top of page
Privacy Policy

PRIVACY POLICY

Our Client Privacy Policy is designed to help ensure a proactive application of data privacy expectations.

Privacy Policy

Last Updated: July 2025

The nature of today’s business operations and of the services LEACIF LLC provides requires the collection and use of personal information. Expectations surrounding the safeguarding of data and the effectiveness of controls over the collection, use, and disposal of such information are at increasingly high levels. The consideration and application of relevant controls, risks, policies, and procedures surrounding data and information security are key components of the accountability and integrity of an organization’s operations.
 
Purpose
 
LEACIF LLC (the “Firm”) is committed to maintaining data security and privacy protections for its users, in accordance with regulations and guidance applicable to certified public accounting firms.  Our Client Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use, and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.  
 
For purposes of this Privacy Policy, “Service” or "Services" refers to the Firm’s services for which you have engaged us, or for which you are otherwise interacting with us or providing data and information for.  The terms “we,” “us,” and “our” refer to the Firm.  The terms “Client”, “you”, and “yours” refer to you as a user of our Service.  By accessing our portal, website, email, and any connected applications used during the course of our Service, including all related activities necessary to perform our Service, you consent to our collection, storage, use, and disclosure of your personal data and information as described in this Privacy Policy.
 
Agreement, Notice, and Communication
 
The Firm executes a formal agreement communicated via this Privacy Policy, and communicates notices of updates or changes to the Privacy Policy to users of our Service, as described below. 

We encourage and expect all stakeholders to this Policy to recognize their responsibility in implementing and maintaining data privacy and security controls and best practices.
 
Use of formal contracts

As a condition of performing or providing Services and consent for information transfer, the Firm requires the formal execution of an engagement agreement, which includes a letter of engagement, services addendum, the Firm’s Client Policies, Terms and Conditions Addendum, and Client Privacy Policy.  Client engagement letters and related agreements are updated annually, or as determined reasonable, and may include a separate letter of engagement for each type of Service to be performed.  Each engagement agreement lists the Services to be provided in a Services Addendum, for which the data and information will be necessary and utilized. If Services continue month to month prior to a new annual engagement agreement being executed (due to extended scoping time needs, or as otherwise determined reasonable), the terms of the prior engagement agreement will remain in effect, unless agreed to otherwise in writing. 
 
As a condition of employment with the Firm, all team members are required to formally execute agreements with the Firm, including an employment agreement containing non-disclosure and non-solicitation agreements, and conformance with the Firm’s Data and Information Security and Privacy Plan and its related policies.
 
Updates, notice, and consent thereof
 
Updates may be made to this Privacy Policy, engagement letters, terms and conditions, and other policies annually, or as otherwise deemed necessary by Firm management.
 
New updates or changes to the Privacy Policy or related policies will be communicated as they become applicable and appropriate to do so. Updates and changes affecting the use of private information and data will require consent from the Client prior to implementation, unless otherwise required by law.  
 
Revocation of consent to use or retain data and information
 
To request a revocation of your consent to the Firm’s collection, usage, or retention of your data and information, you may contact our Firm’s administrator at policies@leacif.com. Removal, destruction, or erasure of data or information will occur in accordance with the Firm’s data and record retention policies, or as required by law. Notification of a removal, destruction, or erasure of requested data and information will be provided via written notice as deemed appropriate, including electronic letter, email, or certified mail. Requests not in accordance with the Firm’s data and record retention policies, or as required by law, will not be granted.  The nature of the public accounting profession requires applicable record retention criteria to remain intact, and you give consent to understanding and agreeing to as a condition of providing information to the Firm.
 

Collection and Creation
 
The Firm communicates the intention to collect data and information and create records thereof within our system at various points during the data collection process. The major points of data collection occur during the initial contact or inquiry from a potential Client, upon engaging and onboarding a new Client, and during the performance of Services for a Client.  

 

Consent
 
In the event that an individual or entity contacts or inquires of the Firm, the individual may either explicitly give consent to information collection based on the information they provide via the contact form on our website, or explicitly or implicitly give consent with information provided via phone call, email, virtual meeting, completion of the Firm’s onboarding organizers, or another method of communication.  Data collected from the individual or entity may be used for evaluation and scoping purposes related to the Firm potentially proposing to perform Services for the Client. For other uses of data provided, Client must provide explicit consent to the other use(s), such as providing consent to being included on a Firm newsletter email list. General updates and Firm announcements that are informative or impacting the nature of Services may be sent to Clients and potential Clients of the Firm.
 
As a new or current Client, you explicitly provide consent to the collection and creation of records related to your business and personal data and information, including sensitive personally identifiable data and information, when executing this Privacy Policy, an executed engagement letter agreement, and related policies, terms, conditions, and services addendums and agreements attached to the engagement letter and previously described. You will implicitly provide consent to data and information collection and records creation by providing the Firm with ongoing access to data and information necessary to perform the Service agreed upon.  For other uses of data provided by the Client that would be considered outside of the scope of the Service agreed upon, the Client must provide explicit consent to the other use(s), such as providing consent to provide specific information to a third-party on your behalf.
 
Data collection and record creation
 
Data and information may be collected via multiple methods, including electronic methods such as a shared portal, shared folder or document, software or meeting platform upload, or email; verbal methods such as video conference, in-person meeting, or phone call; or other communication methods, including mail and facsimile. 
 
Data records are created within the Firm’s systems in varying manners, depending on the applicability of the data and information. The Firm also utilizes third-party service providers to support its overall systems, objectives, and mission, including service providers utilized both by the Firm and Clients simultaneously, as well as by the Firm itself for its internal business management purposes.  
 
Email data collection
 
The Firm utilizes a third-party service provider to collect, retain, and duplicate email information. The Firm’s use for email data collection other than record creation and in the performance of Services is reliant upon its internal monitoring, record retention, and data backup needs.  We do not use collected and duplicated email data for other purposes.

 

Portal data collection

 

The Firm utilizes a third-party ‘portal system’ application service provider to collect, share, and retain information. This portal system will be used throughout the course of your relationship with the Firm. Information and data will be collected, transmitted, accessed, and stored in the portal system. The Firm uses this portal system to communicate and execute engagement agreements with Clients, collect and request information, share sensitive business and personal information, and other uses in the course of interacting with the Firm.  By continuing a Service relationship or potential Service relationship with the Firm, you consent to the use of this portal system and its full functionality. Please contact policies@leacif.com for additional information about the portal system and information relating to the service provider’s data and information security and privacy policies.

 

Meeting and call data collection

 

During the course of the Service or potential Service relationship with the Firm, we may engage in several ongoing meetings and calls. Meetings will most often be held via virtual meeting platforms, and in person from time to time. Virtual meetings may be hosted by the Firm, Client, or other third parties, and may utilize various hosting platforms and virtual meeting service providers. Sensitive business and personal information may be discussed and documented during these meetings. Documentation and other data and information collected during these meetings may be stored and later accessed by the Firm, as it relates to our Service relationship, and for other necessary and reasonable purposes, including the Firm’s record retention and quality management purposes. By continuing a Service relationship or potential Service relationship with the Firm, you consent to meeting and call data collection, use, and storage.

 

Collection and processing of information and data by Artificial Intelligence (“AI”) 

 

The Firm uses communication applications to host virtual meetings and to support its phone and other communications support infrastructure needs.  These applications include an Artificial Intelligence (AI) component that acts as a ‘note taker’ during online virtual meetings that are hosted using these applications. When turned on, an  AI note taker will collect and document information collected during these meetings. This information will then be transmitted, accessed, and stored using the Firm’s other systems. Information collected will be used during the course of providing Services or potential Services to you, and for the Firm’s record retention and quality management purposes. By continuing a Service relationship or potential Service relationship with the Firm, you consent to the data collection and use described here, and use of this Artificial Intelligence functionality. Please contact policies@leacif.com or your engagement partner if you have concerns regarding the use of this functionality.

 

Use of third-party services

 

As a condition of the Firm providing Services to you, you agree to the use of third-party services. You agree that we have no responsibility for the activities of a third-party software or system, and you agree to indemnify and hold us harmless with respect to any and all claims arising from or related to the operation of any third-party system, software, or application. You agree that we are not responsible for any data loss or corruption that may occur while using any third-party system or application.
 
Data collection process
 
The Firm establishes data collection procedures with Clients during the onboarding process for new Services in order to support the overall objectives of the Service relationship.  Procedures may include an established process for transferring data and information to the Firm, including the method of transfer; the time period or expected due date of information and data transfer; the format of data and information transferred, such as PDF or Excel; and the process for notifying the Firm in the event data and information may not be available as otherwise previously established.
 
The Firm views the data collection procedures established as integral to the data control within its Service model and encourages all Clients to conform to the data collection procedures once established.  Conformance to the process assists in enabling the integrity and security of the data and information, as deviances can result in more timely identification of information that may have become missing or compromised during the collection process, as well as curtail opportunities for inappropriate access during the data collection process. 
 
Opting out
 
To opt out of data collection and retention, please contact the Firm’s administrator at policies@leacif.com. In general, requesting to opt out of data and information collection, record creation, or use of the related data and information may result in a termination of Service between the Firm and the Client, in accordance with the Client Policies, Terms, and Conditions Addendum.
 
Use, Retention, and Disposal
 
The use of personal data and information is inherent to the nature of the Service the Firm provides.  Such data and information that may be used can relate to individual and business financial information, employee information, corporate information, and other data and information relevant to the nature of the Service performed by the Firm. In general, the Firm cannot perform most services without using personal data and information. Generally, it would not be anticipated that it would otherwise do so.

 

Purpose of data and information use
 
The Firm uses confidential business and personal information and data to perform a Service or Services for you, the Client. The intended use of data and information is identified in relation to the Services the Firm will provide within the scope of your engagement agreement.
 
Data used for the Firm’s general business or internal improvement purposes
 
The Firm may use your business and personal information and data provided to it in the general course of business or in the course of evaluating the Firm’s processes, potential improvements or changes to the Firm’s processes, or to comply with regulatory and other legal requirements, including participation in a regulated peer review program. You agree data and information may be used individually or in aggregate for these purposes as deemed necessary and appropriate by the Firm’s management.  
 
Data used for the Firm’s marketing purposes
 
From time to time, the Firm may use data and information for other communication purposes, such as sending Firm newsletters or mailers. In general, newsletters or mailers may be sent to the Firm's contacts containing relevant information, topics, or updates. Explicit consent of acceptance or ‘opting in’ to these newsletters and mailers is required.
 
The Firm may utilize general marketing communication as a form of ‘cold marketing’ to seek new opportunities. Information and data used for these purposes are explicitly provided to the firm or obtained from public sources only.  
 
The Firm does not use personal data and information for other purposes unless required by law or regulation. The Firm's use of personal data and information may be limited in accordance with other explicit privacy and confidentiality agreements in place.
 
Data retention and loss prevention
 
The Firm retains personal data and information in accordance with its data and record retention policies, as well as applicable laws and regulations inherent to operating a public accounting firm.  

Data and information are protected from erasure or destruction during the retention period via controls established within the Firm’s document management system, and other business systems. The Firm has implemented controls to prevent, monitor, and detect potential harm to its data retention systems and corrective procedures in case safeguards fail.
 
Corrections or updates to data and information
 
To request a correction or other necessary update to personal data and information the Firm maintains, please contact the Firm’s policy administrator at policies@leacif.com. When practical, the Firm may utilize a data and information change form to facilitate information change requests. When required either by law or as deemed appropriate by Firm management, the Firm may notify third parties of changes or corrections made to personal data and information.
 

Data disposal
 
The Firm manages requests for the deletion of personal data and information in accordance with its Data and Information Security and Privacy Plan and related policies. Data and information are disposed of appropriately and securely, including using erasure, redaction, and destruction techniques when appropriate.
 
Access
 
During the course of providing Services to you, we may grant view or editable access to shared data and information in a software application, electronic folder, shared portal, or other similar platform.  
 
Access to data and information is granted to individuals during onboarding procedures, and periodically as appropriate. The Firm may use a data and information access form to document user access rights and approval thereof when appropriate. The Firm generally restricts access to data and information to the least amount of access necessary and practical.
 
User identity authentication
 
The Firm uses reasonable methods to authenticate user identity prior to granting access to data and information.  In some cases, authentication methods may be required by law.  You agree to comply with authentication methods and requests as appropriate.

 

Multiple-factor authentication

 

The Firm requires the use of multiple-factor authentication when accessing its systems and online platforms used in conjunction with providing Service to you. You agree to implement multiple-factor authentication controls for your own use of and access to these systems, as well as enforce similar use by users under your control or influence. 
 
Denial of access to data and information
 
In certain cases, as required by the Firm’s policies, legal requirements, or other cases as determined appropriate by the Firm’s management, access or changes to data and information may be denied.  If a data and information access or change request is denied, we will notify you in writing in a timely and reasonable manner of the denial and reasons for the denial, including any legal reasons, unless prohibited from doing so by law or Client confidentiality policy.  
 
Removal of access to data and information
 
To request the removal of user access to data and information, please contact your engagement partner, engagement administrator, or policies@leacif.com.
 
Disclosure to Third-Parties
 
Data and information are disclosed to third parties both in the normal course of the Firm providing Services to you as well as in instances of specific requests or events that may occur between you and the Firm.  In general, information is only disclosed to third parties for the purpose for which it was collected or created, and within the scope of the Engagement Agreement, or as otherwise previously described or explicitly agreed to.
 
Use of third parties
 
The Firm has developed methods and assessments for evaluating the use of third-party service providers in the normal course of the Firm’s business of providing client services, and in accordance with its Data and Information Security and Privacy Plan and its related policies.
 
Disclosure to third parties not within normal scope
 
In the event of a request for disclosure to a specific third-party, or disclosure of data and information not within the normal scope and purpose of the Service provided by the Firm, the Firm utilizes a Consent to Disclose Information Form to document and retain the authorization and approval of the disclosure. Personal information and data are only disclosed to third parties of this nature whom you have explicitly requested and agreed to disclose the information to. The Firm is not obligated to, and may choose not to disclose information to a third-party at its discretion, regardless of your request.

The Firm applies a reasonableness standard in granting the disclosure request and may perform a risk assessment, general research, interview, or other action(s) as determined to be appropriate based on the nature of the third party to whom the information is requested to be disclosed prior to disclosing the information. The Firm may limit, delay, or deny the disclosure of any request if it determines it is appropriate or necessary to do so.
 

Disclosure by third parties
 
The Firm does not take steps to evaluate or gain assurance as to the effectiveness of the internal controls of a third-party for which information is disclosed; however, reasonable procedures are in place for disclosing information or onboarding a new vendor relationship. As stated in this Privacy Policy and the Client Policies, Terms, and Conditions Addendum, you agree to the use of third-party systems and are responsible for all data transmitted to or held by a third-party.
 
In accordance with standards and regulations established for tax practitioners and accounting professionals, practitioners are required to have minimum data protection policies in place.  The Firm may request a copy or other evidence of these policies from tax practitioners and other accounting professionals prior to disclosing data to the third-party.
 
Notice of breach or incident
 
In the event we become aware of a data breach or incident of misuse of personal information and data, whether internally within the Firm or externally by a third-party, the Firm provides notice of the breach or incident in accordance with its Data Privacy and Security Breach Management Plan. The Firm generally notifies data subjects of the breach and the remedial actions taken (or intended to be taken).   The Firm may also take steps to notify law enforcement or regulatory authorities of the data breach or incident of misuse, as appropriate or as required by law.
 
If you become aware of a breach incident affecting data and information you provide to our Firm, you will notify us immediately of the breach at policies@leacif.com or via the Incident Report Form available by adding it to your Client portal. To learn how to create an organizer in your portal, review the Wiki linked here: https://leacif.taxdome.com/pages/f3f7c112cfd05deec13657f1 
 
Data Integrity and Quality
 
Data integrity, quality, reliability, relevancy, completeness, and accuracy are paramount to the success of yours, and the Firm’s operational processes and delivery of Service. The Firm collects and maintains data in a manner consistent with the Firm’s objectives.
 

Use of procedures and templates supporting data integrity and quality
 
We have established and may use various documented procedures, organizers, and templates as appropriate to assist with communicating and supporting data and information accuracy, completeness, relevancy, and reliability. These may include but are not limited to:
 

  • Procedures for sending or uploading documents to the Firm.

  • Templates for inputting data.

  • Checklists, forms, and organizers for data requests.

 
We monitor and openly communicate regarding the adherence to data integrity and quality measures on a continuous basis during our Service engagement with you.
 
Monitoring and Enforcement

The Firm has established processes for monitoring, enforcing, and testing its controls over data security and privacy in order to ensure controls and procedures operate effectively and remain relevant. The Firm strives to address deficiencies in meeting its objectives related to data security and privacy in a proactive manner.  
 
Inquiries, disputes, and complaints
 
The Firm documents all inquiries, complaints, and disputes related to data and information security and privacy. If complaints or disputes are not able to be resolved in a reasonable and timely manner internally within the Firm, the Firm may seek the advice or consultation of a third-party technology service provider(s) that relates to the incident. Depending on the nature of the complaint or dispute, the Firm may seek the advice of legal counsel, or other professional counsel or opinion.
 
To report a dispute or complaint over data security and privacy handling or other related instances, or if you have any related inquiries, please contact policies@leacif.com or initiate the communication using the Incident Report Form within your Client portal. 

Innovate your expectations.

Featured Content

Services
How we can help reach your goals.

Services designed to purposely impact value, processes, and strategic positioning.

All Services
About Us
Industries
Who we are
aligned to support

Innovative industries meaningfully aligned with our service intent, design, and delivery.

All Industries
About Us
About
Learn more about
LEACIF

What inspires us and makes our firm unique? Explore insights into why we do what we do.

About Us
About Us
Founder
Implement Processes and Controls

Helping businesses better maintain their processes is part of what we do every day.

Resources
About Us
LEACIF long logo

Innovate your expectations.

Mailing address: 

519 West Center Road

Essexville, MI 48732

 

(989) 899-7100

Contact@LEACIF.com

  • LinkedIn
  • Facebook

Follow LEACIF on social media for insights, business tips, announcements, and other original content to see how we think.

Founded and grounded in Michigan, U.S.  Established in 2014.

© 2025 by LEACIF LLC - All rights reserved

bottom of page