

8.4 Other State Residents

Residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia may have similar rights under their respective state privacy laws. Contact us to exercise these rights.

8.5 How to Make a Request

Submit privacy requests via email to support@yxadvisorygroup.com, by phone at (929) 784-2862, or by mail to the address in Section 13. We will respond within 30 days (extendable by 30 additional days for complex requests, with notice to you). We may need to verify your identity before fulfilling certain requests.

9. Website Cookies and Tracking

Our website (yxadvisorygroup.com) uses a minimal set of cookies and similar technologies:

  • Strictly necessary cookies: Required for the website to function (e.g., remembering form input across pages)
  • Analytics cookies: We may use privacy-friendly analytics (Plausible, Fathom) or Microsoft Clarity to understand how visitors use our site. These tools collect aggregated, non-personally-identifying information

We do not use advertising cookies, retargeting pixels, or third-party advertising trackers.

Most browsers allow you to control cookies through their settings. Note that disabling cookies may affect website functionality but will not affect your ability to communicate with us or use our client portal.

We honor "Do Not Track" signals where technically feasible.

10. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you as required by applicable federal and state law. Under the New York SHIELD Act (N.Y. Gen. Bus. Law § 899-aa), we will notify affected New York residents without unreasonable delay if a breach involves their private information. We will also notify the New York Attorney General, the New York Department of State, the IRS, state tax authorities, and the FBI's IC3 division as required for breaches involving tax preparer information.

Notice will be provided by email and, if email is not available or feasible, by U.S. mail to your address on file. Notice will describe the nature of the breach, the information involved, the steps we are taking, and the steps you should take to protect yourself.

11. Children's Privacy

Our services are intended for adults (taxpayers age 18 and older, or businesses). We do not knowingly collect personal information from children under 13 through our website or marketing channels. However, we routinely process tax information about minor dependents as part of our tax preparation services, and that information is treated with the same care and confidentiality as all client information described in this Policy.

If you believe we have inadvertently collected information from a child under 13 through our website (not as part of tax preparation), please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. The "Last Updated" date at the top of this Policy will reflect the most recent revision. For material changes that affect how we use your information, we will notify active clients by email or through the client portal at least 30 days before the changes take effect.

Your continued use of our services after a Policy update constitutes acceptance of the revised Policy. If you do not agree with the changes, you may terminate your engagement and request return or deletion of your records (subject to our legal retention obligations).

13. Contact Us

For any privacy-related questions, concerns, or requests, please contact us:

Email support@yxadvisorygroup.com
Phone (929) 784-2862
Mail Young Xcellence Advisory Group, Inc.
4867 BROAD WAY PMB 1004
NEW YORK, NY 10034
Response time Within 30 days (45 days for complex requests)

You may also file complaints with regulatory authorities:

This Privacy Policy was prepared based on requirements under the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.), the FTC Safeguards Rule (16 C.F.R. Part 314), IRS Code Section 7216 and 26 C.F.R. § 301.7216, the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.), the New York SHIELD Act (N.Y. Gen. Bus. Law § 899-aa and § 899-bb), New York Tax Law § 32, and other applicable federal and state laws.

© 2026 Young Xcellence Advisory Group, Inc. All rights reserved.