Data Retention and Disposal Policy
Last updated: April 2026
At BookKeeping.business, we take the security and privacy of your financial data seriously. This policy outlines how we retain, protect, and dispose of your data throughout and after your engagement with us.
During Engagement
Your data is securely stored and accessible for the duration of your active service.
Tax Prep Data
Retained for 3 years after filing, per IRS recordkeeping guidelines.
Post-Engagement
All non-tax data permanently deleted within 7 days of engagement end.
1. Scope
This policy applies to all client data collected, processed, and stored by BookKeeping.business in the course of providing bookkeeping, tax preparation, payroll, accounts payable/receivable, and related financial services. This includes but is not limited to: financial records, bank statements, receipts, tax documents, payroll records, invoices, and any documents uploaded to our secure client portal.
2. Data Retention During Active Engagement
For the duration of your active service engagement with BookKeeping.business, all client data is securely retained and accessible through our encrypted client portal. This includes:
- Financial records and transaction data
- Bank and credit card statements
- Receipts and supporting documentation
- Financial reports (P&L, Balance Sheet, Cash Flow)
- Payroll records and employee information
- Tax-related documents and filings
- Invoices, bills, and AP/AR records
- Communication history and support tickets
All data is encrypted at rest and in transit using 256-bit SSL encryption. Access is restricted to authorized personnel on a need-to-know basis. Our infrastructure is SOC 2 compliant.
3. Data Retention After Engagement Ends
When your engagement with BookKeeping.business concludes — whether through cancellation, non-renewal, or mutual termination — the following retention and disposal schedule applies:
| Data Category | Retention Period | Disposal Method |
|---|---|---|
| Tax preparation records | 3 years from the date of filing | Permanent deletion from all systems |
| Bookkeeping records | 7 days after engagement end | Permanent deletion from all systems |
| Payroll records | 7 days after engagement end | Permanent deletion from all systems |
| Receipts and documents | 7 days after engagement end | Permanent deletion from all systems |
| AP/AR records | 7 days after engagement end | Permanent deletion from all systems |
| Portal account and credentials | 7 days after engagement end | Account deactivation and data purge |
4. Tax Preparation Data — Extended Retention
If you have utilized our tax preparation services, we retain your tax-related data for a period of 3 years from the date of filing. This retention period aligns with the IRS statute of limitations for most tax returns and ensures that supporting documentation is available in the event of an audit, amendment, or inquiry.
Tax-related data subject to this extended retention includes:
- Filed tax returns (federal and state)
- Supporting schedules and worksheets
- W-2s, 1099s, and other income documents used in preparation
- Deduction substantiation records
- Correspondence with tax authorities related to your filing
IRS Recordkeeping Guidance
The IRS generally recommends keeping tax records for at least 3 years from the date you filed the return. In certain circumstances (such as underreported income exceeding 25% of gross income), the IRS may audit up to 6 years back. Our 3-year retention covers the standard statute of limitations. If you require extended retention, please contact us before your engagement ends.
5. Non-Tax Data — 7-Day Disposal
For clients who do not use our tax preparation services, or for all non-tax data regardless of service type, we permanently delete your data within 7 calendar days of your engagement end date. This includes:
- All financial records and transaction history
- Bank statements and credit card data
- Uploaded receipts and documents
- Payroll records and employee information
- Financial reports generated during your engagement
- Communication logs and support ticket history
- Portal account data and access credentials
We strongly recommend that you download or export any records you wish to keep before your engagement ends. Once the 7-day disposal window closes, data cannot be recovered.
6. Data Disposal Procedures
When data reaches the end of its retention period, we follow a secure disposal process:
- Database records: Permanently deleted from all primary and backup databases using cryptographic erasure where supported.
- Stored files: Permanently deleted from our encrypted cloud storage (Supabase Storage). File references and metadata are purged.
- Backups: Data is removed from backup systems within the standard backup rotation cycle (up to 30 days after primary deletion).
- Third-party systems: We initiate deletion requests with any third-party service providers that may hold copies of your data as part of our service delivery.
7. Your Rights and Requests
You have the right to:
- Request early deletion: You may request that your data be deleted before the standard retention period expires. We will process such requests within 7 business days.
- Request extended retention: If you need us to retain your data beyond the standard period (for example, for ongoing legal matters), please notify us in writing before your engagement ends.
- Request a data export: Before your engagement ends, you may request a complete export of your data in standard formats (CSV, PDF).
- Request confirmation of deletion: After the disposal period, you may request written confirmation that your data has been permanently deleted from our systems.
8. Security During Retention
Throughout the retention period, all data is protected by:
- 256-bit SSL encryption for data in transit
- AES-256 encryption for data at rest
- SOC 2 compliant infrastructure
- Role-based access controls with audit logging
- Regular security assessments and monitoring
- No data is ever sold, shared, or used for purposes other than delivering your service
9. Contact Us
If you have questions about this policy, wish to make a data request, or need to discuss your retention requirements, please contact us:
Email: hello@bookkeeping.business
Subject line: Data Retention Request — [Your Business Name]
We respond to all data-related requests within 3 business days.
10. Policy Updates
We may update this policy from time to time to reflect changes in our practices, legal requirements, or service offerings. Material changes will be communicated to active clients via email. The “Last updated” date at the top of this page indicates when the policy was most recently revised.