Privacy Policy

Effective Date: March 25, 2026 · Last Updated: March 25, 2026

Steadyhand Bookkeeping ("we", "us", "our") is committed to protecting the privacy and confidentiality of our clients' personal and financial information. This policy explains how we collect, use, protect, and disclose your information in compliance with Alberta's Personal Information Protection Act (PIPA).

1. Information We Collect

Personal Information

• Full name and contact information (address, phone number, email)
• Social Insurance Number (SIN) — only when required for payroll or tax filings
• Date of birth (if required for specific filings)

Business Information

• Business name, business number (BN), and GST/HST registration number
• Banking and financial account information (account numbers, transaction records, statements)
• Accounts payable and receivable records
• Payroll information (employee names, SINs, pay rates, deductions)
• Receipts, invoices, and supporting financial documents
• Vehicle logbooks and mileage records

2. Why We Collect This Information

We collect personal and financial information solely for the purpose of:

• Performing the bookkeeping services outlined in your engagement letter
• Preparing and filing GST/HST returns with the Canada Revenue Agency (CRA)
• Processing payroll and issuing T4/T4A slips
• Generating financial reports (profit & loss, balance sheet, etc.)
• Communicating with you about your account and services

We will not collect more information than is reasonably necessary to perform these services.

3. How We Protect Your Information

• Encrypted cloud storage — All financial records are stored in cloud-based platforms (e.g., QuickBooks Online) that use industry-standard encryption
• Two-factor authentication (2FA) — Enabled on all accounts that access client data
• Strong passwords — Unique, complex passwords managed through a password manager
• Access control — Only authorized personnel have access to your information
• Secure communication — Sensitive documents are shared via encrypted channels, not unencrypted email attachments
• Physical security — Any physical documents are stored securely and shredded when no longer needed
• Software updates — All systems are kept up to date with the latest security patches

4. Who We Share Your Information With

We do not sell, trade, or rent your personal information to anyone.

We will only share your information with:

• Canada Revenue Agency (CRA) — As required for tax filings, GST/HST remittances, payroll reporting, or in response to a lawful request
• Your designated accountant or CPA — When you authorize us to share year-end files or financial records for tax preparation
• Third parties you authorize — Only with your written consent (e.g., lenders requesting financial statements)
• Software providers — Your data is processed through platforms like QuickBooks Online, which have their own privacy policies and security measures

We will never share your SIN, banking information, or financial records with any unauthorized party.

5. How Long We Retain Your Information

• Active clients — We retain your financial records for the duration of our engagement
• After termination — We retain records for a minimum of 7 years from the end of the tax year to which they relate, as required by the Canada Revenue Agency
• After the retention period — Records are securely destroyed (digital files permanently deleted, physical documents shredded)
• SINs and sensitive identifiers — Retained only as long as necessary for the specific filing purpose, then securely removed from our active systems

You may request deletion of your information at any time, subject to our legal obligation to retain records under CRA requirements.

6. Your Rights Under PIPA

As our client, you have the right to:

• Access your personal information held by us
• Request corrections to any inaccurate information
• Withdraw your consent for us to collect, use, or disclose your information (note: this may limit or end our ability to provide services)
• File a complaint with the Office of the Information and Privacy Commissioner of Alberta (OIPC) if you believe your privacy rights have been violated

7. Breach Notification

In the event of a privacy breach involving your personal information:

1. We will assess the breach immediately to determine the scope and nature of the incident
2. We will notify you without unreasonable delay, including what happened, what information was involved, what steps we are taking, and what you can do to protect yourself
3. If the breach creates a real risk of significant harm, we will also notify the Office of the Information and Privacy Commissioner of Alberta (OIPC) and any other parties as required by law
4. We will document the breach and our response, and take steps to prevent recurrence

8. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be communicated to active clients via email and will take effect on the date specified.

9. Contact Us

This privacy policy is designed to comply with Alberta's Personal Information Protection Act (PIPA). It is not legal advice. For legal guidance, consult a qualified privacy professional.