Privacy Policy
HeyDrew is committed to handling your personal information with care, transparency, and respect. We maintain privacy standards that reflect our values — not just our legal obligations. Where we have discretion, we choose practices that give you meaningful control over your information. Please read this Privacy Policy carefully. If you have questions, you may contact us at privacy@heydrew.com.
1. Information We Collect
1.1 Information You Provide Directly
We collect information you provide when you create an account, purchase or enroll in a service, use our platform, communicate with us, or otherwise interact with HeyDrew. This includes the following:
Personal identifiers. Your name, mailing address, email address, phone number, date of birth, and other contact and identifying information.
Government-issued identification and tax identifiers. Social Security Numbers, Individual Taxpayer Identification Numbers (ITINs), Employer Identification Numbers (EINs), driver’s license numbers, passport numbers, and other government-issued identification required for tax preparation, filing, and related services.
Financial and tax information. Income, wages, assets, deductions, credits, expenses, bank account information, investment details, financial statements, tax returns, and other financial records necessary to perform your services.
Business information. Business structure, ownership details, revenue, expenses, payroll records, vendor and employee information, and other business-related data you provide in connection with your engagement.
Payment information. Details for credit cards, debit cards, and other payment methods, along with associated billing information. Payment transactions are processed by third-party payment processors, and HeyDrew does not retain full payment card numbers.
Account credentials. Username, password, and security information for your HeyDrew account.
Communications. Messages, questions, feedback, survey responses, and other content you submit when contacting us or interacting with our support team.
1.2 Information About Others You Provide
During your engagement, you may provide us with personal information about other individuals — including spouses, dependents, business partners, employees, or other third parties — whose information is necessary to perform your services. By providing information about others, you represent that you have the authority to do so and that those individuals have been informed and consent to the sharing of their information with HeyDrew as described in this Privacy Policy. HeyDrew uses information about third parties solely to perform the services for which it was provided.
1.3 Information Collected Automatically
When you visit our website, use our mobile application, or interact with our platform, we and our service providers may automatically collect information about your device and activity. This includes:
Device and browser information. IP address, device type, operating system, browser type and version, unique device identifiers, and similar technical information.
Usage and activity data. Pages visited, features used, links clicked, time spent on pages, referring URLs, search queries on our platform, and similar interaction data.
Application data. If you use our mobile application, we may collect information about your app activity, session data, crash reports, and performance data.
Electronic communication interaction data. When you interact with our electronic communications — including emails, in-app messages, chat tools, and AI-assisted chat features — we may collect data about those interactions, such as whether an email was opened, links were clicked, and content was submitted through chat or messaging interfaces. Interactions with HeyDrew’s AI-assisted tools may be recorded and used to improve service delivery, subject to the limitations described in this Privacy Policy.
Inferred and derived data. Based on the information you provide and your interactions with our platform, we or our AI-assisted tools may generate insights or derived information about your tax situation, financial patterns, or service needs. This derived information is used solely to deliver and improve your services and is subject to the same protections as the information from which it was derived.
Cookie and tracking data. We use cookies and similar tracking technologies to operate and improve our platform and services. For full details on how we use these technologies and how to manage your preferences, please see our Cookie & Tracking Policy at www.heydrew.com/legal/cookie-policy.
2. How We Use Your Information
We use the information we collect for the following purposes:
To provide and deliver our services. We use your personal, financial, tax, and business information to perform the services you have purchased, including tax preparation and filing, bookkeeping, advisory services, entity-related services, and other professional services included in your engagement.
To manage your account and process payments. We use your account credentials, contact information, and payment details to create and maintain your account, authenticate your identity, process transactions, and manage your billing.
To communicate with you. We use your contact information to communicate with you, including service-related communications such as account notifications, engagement updates, deadline reminders, document requests, and responses to your inquiries. We may also send you information about new services, features, or offerings we believe may be of interest to you. You may opt out of marketing communications at any time, as described in Section 8.
To comply with legal, regulatory, and professional obligations. We use your information as required by applicable law, including federal and state tax regulations, IRS requirements, and the professional standards applicable to our licensed professionals under IRS Circular 230 and applicable state licensing rules. This may include retaining certain records for the periods required by law or professional standards.
For platform analytics and performance. We use automatically collected data, including data collected through third-party analytics tools such as Google Analytics and similar services, to understand how our website, application, and platform are used, identify and resolve technical issues, and improve the quality and functionality of our services. Analytics tools are configured to limit the collection of sensitive information.
For security and fraud prevention. We use your information to detect, investigate, and prevent unauthorized access, fraudulent activity, and other security threats to our platform and your account.
For internal business operations. We use your information as reasonably necessary to operate, maintain, and improve our business, resolve disputes, enforce our agreements, and protect our legal rights.
What we do not do. Without your consent, we do not sell your personal information, share it with third parties for their own advertising or marketing, or use your sensitive personal or financial information — including Social Security Numbers, government-issued identification, tax records, or financial data — for marketing, behavioral advertising, or to train artificial intelligence models.
3. Sensitive Information
Certain categories of information you provide to HeyDrew are inherently sensitive — including Social Security Numbers, Individual Taxpayer Identification Numbers, Employer Identification Numbers, driver’s license numbers, passport numbers, dates of birth, financial records, tax returns, bank account information, and other financial and tax data. Given the nature of our services, collecting this information is necessary to perform your engagement. We treat it with a heightened level of care that exceeds our general data handling practices.
Specifically, with respect to your sensitive information:
Purpose limitation. We use your sensitive information only to perform the services you have engaged us to provide, to comply with applicable legal and professional obligations, and to protect the security and integrity of our platform and your account. We do not use it for any other purpose without your consent.
Access controls. Access to sensitive information is limited to HeyDrew Professionals, staff, and service providers who need it to perform your services. All such parties are subject to confidentiality obligations consistent with this Privacy Policy and our Engagement Terms of Service.
Analytics and advertising exclusion. Sensitive information is excluded from behavioral analytics, advertising tools, and marketing platforms. Pages and features that collect sensitive information are configured to limit the reach of third-party tracking technologies.
AI exclusion. Your sensitive personal and financial information is not used to train, develop, or improve any artificial intelligence model, whether operated by HeyDrew or by a third party.
Security. We apply additional administrative, technical, and physical safeguards to sensitive information beyond our general security practices, consistent with the nature of the data and applicable professional standards.
4. How We Share Your Information
HeyDrew does not share your personal information except in the limited circumstances described below. Some sharing is necessary to deliver the services you have purchased — for example, certain information must be transmitted to third-party service providers to process payments, operate our platform, or fulfill professional obligations. This type of sharing is a function of how modern digital services operate, not a sale or transfer of your data for external purposes.
HeyDrew Professionals and internal staff. We share your information with HeyDrew Professionals, employees, and contractors who need it to perform your services or support your engagement. All such individuals are subject to confidentiality obligations consistent with this Privacy Policy and our Engagement Terms of Service.
Service providers. We share your information with third-party service providers who perform functions on our behalf, including those necessary to deliver the services you have purchased. These providers receive only the information necessary to perform their specific functions and are contractually prohibited from using your information for any other purpose.
Third-party referral partners. Where HeyDrew refers you to a third-party professional service provider for services outside HeyDrew’s scope — such as legal, estate planning, investment advisory, or other licensed professional services — we may share relevant information with that provider to facilitate the introduction or service. We will not share your information with a referral partner without your consent. Some referral relationships may involve compensation to HeyDrew, which will be disclosed as required by applicable law.
Analytics and technology providers. We share limited usage and device data with third-party analytics providers, including Google Analytics and similar services, to understand how our platform is used and to improve our services. Sensitive personal and financial information is not shared. You may opt out of analytics tracking via our cookie preferences tool.
Advertising platforms. Where HeyDrew uses advertising platforms such as Meta, Google, or similar services to promote its offerings, those platforms may receive limited data via tracking technologies on our website or application — such as pages visited or actions taken — to measure the effectiveness of our advertising and, where applicable, to serve relevant ads to you or others. We do not share your sensitive personal or financial information with advertising platforms. We do not upload your personal information to advertising platforms for targeting or audience-building purposes without your consent. You may limit data collection by advertising platforms through our cookie preferences tool and their privacy settings.
Legal and regulatory compliance. We may share your information when required by applicable law, regulation, court order, subpoena, or other valid legal process. We may also share your information to comply with our professional obligations under IRS Circular 230 and applicable state licensing requirements, to protect the rights, property, or safety of HeyDrew or others, to prevent fraud or illegal activity, or to enforce our agreements. Where permitted by law, we will make reasonable efforts to notify you before disclosing your information in response to legal process.
Business transfers. If HeyDrew is involved in a merger, acquisition, sale of assets, or corporate restructuring, your information may be transferred as part of that transaction. We will provide reasonable notice of any such transfer and ensure that your information remains protected in accordance with this Privacy Policy.
With your consent. We may share your information in other circumstances with your explicit consent.
5. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our website and mobile application to operate our platform, understand how it is used, and improve your experience. This section provides a brief overview. For full details on the specific categories of cookies we use, how they work, and how to manage your preferences, please see our Cookie & Tracking Policy at www.heydrew.com/legal/cookie-policy.
What cookies are. Cookies are small text files stored on your device when you visit a website or use an application. Similar technologies include pixels, web beacons, local storage objects, and device identifiers. These tools allow us and third parties to recognize your device, remember your preferences, and collect information about your interactions with our platform.
How we use them. We use these technologies for essential platform functions — such as keeping you logged in and securing your session — as well as for analytics, performance monitoring, and where applicable, advertising measurement. We do not use tracking technologies to collect sensitive personal or financial information.
Third-party tracking. Some tracking technologies on our platform are operated by third parties, including analytics providers and advertising platforms. These third parties may collect information about your activity on our platform and on other websites in accordance with their own privacy policies. We do not control third-party tracking practices beyond what we configure on our platform.
Your choices. You can manage your cookie preferences at any time using our cookie preferences tool at www.heydrew.com/legal/cookie-policy. You may also adjust your browser settings to block or delete cookies, though doing so may affect the functionality of our platform. You can also opt out of certain third-party tracking directly through those platforms.
6. Data Security
HeyDrew takes the security of your personal and financial information seriously. We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, loss, or destruction. For sensitive information — including Social Security Numbers, government-issued identification, financial records, and tax data — we apply additional security measures appropriate to the data and consistent with applicable professional standards.
No security measure is perfect or impenetrable. No data transmission over the internet or wireless network can be guaranteed to be completely secure, and no storage system can be guaranteed to be entirely free of vulnerabilities. While we work diligently to protect your information, you acknowledge that providing personal information through any digital platform carries inherent risks that HeyDrew cannot fully eliminate.
You play an important role in keeping your information secure. You are responsible for maintaining the confidentiality of your account credentials and for securing the devices you use to access HeyDrew’s platform. If you believe your account has been compromised or that your information has been accessed without authorization, please contact us immediately at privacy@heydrew.com.
In the event of a security incident affecting your personal information, HeyDrew will notify you in accordance with applicable federal and state data breach notification laws. The timing, method, and content of the notification will be determined by the nature of the incident and applicable legal requirements.
7. Data Retention
HeyDrew retains your personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, to provide your services, to maintain our business records, and to comply with applicable legal and professional obligations.
For tax-related records, applicable professional standards — including those governing Enrolled Agents and Certified Public Accountants — require that certain records be retained for a minimum period after the preparation or filing of a return. HeyDrew retains tax-related records in accordance with these requirements. Beyond that minimum, we retain your information only as long as reasonably necessary for our legitimate business purposes.
For other information we collect — including account data, communications, and usage data — retention periods vary by the nature of the information, the purpose for which it was collected, and applicable legal requirements. We do not retain information indefinitely, and we periodically review our data holdings to delete or de-identify information that is no longer needed.
When your engagement with HeyDrew ends, we will handle your information in accordance with this Privacy Policy and applicable law. Certain information may be retained after your engagement ends where required by law, professional standards, or for legitimate business purposes, such as resolving disputes or enforcing our agreements.
If you would like information about our data retention practices or wish to request the deletion of your information, please see Section 8 or contact us at privacy@heydrew.com.
8. Your Privacy Choices
HeyDrew believes you should have meaningful control over your personal information. The following rights and choices are available to you. Some of these are required by applicable law; others we offer as part of our privacy standards, regardless of legal requirement.
Correction. If you believe that the personal information we hold about you is inaccurate or incomplete, you may request that we correct it. You may also update certain account information directly in your HeyDrew account. We will make reasonable efforts to promptly correct inaccurate information.
Deletion. You may request that HeyDrew delete the personal information we hold about you. We will honor deletion requests where feasible and where doing so does not conflict with our legal, regulatory, or professional obligations — including our obligation to retain certain records under applicable tax and professional standards. Where we are unable to fully delete your information, we will explain why and take reasonable steps to limit its use.
Opt out of marketing communications. You may opt out of marketing and promotional email communications from HeyDrew at any time by clicking the unsubscribe link in any marketing email or by contacting us at privacy@heydrew.com. For marketing text messages, you may opt out by following the instructions in those messages or by contacting us directly. Please see our SMS and Text Messaging Policy at www.heydrew.com/legal/sms-terms for full details on managing text message preferences. Opting out of marketing communications does not affect service-related communications, which we may continue to send in connection with your active engagement.
Opt out of analytics tracking. You may limit the collection of your data by analytics and advertising platforms through our cookie preferences tool at www.heydrew.com/legal/cookie-policy. You may also adjust your browser settings or use your device’s privacy controls to limit tracking. Please note that opting out of certain tracking technologies may affect the functionality of our platform.
To exercise any of the rights described above, please contact us at privacy@heydrew.com or by mail at HeyDrew – 90 Fort Wade Rd., Suite 67, Ponte Vedra, FL 32081.
We will acknowledge your request promptly and respond within a reasonable timeframe. To protect your information, we may ask you to verify your identity before processing your request. We will not discriminate against you for exercising any privacy right described in this Privacy Policy.
9. Children’s Privacy
HeyDrew’s services are intended for adults aged 18 or older. We do not knowingly collect, use, or share personal information from individuals under the age of 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete that information from our systems.
If you believe a child under 13 has provided personal information to HeyDrew, please contact us at privacy@heydrew.com. We will promptly investigate and address the matter.
10. Third-Party Links and Services
Our website, mobile application, and platform may include links to or integrations with third-party websites, applications, and services that HeyDrew does not own or operate. This Privacy Policy does not apply to those third-party services, and HeyDrew is not responsible for their privacy practices, content, or security. We encourage you to review the privacy policy of any third-party service before providing your personal information.
11. Changes to This Privacy Policy
HeyDrew may update this Privacy Policy from time to time to reflect changes in our data practices, services, legal requirements, or business operations. The current version is always available at www.heydrew.com/legal/privacy-policy, and the “Last Updated” date at the top reflects the most recent revision. When we make changes that materially affect how we collect, use, or share your personal information, we will provide reasonable advance notice — such as an email to the address on file or a prominent notice on our website. Your continued use of HeyDrew’s services after an update takes effect constitutes acceptance of the revised Privacy Policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or HeyDrew’s privacy practices, please contact us at privacy@heydrew.com or at HeyDrew – 90 Fort Wade Rd., Suite 67, Ponte Vedra, FL 32081.
We will respond to privacy inquiries within a reasonable timeframe. For requests regarding your personal information — including corrections, deletions, or opt-out requests — please see Section 8.
13. Additional Information
13.1 Privacy Dispute Resolution
If you have a concern about how HeyDrew has handled your personal information, we encourage you to contact us first at privacy@heydrew.com so we may address the matter directly. We will make good-faith efforts to resolve privacy concerns promptly and transparently. If your concern is not resolved within thirty (30) days of contacting us, any dispute arising out of or relating to this Privacy Policy or HeyDrew’s data practices shall be resolved by binding arbitration administered by the American Arbitration Association under its then-current Commercial Arbitration Rules, conducted in St. Johns County, Florida, or virtually, and governed by the laws of the State of Florida. This provision applies to all users of HeyDrew’s website, platform, and services, regardless of whether a service engagement has been entered into.
13.2 U.S. Residents; Geographic Scope
HeyDrew’s services are intended for residents of the United States who file taxes under the U.S. tax code. HeyDrew does not intentionally offer services to, or collect personal information from, individuals located in the European Economic Area, the United Kingdom, or other jurisdictions subject to distinct international privacy frameworks, such as the General Data Protection Regulation (GDPR). If you are located outside the United States, please do not use HeyDrew’s services or submit personal information through our platform. By using our services, you represent that you are a U.S. resident.
13.3 State Privacy Rights
Residents of certain U.S. states may have additional privacy rights under applicable state law, including rights to access, correct, delete, or limit the use of their personal information. HeyDrew honors these rights under its privacy standards, as described in Section 8, regardless of whether they are legally mandated in your state. HeyDrew monitors developments in state privacy law and updates its practices as required. If you have questions about your state-specific privacy rights or wish to exercise them, please contact us at privacy@heydrew.com.
HeyDrew Engagement Terms of Service · Confidential