Ampersand Aqueduct, a startup committed to safeguarding the privacy and security of our clients’ data, operates with a steadfast dedication to upholding the highest levels of integrity and confidentiality. This policy delineates our robust privacy and data handling procedures, including the specifics of how we manage data for state sales tax compliance filing services.
Information We Collect
To facilitate our services, especially in the realm of state sales tax compliance filing, we collect various types of data, including but not limited to:
- Personal Information: Such as name, email address, and contact details.
- Business Information: Including business operations, financial transactions, and Amazon data, which assists us in personalizing your experience and fulfilling state compliance requirements.
- Usage Information: Data automatically collected when you interact with our website or services, including IP addresses, browser type, and activity logs.
How We Use Your Information
The collected data, including Amazon data, is utilized for the following purposes:
- Service Provision: To offer, maintain, and improve our range of services, tailoring them to meet your specific needs, including state sales tax compliance filing services.
- State Compliance: To facilitate compliance with state criteria and regulations, utilizing the data to ensure accurate and timely filings.
- Customer Support: To provide responsive customer support and assistance.
- Legal Compliance: To adhere to legal and regulatory requirements, ensuring transparency and trustworthiness in our operations.
Data Sharing and Disposal
We maintain strict policies regarding the sharing and disposal of data:
- Sharing: Data is not shared with third parties without explicit consent, except as necessary to provide our services or comply with legal requirements, including state compliance mandates.
- Disposal: We adhere to secure data disposal practices, ensuring that data is disposed of in a secure and accountable manner, preventing unauthorized access or disclosure.
Data Handling Policies
Data Collection and Processing
We employ secure methods to collect and process data, ensuring its accuracy and relevance for the intended use, including meeting state criteria for sales tax compliance.
Data is stored securely in Microsoft Azure databases, which employ stringent security measures such as:
- IP-Locked Databases: Restricting unauthorized access to databases through IP locking.
- Microsoft Authenticator: Utilizing Microsoft’s two-factor authentication services to enhance account security.
- Data Encryption: Employing encryption technologies to protect data during storage.
Security Policies and Procedures
At Ampersand Aqueduct, we prioritize the security of personally identifiable information (PII) and have established a comprehensive set of security policies and procedures that align with industry best practices and regulatory requirements. These policies encompass the following areas:
- Incident Response Plan:
- Immediate Response: In the event of a security incident involving PII, we initiate an immediate response to contain the incident and prevent further data loss.
- Investigation and Reporting: Conducting thorough investigations to understand the nature and scope of the incident, followed by reporting to relevant authorities as required by law.
- Employee Training and Awareness:
- Regular Training: Employees undergo regular training on the handling of PII and are educated on the latest security threats and prevention measures.
- Confidentiality Agreements: All employees sign confidentiality agreements to ensure the secure handling of PII.
- Network Security Management:
- Firewalls and Intrusion Detection: Implementing advanced firewall systems and intrusion detection to monitor and prevent unauthorized access to networks where PII is stored.
- Secure Communication: Ensuring secure communication channels through the use of encryption technologies.
- Application Security:
- Secure Development: Adhering to secure development practices to prevent vulnerabilities that could lead to PII breaches.
- Regular Updates and Patch Management: Regularly updating applications to patch known vulnerabilities.
- Access Control:
- Role-Based Access Control (RBAC): Implementing RBAC to ensure that only authorized individuals have access to PII.
- Multi-Factor Authentication (MFA): Utilizing MFA, including Microsoft Authenticator, to enhance the security of user accounts that have access to PII.
- Data Backup and Recovery:
- Secure Backup: Implementing secure backup procedures to protect PII from data loss incidents.
- Disaster Recovery Plan: Maintaining a disaster recovery plan to ensure the availability and integrity of PII in case of catastrophic events.
- Regular Security Audits and Assessments:
- PII Audit Trails: Maintaining detailed audit trails of all access and modifications to PII.
- Third-Party Assessments: Regularly undergoing third-party assessments to evaluate the effectiveness of our PII protection measures.
- Physical Security:
- Secure Facilities: Implementing measures to secure physical infrastructure, including surveillance systems and controlled access to facilities housing sensitive data.
- Data Center Security: Ensuring that data centers housing PII adhere to stringent security standards.
- Vendor Risk Management:
- Vendor Compliance: Evaluating and monitoring the security practices of third-party vendors to ensure they adhere to our PII protection standards.
- Data Sharing Agreements: Establishing data sharing agreements with vendors that outline the requirements for the secure handling of PII.
- Legal and Regulatory Compliance:
- Compliance with State Criteria: Ensuring compliance with state criteria for sales tax compliance, including the secure handling of PII as required by state regulations.
- Privacy Impact Assessments: Conducting privacy impact assessments to evaluate the potential risks to PII and implement mitigating measures.
- Data Encryption:
- At Rest and In Transit: Employing encryption technologies to protect PII both at rest and during transmission to prevent unauthorized access.
- Data Disposal:
- Secure Disposal: Adhering to secure data disposal practices to prevent unauthorized access or disclosure of PII during the disposal process.
- Phone: (800) 931-0994
- Email: email@example.com
- Address: Ampersand Accounting, LLC 32 N Augusta St Suite 6, Staunton, VA 24401