top of page

Data Retention & Privacy Policy

Hughes CPA Services is a trade name of Chase Hughes, CPA, sole proprietor. 
 

Effective Date: 1/21/2026
Last Updated: 2/17/2026
 

Hughes CPA Services (“Firm,” “we,” “us,” or “our”) is committed to protecting the confidentiality, privacy, and security of client information. This Data Retention & Privacy Policy describes how we collect, use, retain, safeguard, and dispose of information obtained in the course of providing professional services.
 

 

1. Information We Collect

In connection with providing tax, accounting, advisory, and related professional services, we may collect and maintain nonpublic personal information (“NPI”), including but not limited to:

  • Names, addresses, and contact information

  • Social Security numbers and taxpayer identification numbers

  • Financial account and transaction information

  • Tax returns and supporting documentation

  • Business and payroll records

Information is obtained directly from clients or from third parties authorized by clients.
 

2. Use of Information

Client information is used solely for legitimate business purposes, including:

  • Providing professional services requested by the client

  • Complying with legal, regulatory, and professional obligations

  • Communicating with clients regarding their engagements

We do not sell, rent, or trade client information.
 

3. Disclosure of Information

We may disclose client information only under the following circumstances:

  • With the client’s consent

  • As required by law, regulation, or court order

  • To service providers or vendors engaged to assist in delivering services, provided such parties are subject to confidentiality and data protection obligations

  • To taxing authorities in connection with authorized filings or representations

All disclosures are limited to the minimum information necessary to fulfill the applicable purpose.

4. Information Security

We maintain administrative, technical, and physical safeguards designed to protect client information against unauthorized access, disclosure, alteration, or destruction.

 

Our security measures are outlined in our Written Information Security Program (“WISP”), which is maintained internally and reviewed periodically. While we take reasonable steps to protect information, no system can be guaranteed to be completely secure.
 

5. Electronic Communications

Electronic communications, including email, may not always be secure. Clients acknowledge and accept the inherent risks associated with electronic transmission of information and consent to such communications unless otherwise requested in writing.

 

6. Data Retention

Client records are retained for seven (7) years following the completion of services, unless a longer retention period is required by law, regulation, or professional standards.
 

After the applicable retention period, records may be automatically deleted or securely destroyed without further notice.
 

7. Data Disposal

We take reasonable measures to ensure that client information is disposed of securely, including electronic deletion and physical destruction, as appropriate to the format of the information.

 

8. Client Rights

Clients may request access to their information or inquire about our data practices, subject to legal and professional limitations. Requests must be submitted in writing.

We reserve the right to retain information as required to comply with legal, regulatory, or professional obligations.

 

9. Third-Party Service Providers

We may utilize third-party service providers (such as cloud-based software platforms) to support Firm operations. These providers are selected based on their security practices and are required to maintain appropriate safeguards for client information.

The Firm is not responsible for security failures attributable solely to third-party providers beyond our reasonable control.
 

10. Changes to This Policy

We reserve the right to update or modify this Data Retention & Privacy Policy at any time. Material changes will be reflected in the updated effective date.
 

11. Contact Information

Questions regarding this policy may be directed to:

Chase Hughes, CPA

Sole Proprietor, Hughes CPA Services (Trade Name)
Attn: Privacy Officer
chase@hughescpaservices.com

  • LinkedIn
  • Instagram
  • Facebook
  • Threads
  • X
  • TikTok

© 2026 Hughes CPA Services. All rights reserved.

Hughes CPA Services is a trade name of Chase Hughes, CPA, a sole proprietor. Registration of Hughes CPA Services PLLC is currently pending with the New York State Education department. 

Privacy Policy | Accessibility Statement

bottom of page