Privacy Policy

Privacy Policy for American Expat CPA

Last Updated: July 26, 2025

1. Introduction and Who We Are

Welcome to American Expat CPA. This website and our tax services (collectively, the "Services") are operated by Windansea Advisors LLC, a Wyoming limited liability company (referred to as "we," "us," or "our").

We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, share, and safeguard the information you provide when you use our Services. It also explains the rights you have in relation to your data.

By accessing our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

2. The Personal Data We Collect

We collect information that identifies, relates to, or could reasonably be linked with you ("Personal Data"). We collect this data in the following ways:

  • Directly from you when you fill out forms, create an account, or communicate with us.
  • Automatically through technology like cookies when you use our website.
  • From third parties, such as payment processors.

The categories of Personal Data we collect include:

  • Identity & Contact Data: Your full name, email address, physical address, phone number, and account credentials for our client portal.
  • Tax & Financial Data (Highly Sensitive): Social Security Number (SSN) or other governmental ID numbers, date of birth, marital status, income information, bank account details, investment and asset information, employment details, and any other data required to prepare your U.S. tax returns (e.g., information from forms W-2, 1099, etc.).
  • Payment Data: Credit card details, bank account information, and billing address. This data is collected to process payments for our services and is handled by our secure third-party payment processors.
  • Technical & Usage Data: Your IP address, browser type, device information, how you navigate our website, and other information collected via cookies and analytics tools.
  • Marketing & Communications Data: Your preferences for receiving marketing communications from us and your communication history with our firm.

3. How and Why We Use Your Personal Data (Our Lawful Basis)

We only use your Personal Data when we have a valid legal reason to do so. The table below outlines our purposes for using your data and the lawful basis we rely on for each activity:

Purpose of Use Categories of Data Used Lawful Basis for Processing
To provide our tax preparation and consultation services Identity, Contact, Tax & Financial Performance of a Contract with you (your engagement agreement)
To process payments for our services Identity, Contact, Payment Performance of a Contract with you
To communicate with you about your account and our services Identity, Contact Performance of a Contract and our Legitimate Interests (to manage our client relationship)
To send you marketing materials (e.g., newsletters) Identity, Contact, Marketing Your explicit Consent (you can unsubscribe at any time)
To improve our website, services, and user experience Technical & Usage Our Legitimate Interests (to grow our business and analyze what works)
To comply with legal requirements and for security purposes All applicable categories Compliance with a Legal Obligation and our Legitimate Interests (to protect our business and clients from fraud)

4. Data Security

We have implemented appropriate technical and administrative security measures to protect your Personal Data from accidental loss and unauthorized access, use, alteration, or disclosure. These measures include:

  • Using Secure Sockets Layer (SSL) encryption for data transmitted over the internet.
  • Requiring you to use a secure, private client portal for uploading sensitive documents.
  • Restricting internal access to your Personal Data to only those employees and contractors who have a legitimate business need to know.

While we take data security very seriously, no method of transmission over the internet is 100% secure. Therefore, we cannot guarantee its absolute security. You are also responsible for keeping your client portal login credentials confidential.

5. Data Retention

We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, professional, accounting, or reporting requirements.

By law and professional standard, we are required to retain records related to your tax filings for a minimum period. Therefore, we will typically retain your tax and financial data for at least seven (7) years after the completion of our engagement. After this period, your Personal Data will be securely deleted or anonymized.

6. Sharing and Disclosing Your Data

We do not sell your Personal Data. We may share your data with the following categories of trusted third parties to provide our Services:

  • Governmental Bodies: The Internal Revenue Service (IRS) and relevant state tax authorities for the purpose of filing your tax returns.
  • Third-Party Service Providers: We engage vendors who provide essential services, such as our secure client portal software, payment processors, cloud hosting providers, and email communication platforms. These providers are contractually obligated to safeguard your data and can only use it to provide services to us.
  • Professional Advisors: Our lawyers, accountants, and insurers, as necessary in the course of the professional services they provide to us.
  • In a Business Transfer: If we sell, merge, or transfer any part of our business, your data may be transferred as part of that transaction.
  • When Legally Required: We may disclose your data if required by law, court order, or other governmental request to prevent fraud or protect our legal rights.

7. International Data Transfers

Our firm is based in the United States. To provide our Services to you, your Personal Data will be transferred to and processed in the United States. We serve a global clientele and are committed to handling data transfers lawfully.

When we transfer Personal Data from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to the United States, we do so in compliance with applicable data protection laws. We rely on Standard Contractual Clauses (SCCs) as adopted by the European Commission and the relevant UK authorities as the legal safeguard for these transfers. This ensures that your data is protected to the same high standard as it is in Europe.

8. Your Privacy Rights

You have rights regarding your Personal Data. The specific rights available to you depend on your location. The sections below outline the rights for individuals in different jurisdictions.

9. Notice for Individuals in Europe (EEA, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights under GDPR and related laws:

  • The Right to Access: You can request copies of your Personal Data.
  • The Right to Rectification: You can ask us to correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure (Right to be Forgotten): You can ask us to delete your Personal Data, under certain conditions.
  • The Right to Restrict Processing: You can ask us to restrict the processing of your Personal Data, under certain conditions.
  • The Right to Object to Processing: You can object to our processing of your Personal Data, under certain conditions.
  • The Right to Data Portability: You can request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us using the details below.

EU and UK Data Protection Representative: For the purposes of GDPR, our representative in the EU and UK is [You must appoint an EU/UK Representative service, like VeraSafe from the example, and list their name and contact details here].

Right to Complain: You have the right to lodge a complaint with the data protection authority in your country of residence if you believe we have not resolved a privacy concern.

10. Notice for Residents of U.S. States

Laws in certain U.S. states, like California, provide their residents with specific rights regarding their personal information. We do not sell your personal information. If you are a resident of one of these states and wish to exercise your rights, please contact us.

11. Children's Privacy

Our Services are not intended for or directed at individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have collected data from a child, we will delete it immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date at the top. We encourage you to review this policy periodically.

13. How to Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • By Email: info@americanexpatcpa.com
  • By Mail: 30 N Gould St Ste R Sheridan, WY 82801 USA
cookie By using this website, you agree to our cookie policy. Close