Privacy Policy

1. Introduction & Institutional Scope

Velmer Digital LLC ("we," "our," or "us") operates strictly within the B2B sector, providing elite accounting staffing, dedicated Managed Pods, Knowledge Process Outsourcing (KPO), and Business Process Outsourcing (BPO) solutions to certified US CPA firms. Operating as a US Corporate Entity (headquartered in Santa Fe, New Mexico) with a secured offshore operations facility in Cebu IT Park, Philippines, we mandate strict structural compliance, including adherence to the US Internal Revenue Code Section 7216, GLBA (Gramm-Leach-Bliley Act), and IRS-WISP (Written Information Security Plan) directives.

Because we integrate heavily with US accounting infrastructure, our data handling goes far beyond standard commercial privacy policies. We utilize a Zero-Trust architecture designed to ensure that end-client taxpayer data remains completely insulated from unauthorized access.

2. The Information We Collect

We collect information across three distinct operational vectors:

A. Information You Provide Directly

• Professional Contact Data: Name, business email, phone number, CPA firm name, and job title when scheduling strategy calls or submitting inquiries.
• Contractual & Financial Data: Billing information, authorized signatory details, and institutional compliance documentation required to establish Master Service Agreements (MSAs) and Business Associate Agreements (BAAs).

B. Information Collected Alternatively (B2B Lead Generation)

• Public Corporate Data: To identify potential US CPA firm partners, we deploy automated aggregation pipelines that compile business intelligence from public directories (e.g., Google Maps, public state board registries). This data is strictly limited to corporate contact information (B2B) and is not linked to private consumer profiles.

C. Technical & Usage Data

• Digital Footprint: IP addresses, browser types, session durations, and user interaction metrics via cookies and tracking pixels to monitor site performance and security.

3. End-Client (Taxpayer) Data Handling

Vance & Cole explicitly does NOT process, store, or warehouse end-client taxpayer data on our own servers.

In our capacity as a KPO and BPO provider, our accounting professionals log directly into the secure cloud infrastructure or virtual desktops (VDI) hosted and controlled by the US CPA firm. Therefore:

• Primary data storage remains the responsibility of the client CPA firm.
• We require our partner firms to secure Section 7216 taxpayer consent before granting our offshore professionals access to any identifiable tax data.
• We act strictly as a "Processor" or "Service Provider" for this data, operating under rigorous documented instructions from the CPA firm.

4. How We Use the Information

Our internal use of data focuses entirely on facilitating B2B operations and enforcing security:

• Service Delivery: To provision talent, execute background checks, and integrate with client workflows.
• Security & Compliance Enforcement: To audit access logs and ensure compliance with ISO 27001 frameworks and IRS-WISP mandates.
• B2B Marketing & Communication: To directly contact CPA firm owners regarding potential partnerships. You may opt-out of these B2B communications at any time.

5. Cross-Border Data Routing & Clean-Room Operations

While Vance & Cole is a US entity subject to the laws of the State of New Mexico, our delivery center is located in Cebu IT Park, Philippines. To protect data transiting across borders, we enforce standard contractual clauses, BAAs, and the following physical/digital safeguards:

• Clean-Room Facilities: Our delivery center is physically secured via biometric access. Personal devices, paper, and recording equipment are strictly prohibited on the production floor.
• Zero-Retention Policy: Workstations assigned to our professionals lack local storage capabilities (USB drives disabled, local saves blocked).
• Encrypted Routing: Network traffic operates exclusively over AES-256 encrypted VPN tunnels or secure IP-whitelisted VDI connections.

6. Sharing Information with Third Parties

We do not sell, trade, or rent your corporate contact data to unauthorized third parties. We may share necessary technical information with strictly vetted sub-processors (e.g., our CRM provider, cloud hosting services) who are contractually bound by confidentiality and security standards equivalent to our own.

We will disclose data if required by US federal or state law, subpoenas, or IRS audit requirements.

7. Data Retention

B2B lead data and marketing contact records are retained as long as they hold commercial value, or until an opt-out request is submitted. Financial and contractual records with partner CPA firms are retained for a minimum of 7 years, per standard US federal tax and legal requirements.

8. Your Rights (Including CCPA / CPRA)

Although B2B data is often exempted from certain consumer privacy frameworks, we voluntarily extend data modification and transparency rights to our professional contacts. For residents of California, we strictly adhere to the CCPA/CPRA requirements:

• Right to Access & Portability: You may request an overview of the data we hold on your corporate entity.
• Right to Rectification: You may request corrections to inaccurate professional data.
• Right to Erasure ("Right to be Forgotten"): You may request deletion of your B2B contact data from our marketing and sales systems.
• "Do Not Sell My Personal Info": We do not sell your personal or B2B data. You may opt-out of any third-party sharing or cold-outreach emails via mandatory unsubscribe links.

9. Contact Information & Legal Inquiries

For exercising your data rights, requesting our security controls architecture documentation, or demanding a HIPAA/Section 7216 Business Associate Agreement (BAA) review, please contact our Legal & Compliance operations: