Privacy & Security


CPAs and financial advisers are required to inform their clients of their policies regarding privacy of client information. CPAs have been and continue to be bound by professional standards of confidentiality that are even more stringent than those required by law. Therefore, we have always protected your right to privacy.

“I”, “we”, “us” refers to Tony Novak, his employees, partners and supervised non-employee workers acting as contractors, interns or in a similar capacity acting under Novak’s direct supervision.

Types of Nonpublic Personal Information We Collect: We collect nonpublic personal information about you that you provide or is obtained by us with your authorization.

Phone, text and email: I use your personal cellular telephone number and an email address that you provide for ongoing use in conveying information that I believe is relevant and important. This is my primary means of written communications. If you want to opt of these communications, please tell me. However, if you opt out of text and email communications, I am not obligated to communicate this information by telephone, postal mail or other means.

Parties to Whom We Disclose Information: We do not disclose any nonpublic personal information obtained during our practice except as required or permitted by law. Permitted disclosures include, for instance, providing information to our employees and, in limited situations, providing information to unrelated third parties who need to know that information to assist us in providing services to you. In all such situations, we stress the confidential nature of information being shared.

Protecting the Confidentiality and Security of Current and Former Clients’ Information: We retain records relating to professional services that we provide so that we are better able to assist you with your professional needs and, in some cases, to comply with professional guidelines. To guard your nonpublic personal information, we maintain physical, electronic, and procedural safeguards that comply with our professional standards.

Work with Third Party Entities: We frequently share work with third-party entities. If the work will be performed by an employee, partners or a contractor under my supervision then I will not discuss this with you in advance and the responsibility for maintaining privacy remains with me. If I propose working with other independent parties, we will discuss it first and confirm our understanding and agreement to do this in writing.


Custody of funds – I do not take physical possession of client funds nor do I have custody of client financial accounts while acting in the role of accountant or adviser. That means that I do not have the sole authority to sign checks or make withdrawals. In some cases, I can authorize electronic payments under pre-negotiated written accounting services arrangements. If I act in joint roles, for example as Treasurer, Board member or Officer in addition to my role as an accountant/adviser, then the specific additional authority of that role would be disclosed in a separate written agreement.

Paper documents – I prefer to not take physical possession of original documents or physical documents that contain personal information. A PDF file or clear cell phone photo is almost always a better option. If I do take possession of a paper document, I will issue a receipt and arrangements for its handling and return are made in writing on an individual case-by-case basis. Private client data, passwords and account access details for client files are not stored on any of my local physical devices so that loss of a cell phone or computer, for example, does not pose a security threat.

Client data – Online document management and storage is handled by a US-domiciled Internet security service called SecureFilePro. Clients’ files are protected by tough industry-standard security measures based on a secure 256-bit SSL encryption during transmission and files are encrypted at rest on the private US-based server. At all times, clients can view and access only their own documents.

Other electronic data – Security for most of my work and client information is provided by Microsoft’s cloud-based storage platform incorporated into Microsoft Office 365. In other words, I am as secure (no more and no less) as any of the many similar professional businesses that operate on a Microsoft Office 365 platform. Microsoft publishes much more information about security on its web site.

Passwords and account access details – I use an industry-leading third-party password security company for separate offsite management of passwords and online account log in details. Unique randomly generated passwords with 8 or more characters are used for each web site and client account. These passwords are not stored on any of my devices. The master account password is not recorded anywhere.

Please call if you have any questions, because your privacy and security, our professional ethics, and the ability to provide you with quality financial services are very important to us.

A link to my privacy and security agreement is sent via text message or email. I am available to discuss any questions or concerns. Please read the message and respond by typing “AGREED” before we engage in any other work.

View or download the agreement here: privacy-and-security