Last Updated: November 18, 2025

Download as PDF

Privacy Policy

Look, we get it - nobody actually enjoys reading privacy policies. But since we're handling your financial data, we figured you'd want the straight goods on how we keep your info safe and what we do with it.

Quick Navigation
Hover over highlighted terms for definitions

Welcome to Astrion Vexal's privacy policy. We're an accounting firm based out of Toronto, and we work with tech startups and innovative companies across Canada. That means we handle sensitive financial info daily - yours included.

This policy isn't just legal boilerplate (though our lawyers did review it, don't worry). It's meant to give you a clear picture of what happens with your data when you work with us. We've been doing this since 2018, and we've learned that transparency beats legalese every time.

By using our services or even just browsing our site, you're agreeing to what's laid out here. If something doesn't sit right with you, reach out - we're happy to chat about it over coffee or a Zoom call.

Note: Canadian privacy laws (particularly PIPEDA) are pretty strict, and we follow them to the letter.

Let's break this down into what we actually collect from you:

Personal Identification
  • Your name, business name, and contact details (email, phone, address)
  • SIN or Business Number when we're filing taxes
  • Government-issued ID copies for verification (we're required to do this under anti-money laundering rules)
Financial Information
  • Bank statements, credit card records, and transaction histories
  • Income statements, expense receipts, invoices - basically everything that touches your bottom line
  • Payroll data if we're managing that for you
  • Investment portfolios and equity structures (especially important for startups with complex cap tables)
Technical Data
  • IP addresses, browser types, and device info when you visit our site
  • Login credentials for your accounting software (stored encrypted, obviously)
  • Usage data from our client portal - helps us improve the experience
Why do we need all this?

Simple - we can't do accurate bookkeeping, tax planning, or compliance work without the full picture. It's like asking a mechanic to fix your car without looking under the hood.

We're not gonna sell your data to marketers or do anything sketchy. Here's what we actually do with your information:

Core Services
  • Preparing financial statements
  • Filing tax returns with CRA
  • Managing bookkeeping and payroll
  • Providing strategic advice
Compliance
  • Meeting regulatory requirements
  • Audit support and documentation
  • GST/HST filing and tracking
  • Anti-fraud monitoring
Communication
  • Sending important updates about your account
  • Deadline reminders (you'll thank us later)
  • Answering your questions
  • Occasional newsletters (you can opt out)
Improvement
  • Analyzing trends to give better advice
  • Improving our systems and processes
  • Training our team (anonymized data only)
  • Developing new service offerings
Pro tip: If you ever want to know exactly what we're doing with your specific data at any given time, just ask. We keep detailed logs.

Alright, here's where we get a bit technical, but stick with me - it's important stuff.

Where Your Data Lives

All client data is stored on Canadian servers (specifically in Toronto and Montreal data centers). We don't ship your info off to other countries unless you explicitly ask us to work with international partners. Even then, we make sure they meet Canadian privacy standards.

How We Lock It Down
Encryption
256-bit AES encryption for data at rest, TLS 1.3 for data in transit
Access Control
Multi-factor authentication, role-based permissions, regular access audits
Backups
Automated daily backups, stored redundantly across multiple locations
What We Do Internally
  • Our team goes through annual security training (boring for them, good for you)
  • We limit access strictly to who needs what - your bookkeeper doesn't see everyone else's files
  • All devices are encrypted and remotely wipeable if lost or stolen
  • We use secure, approved cloud accounting platforms (think QuickBooks Online, Xero - not some sketchy spreadsheet)
  • Regular security audits by third-party firms
What If Something Goes Wrong?

Look, no system is 100% bulletproof. If we ever experience a data breach that affects your information, we'll:

  1. Notify you within 72 hours (or sooner if possible)
  2. Tell you exactly what happened and what data was affected
  3. Explain what we're doing to fix it
  4. Report it to the Privacy Commissioner if required by law

We're not in the business of sharing your data willy-nilly, but there are times when we need to share certain information:

Who What They Get Why
CRA & Other Tax Authorities Tax returns, supporting documents, financial records Legal requirement - we gotta file your taxes
Your Bank or Lenders Financial statements, projections, compliance docs Only when you're applying for financing and authorize us
External Auditors Full financial records if you're being audited Supporting your audit process
Cloud Software Providers Whatever data lives in their platforms We need these tools to do our job (QuickBooks, Xero, etc.)
Professional Advisors Relevant financial info When you need lawyers, consultants, or other specialists
What We Won't Do
  • Sell your data to third parties for marketing purposes (seriously, never)
  • Share it with competitors or anyone not directly involved in your services
  • Post it publicly or use it for our own business development without permission
  • Hand it over to authorities without a proper legal order (subpoena, warrant, etc.)
All third parties we work with are bound by confidentiality agreements and must meet Canadian privacy standards.

Under Canadian privacy law, you've got some solid rights when it comes to your personal info. Here's what you can do:

Right to Access

You can ask to see everything we have on you. We'll provide it within 30 days, usually as a PDF or secure download.

Right to Correction

If something's wrong, tell us and we'll fix it. Pretty straightforward - we want accurate records too.

Right to Deletion

You can ask us to delete your data, but there's a catch - we're legally required to keep certain records for 7 years (tax stuff, mostly).

Right to Portability

Want to take your data to another accountant? We'll give you everything in a usable format. No hard feelings.

Right to Object

Don't like how we're using your data for something? Let us know and we'll stop (unless it's legally required stuff).

Right to Withdraw Consent

Change your mind about something? You can pull your consent anytime - just know it might affect the services we can provide.

How to Exercise These Rights

Just shoot us an email at info@astrionvexal.info or call us at (416) 555-8842. We'll verify your identity (gotta make sure you're actually you) and get back to you within 30 days.

Not satisfied with our response? You've got the right to complain to the Office of the Privacy Commissioner of Canada. We hope it doesn't come to that, but it's your right.

Yeah, we use cookies on our website. Not the chocolate chip kind, unfortunately.

What Cookies We Use
Type Purpose Duration
Essential Cookies Keep you logged into the client portal, remember your session Session only
Analytics Cookies Help us understand how people use our site (we use Google Analytics) Up to 2 years
Functional Cookies Remember your preferences like language or region Up to 1 year

We don't use advertising cookies or sell your browsing data to anyone. Our analytics are purely internal - we just wanna know if people actually read our blog posts or if it's just our moms clicking through.

How to Control Cookies

You can disable cookies through your browser settings. Fair warning though - the client portal won't work properly without them. Here's how to manage cookies in major browsers:

  • Chrome: Settings > Privacy and security > Cookies and other site data
  • Firefox: Preferences > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Cookies and website data
  • Edge: Settings > Cookies and site permissions
We also respect Do Not Track (DNT) browser settings where feasible.

We use various third-party platforms to deliver our services efficiently. Each one has been vetted for security and privacy compliance:

Accounting Software

QuickBooks Online, Xero, Wave

These platforms store your financial data on their servers. They're all certified for data security and comply with Canadian privacy laws.

Communication Tools

Microsoft 365, Zoom, Slack

For emails, video calls, and secure messaging. All encrypted and business-grade.

Document Management

SharePoint, Dropbox Business

Secure cloud storage for your documents with enterprise-level encryption.

Payment Processing

Stripe, PayPal

For invoicing and payments. We don't store your credit card info - they handle that.

Important Note

When you use these third-party services, their own privacy policies also apply. We've linked to them in our client portal if you want to dig deeper. The short version: we only work with reputable companies that take privacy seriously.

We don't keep your data forever, but we can't just delete everything the moment you stop working with us either. Here's the breakdown:

Type of Data Retention Period Reason
Tax Records & Returns 7 years CRA requirement - they can audit up to 6 years back, we add a buffer
Financial Statements 7 years Standard accounting practice and legal protection
Contracts & Agreements 7 years after termination Legal statute of limitations
Correspondence & Emails 3 years Reference and dispute resolution
Marketing Data Until you unsubscribe Ongoing communication preference
Website Analytics 26 months Google Analytics default
What Happens After?

Once the retention period expires, we securely delete or anonymize your data. That means:

  • Digital files are permanently erased (not just moved to trash)
  • Physical documents are shredded
  • Backups are purged from all systems
  • Any anonymized data for statistical purposes can't be traced back to you
Heads up: If there's ongoing litigation or a government investigation, we might need to keep relevant records beyond the standard retention period. It's not common, but it happens.

Got questions about this privacy policy? Want to exercise one of your rights? Just wanna chat about how we handle your data? We're here for it.

Call Us

(416) 555-8842

Mon-Fri, 9am-5pm EST
Email Us

info@astrionvexal.info

We respond within 24 hours
Visit Us

2750 Yonge Street, Suite 410
Toronto, ON M4N 3M7
Canada

Appointments preferred, but drop-ins welcome
Privacy Officer

For formal privacy requests or complaints, you can reach our designated Privacy Officer directly:

Sarah Mitchell, CPA, CA
Email: privacy@astrionvexal.info
Direct Line: (416) 555-8843

Changes to This Policy

We'll update this policy from time to time - usually when laws change or we add new services. When we make significant changes, we'll email you and post a notice on our website. The "Last Updated" date at the top will always reflect the most recent version.

You can also check back here anytime - we keep an archive of previous versions available upon request if you're curious about what changed.

Still Have Questions?

Privacy is important, and we get that you might have concerns. Let's grab a coffee (virtual or otherwise) and talk it through.

Get in Touch View Our Services