...

Saavedra CPA | Puerto Rico CPA & Tax Solutions

Menu


Privacy Policy

Effective Date: March 5, 2026

At Saavedra CPA LLC, your privacy is important to us. This Privacy Policy outlines how we collect, use, protect, and manage your personal data when you interact with our firm through our website, client portal, communications, or during the course of our professional services.

Who we are

Saavedra CPA LLC is a professional services firm based in Puerto Rico offering accounting, tax, compliance, and advisory solutions to individuals and businesses. For questions about this policy, please contact privacy@saavedracpa.com.

What Information We Collect

We may collect and process the following categories of personal information:

  • Contact Information: Name, email address, phone number, mailing address.

  • Financial & Tax Information: Identification numbers (e.g., EIN, SSN), income records, and documentation necessary to fulfill professional services.

  • Technical Data: Device/browser type, IP address, and behavior when interacting with our digital properties.

  • Communications & Interactions: Emails, form submissions, recorded calls (when applicable), and secure portal messages.

We do not knowingly collect information from individuals under the age of 18 and request that such individuals refrain from submitting personal data.

How We Use Your Information

Your information is used to:

  • Deliver the services you’ve engaged us for

  • Maintain and manage secure client records and communications

  • Comply with legal, tax, and regulatory obligations

  • Improve our internal systems and client experience

  • Send essential communications (e.g., tax deadlines, billing notices), including SMS messages for account notifications, document requests, and service updates

  • Occasionally share educational content, updates, or offers related to accounting, tax, and financial clarity. You may opt out of non-essential communications at any time using preferences available within the platform or by contacting us.

We manage your data with care and responsibility. We may use limited non-sensitive data (e.g., email address or firm affiliation) to explore or offer relevant business initiatives, services, or informational content either directly or indirectly in compliance with applicable privacy laws.

We may use automation to enhance service delivery, such as pre-filled forms, personalized onboarding, multilingual experiences, and SMS communications. These functions are governed by privacy-conscious logic and respect all applicable consent and transparency standards.

Your consent to receive SMS messages is required before sending any texts. We do not share your SMS consent with third parties or affiliates. You may opt out of SMS communications at any time by replying STOP to the message or contacting us directly.

Legal Basis for Processing

We process personal data based on:

  • Consent: Where you have opted in or voluntarily submitted information

  • Contractual necessity: To provide the services you requested

  • Legal obligation: For compliance with tax, financial, or regulatory rules

  • Legitimate interest: To manage and improve client engagement and professional delivery

Use of Secure Systems & Platforms

Saavedra CPA LLC uses secure, encrypted third-party platforms and proprietary workflows for data handling, client interaction, and service delivery. While we do not disclose specific software providers for operational confidentiality and security reasons, all systems used comply with HIPAA-capable standards, AES-256 encryption protocols, and maintain strict access controls.

While Saavedra CPA LLC is not a Covered Entity or Business Associate under HIPAA, we adopt HIPAA-grade data security measures where applicable to safeguard sensitive information.

All data transmitted through our portal, forms, and communications is encrypted both in transit and at rest. Access to this information is restricted to authorized personnel operating under strict confidentiality protocols.

Data Sharing with Third Parties

We may share information with trusted service providers or partners that assist us in operating securely and effectively. These may include:

  • Secure storage and communication systems

  • Payment and invoicing solutions

  • Professional tools and integrations used to support service delivery

All such parties operate under contractual obligations to maintain confidentiality, data integrity, and compliance with applicable law. We do not permit them to use your data for their own purposes.

International Data Transfers

Data may be processed or stored on servers located in jurisdictions outside of Puerto Rico. Where applicable, appropriate legal and contractual safeguards are in place to ensure equivalent protection.

Your Rights

We honor applicable privacy laws including Puerto Rico-specific regulations, U.S. federal law, and general principles from frameworks like GDPR and CCPA where relevant to client data rights and expectations. Subject to local laws (such as GDPR, CCPA, or similar frameworks), you may be entitled to:

  • Request access to your personal data

  • Correct or update inaccurate data

  • Request deletion of data no longer required

  • Restrict or object to certain types of processing

  • Request data portability

  • File a complaint with a supervisory authority

To exercise these rights, contact us at privacy@saavedracpa.com. We will respond within the time required by law.

Data Retention

We retain data only as long as necessary to fulfill the purposes outlined above, or as legally required. When data is no longer needed, we securely dispose of or anonymize it in accordance with best practices and company policies by service type.

Data Processing

A Data Processing Addendum (DPA) is available upon request for clients or partners requiring additional contractual safeguards. 

Cookies and Tracking

Cookies may be used to maintain session security, analyze site usage, deliver language preferences, or streamline user experiences. You may manage your preferences through browser settings or opt-out options where available.

Security

Our digital environment is built on platforms that follow bank-grade and healthcare-industry standards. This includes 256-bit AES encryption, TLS for all web communications, and redundant backup systems to protect your data against unauthorized access or loss.

Systems are regularly monitored, updated, and tested to remain compliant with evolving industry standards, including but not limited to HIPAA capabilities, SOC 2 readiness, and ISO-aligned practices.

We implement industry-standard measures to protect your data, including encryption, regular audits, access restrictions, and redundant backups. While no system is completely immune to risk, we remain vigilant in our efforts to protect your information.

In the unlikely event of a data breach, we will promptly notify affected individuals and authorities as required.

Policy Updates

This Privacy Policy may be updated periodically to reflect changes in our practices, technology, or legal obligations. The updated policy will be posted on our website with a revised effective date. Your continued use of our services constitutes acceptance of any changes. Please also see our terms.

Contact Us

For any privacy-related inquiries, requests, or complaints, please email:
privacy@saavedracpa.com
Or use a contact form at: www.saavedracpa.com.

Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.