Table of Contents
Who We Are and Scope
What We Collect
Sources of Personal Information (including View‑Only Access)
Purposes and Legal Bases
Sharing and Disclosures (including Client Portals & Payments)
Retention
International Transfers
Cookies & Similar Technologies
Security (WISP Summary)
Your Rights and Choices
U.S. Financial Privacy (GLBA) and IRS Rules
State Privacy Law Disclosures (U.S.)
Children’s Privacy
Third‑Party Links
Changes to this Policy
How to Contact Us
Annex A. GLBA Model Privacy Notice (Short Form)
Annex B. IRS §7216 — Using/Disclosing Tax Return Information
Annex C. Cookie Categories & Controls
Annex D. Key Definitions
Annex E. Key Service Providers & Platforms (Illustrative)

1) Who We Are and Scope
Controller. For our public websites (e.g., [www.celeraxiom.com], subdomains) and direct client relationships, Celeraxiom LLC is the controller of your personal information.
Processor role. When clients instruct us to process personal data for their customers/employees (e.g., documents or data in a client portal or your own systems), we act as a processor/service provider under a signed agreement and process data only on documented instructions.
Services covered. Accounting, bookkeeping, payroll support, tax preparation and advisory, business formation and compliance services, and related professional services.
Representatives. If required under GDPR/UK GDPR Article 27, we will appoint an EU/UK representative and publish contact details here.

2) What We Collect

We collect the following categories of information (depending on your interaction with us). Examples are illustrative, not exhaustive.

A. Identifiers & Contact. Name, email, phone, postal address, job title/employer, government identifiers when necessary (e.g., SSN/Tax ID/VAT/NIF), date of birth.

B. Financial, Payroll & Tax. Income, payroll, expense and bank/credit card statements (masked where feasible), accounting records, invoices/receipts, tax filings/transcripts, dependents/deductions, supporting documents you or your employer provide.

C. Account & Authentication. Portal credentials, role/permissions, audit logs, access times; password hashes (never plain text), multi‑factor authentication status.

D. Device/Usage. IP address, device type, browser, referring/exit pages, pages viewed, general location (city/region), cookie and pixel data (see Section 8).

E. Communications. Emails and messages, support tickets, call notes/recordings (if we record, we will disclose), feedback.

F. Human Resources/Recruiting. Résumé, employment history, references, and other application materials (if you apply for a job).

Special categories. We do not intentionally collect special category data (e.g., health, biometrics) unless you provide it because it appears in documents relevant to our services (e.g., medical expense receipts for tax). Please avoid sending unnecessary sensitive data.

3) Sources of Personal Information (including View‑Only Access)

• You/your organization. Onboarding forms, document uploads, emails, calls.
• Authorized third parties. Payroll providers, financial institutions, e‑signature tools, prior accountants, and other sources you instruct or authorize.
• Government/tax authorities. IRS, state/local agencies or foreign tax authorities where you instruct us or the law permits.
• Automated collection. Our websites/portal and analytics tools gather limited device/usage information (see Section 8).
• View‑only access to client systems. At your request, we may access your third‑party systems (e.g., banking portals, SaaS accounting/payroll tools) using view‑only or read‑only roles where available. We access only what is required to deliver services, do not alter your systems, do not override permissions, and do not download or extract data except as necessary for the engagement and in accordance with your instructions and applicable law. Access is logged by the relevant system, and we request prompt removal of our access after the engagement or when it is no longer needed.

4) Purposes and Legal Bases

Purposes (all regions) – Service delivery. Provide and administer services; prepare and file tax returns; payroll support; advisory; onboarding; customer support. – Legal/compliance. Recordkeeping, audits, AML/KYC (where applicable), sanctions screening, fraud prevention, responding to lawful requests. – Security. Authenticate users; detect/prevent security incidents; protect our services; investigate and remediate. – Business operations. Operate, maintain, and improve services and websites; train staff; develop new features; maintain backups. – Communications & marketing. Send service notices and legally required communications. With consent or as permitted by law, send updates/newsletters—you can opt out at any time.

Legal bases (EEA/UK) – Contract necessity. To provide requested services. – Legal obligation. To comply with tax, accounting, and other laws. – Legitimate interests. To secure and improve services, prevent fraud, and defend legal claims—balanced against your rights. – Consent. For certain marketing and non‑essential cookies (you may withdraw consent at any time).

We do not engage in automated decision‑making that produces legal or similarly significant effects without human review.

5) Sharing and Disclosures (including Client Portals & Payments)

We do not sell personal information and do not share it for cross‑context behavioral advertising.

We disclose information to: – Service providers/processors. Cloud hosting, client portal, email/IT, document management, e‑signature, analytics, payments/billing, and professional tools—bound by confidentiality and data protection obligations. Examples include: – Financial Cents (client work management and client portal) – Ignition (engagements, proposals, billing, and client portal features) – QuickBooks Payments (Intuit) for payment processing; we do not store full card numbers—processing is handled by PCI‑DSS‑compliant providers – QuickBooks Online (accounting platform) when used at your direction – Professional advisors. Auditors, insurers, lawyers, accountants under confidentiality. – Authorities. Tax/regulatory bodies and law enforcement where required or permitted by law, or to protect rights/safety. – Business transfers. In a merger, acquisition, or asset sale subject to appropriate safeguards.

We maintain an up‑to‑date list of key subprocessors available upon request. When we use third‑party client portals or payment platforms, your use of those platforms is also subject to their own terms and privacy policies. We select providers that implement appropriate security and privacy controls and contractually require them to protect personal information.

6) Retention

We retain personal information only as long as necessary for the purposes described and to comply with laws (e.g., tax/accounting), resolve disputes, and enforce agreements. Retention depends on legal requirements, limitation periods, and our contractual duties. When no longer needed, we delete or irreversibly anonymize data. Examples: client engagement records and tax files are typically retained for multiple years to meet legal obligations and professional standards.

7) International Transfers

Our business is U.S.‑focused. If you are in the EEA/UK and your data is transferred to countries without an adequacy decision (e.g., the U.S.), we implement Standard Contractual Clauses and, where applicable, rely on participation in the EU–U.S. Data Privacy Framework (if/when certified), plus supplementary measures as needed.

If Brazilian law (LGPD) applies to a particular engagement (e.g., data collected in Brazil), you may contact us to exercise LGPD rights; we will handle such requests consistent with applicable law and our role as controller or processor.

8) Cookies & Similar Technologies

We use cookies, pixels, and similar technologies to operate the site, remember preferences, and (with consent where required) measure usage and improve performance.

• Consent. In regions that require it, non‑essential cookies run only after you choose Accept in our banner. You can change or withdraw consent at any time via Cookie Settings in the footer.
• Browser controls. You may control cookies in your browser; blocking cookies may impact functionality.
• Do Not Track. Our sites currently do not respond to browser Do Not Track signals. You can manage cookie preferences as above.

See Annex C for cookie categories and controls.

9) Security (WISP Summary)

We maintain a written information security program appropriate to the sensitivity of client data, including: – Governance. Designated security lead; policies and training; background checks consistent with law and role. – Access controls. Role‑based access; least privilege; MFA; logging and monitoring; periodic access reviews. – Protection. Encryption in transit and at rest (where feasible); endpoint protection; secure configurations; network segmentation; vulnerability management and patching. – Data minimization & download control. We prefer view‑only access where feasible, restrict exports, and limit local storage of client data to what is necessary for the engagement, using encrypted storage with access controls. – Development & change. Secure SDLC; segregation of environments; code reviews for material changes. – Vendors. Due diligence, contracts with security/privacy obligations, and ongoing oversight. – Resilience. Backups and recovery procedures; continuity planning. – Incident response. Triage, containment, investigation, notification to affected individuals and regulators as required by law; post‑incident review.

10) Your Rights and Choices

EEA/UK residents. You may access, rectify, erase, restrict, object (including to processing based on legitimate interests), and exercise data portability; and withdraw consent at any time. You can complain to your supervisory authority.

U.S. residents (state laws may apply). Depending on your state and our activity thresholds, you may request to access, correct, delete, obtain a portable copy, and opt out of certain processing (sale, targeted advertising, and some profiling). We do not sell personal information or share it for cross‑context behavioral advertising. Appeals are available where required.

How to exercise rights. Email [privacy@celeraxiom.com] with the subject “Privacy Request” and indicate your state/country of residence and the right(s) you wish to exercise. We may request information to verify your identity and residency. You may use an authorized agent where allowed by law. We aim to respond within statutory timelines; fees apply only where requests are excessive or unfounded.

Marketing choices. You can opt out of non‑transactional emails at any time via the unsubscribe link. Service and legal notices are not optional.

11) U.S. Financial Privacy (GLBA) and IRS Rules

• GLBA Safeguards. As a non‑bank financial institution, we maintain administrative, technical, and physical safeguards to protect “customer information.”
• GLBA Privacy Notice. Customer clients receive a financial privacy notice at onboarding and when updated. See Annex A (short‑form summary).
• IRS §7216. We will not use or disclose your tax return information for any purpose other than preparing and filing your return unless permitted by law or you provide a specific written consent that meets IRS regulations (see Annex B).
• FTC breach notification (tax preparers). We will notify the FTC and, where required, affected clients of certain security incidents involving tax return information.

12) State Privacy Law Disclosures (U.S.)
California (CPRA). If thresholds apply (e.g., revenue, volume of residents’ data, or selling/sharing data), California residents may exercise the rights described in Section 10. If we “sell” or “share” personal information as defined by CPRA, we will provide a “Do Not Sell or Share My Personal Information” link.
Colorado, Virginia, Connecticut, Texas and others. Where applicable, residents may exercise the rights described in Section 10, including appeals.
We do not knowingly process “sensitive personal information” for purposes beyond those permitted by law without your consent or another valid basis.

13) Children’s Privacy
Our sites and services are not directed to children under 13, and we do not knowingly collect their personal information. If you believe a child under 13 provided information, contact us and we will take appropriate steps.

14) Third‑Party Links
Our websites may contain links to third‑party sites or services. Their privacy practices are governed by their own policies; please review them.

15) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, where required, provide additional notice. Last reviewed: 8 September 2025.

16) How to Contact Us
Celeraxiom LLC
Email: privacy@celeraxiom.com
Address: 34 N Franklin Ave, Ste 687-5183 Pinedale WY 82941 · Phone: +1 (689) 280 1866
For faster handling, include your full name, contact email, and the nature of your request.

Annex A — GLBA Model Privacy Notice (Short Form)
What do we do with your personal information? – Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully. – What? The types of personal information we collect and share depend on the product or service you have with us. This information can include identifiers/contact data; account balances; income and transaction history; tax and payroll information; and service usage. – How? We share your personal information for everyday business purposes—such as to process your transactions, maintain your accounts, respond to court orders and legal investigations, or report to credit bureaus. We do not share for non‑affiliate marketing or for affiliates to market to you. – To limit our marketing: email [privacy@celeraxiom.com]. (We do not sell personal information.)
How we protect your information. We use security measures that comply with federal law. These include computer safeguards and secured files and buildings. See Section 9 for our WISP summary.

Annex B — IRS §7216 — Using/Disclosing Tax Return Information
We will not use or disclose your tax return information for any purpose other than preparing, assisting in preparing, or obtaining/filing your return unless permitted by law or you provide a written consent that meets IRS regulations. Consents must identify the recipient(s) and specific use(s); you may refuse or revoke consent at any time by emailing [privacy@celeraxiom.com]. Separate consents may be required for marketing or for sending information to third‑party providers.

Annex C — Cookie Categories & Controls
Strictly necessary. Core site functions, security, fraud prevention. (Always on.)
Functional. Remember preferences (e.g., language).
Performance/analytics. Measure visits and improve the site (enabled only with consent where required). Example tools may include web analytics and A/B testing platforms.
Advertising/remarketing. If ever used, will run only with consent and include clear opt‑outs.
Managing cookies. Use Cookie Settings in the footer to change or withdraw consent. You can also control cookies in your browser.

Annex D — Key Definitions
Controller/Processor. As defined under GDPR/UK GDPR. We are a controller for our websites and direct client services, and a processor when acting on client instructions.
Personal information / personal data. Information that identifies, relates to, describes, or could reasonably be linked with an individual or household.
Sale/Share (CPRA). As defined by California law; we do not sell or share personal information as those terms are defined.
Tax return information. Information furnished for, or in connection with, the preparation of tax returns (26 U.S.C. §7216).

Annex E — Key Service Providers & Platforms (Illustrative)
We use reputable third‑party platforms to help deliver our services. Depending on your engagement, these may include: – Financial Cents — client work management and client portal – Ignition — engagements, proposals, billing, and client portal features – QuickBooks Payments (Intuit) — payment processing (we do not store full card numbers; processing handled by PCI‑DSS‑compliant providers) – QuickBooks Online — accounting platform used at your direction
This list is illustrative and not exhaustive. A current list of key subprocessors is available upon request and may be incorporated into your engagement documents or our Data Processing Addendum (DPA).