Privacy Policy

Welcome to Sweet, a product of Very Sweet, Inc. ("Very Sweet", "we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website, platform, and related services (collectively, the "Services").

We are committed to protecting your privacy and complying with applicable laws and regulations, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable U.S. and international privacy laws.

1. Information We Collect

We collect the following categories of information to operate and improve our Services:

A. Information You Provide Directly

  • Business and firm information (e.g., company name, team members, address, phone)
  • User contact details (e.g., name, email, phone number, demographic information)
  • Information you provide to us through surveys, forms, forums, social media, or other means
  • Information that you provide in connection with your purchase or license of Services, including credit card number, credit card expiration date, credit card verification code, or bank information
  • Credentials for tax software and third-party accounting platforms required for integrations (e.g., QuickBooks, Xero)
  • Client data uploaded for tax preparation (e.g., tax documents, bank statements, prior year returns, responses to questionnaire, etc)
  • Digital signatures and related authentication metadata
  • Feedback or inquiries you send to us

Note: We automatically redact Social Security Numbers (SSNs) from uploaded tax documents. Personally identifiable information (PII) may be stored but is not used in processing or shared with third parties.

B. Information We Collect Automatically

  • Log files, usage data, and clickstream activity
  • Device information (IP address, browser type, OS)
  • Audit trail of data exports and automated actions initiated through the platform
  • Cookies and similar tracking technologies (see Section 4)

C. Information from Third Parties

  • Data from integrations with financial tools (e.g., QuickBooks, Xero)
  • Information retrieved from your authorized tax software accounts

2. How We Use Personal Information

We use your information to:

  • Provide, maintain, and improve our Services
  • Personalize the Services
  • Automatically generate document request lists and client questionnaires
  • Perform preliminary tax calculations and other recommended actions for preparer review
  • Autofill information into your tax software with your initiation
  • Facilitate integrations with third-party financial applications
  • Collect and manage digital signatures
  • Maintain detailed audit logs for compliance and transparency
  • Communicate with you about updates, security, and support
  • Comply with legal obligations and protect against fraud
  • Improve our site and Services via analytics

We may also collect aggregated usage data about how you interact with our Site and Services. This can include your IP address, browser type, operating system, referring page, pages viewed, time spent, search terms, and clicks. If you're using a mobile device, we may also collect your device ID, settings, OS, and usage details. We use this to produce strictly anonymized and aggregated reports on user statistics.

3. Sharing and Disclosure of Information

We do not sell your personal data. We may share information in the following limited circumstances:

A. Third-Party Service Providers

We engage vendors, contractors, affiliates and other partners to support our Services with data that is not personally identifiable (e.g., cloud storage, SOC 2 compliant AI models, email delivery, eSignature providers). These vendors are contractually required to maintain confidentiality and data security and are obligated to use user data strictly to help us conduct and improve our business.

B. Integrations

With your permission, we access and process data from third-party applications (e.g., accounting platforms, tax software).

We may disclose information to law enforcement, government agencies, or authorized third parties if required by law, regulation, legal process, or to protect the rights, property, or safety of our users or others.

D. Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, we may transfer your data as part of that transaction. We will notify you of any material changes.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Recognize returning users
  • Store user preferences
  • Analyze usage patterns to improve performance

5. Data Security

We implement industry-standard security measures, including:

  • SOC 2-compliant infrastructure and operational practices
  • End-to-end encryption for data in transit and at rest
  • Role-based access controls
  • Secure credential storage (e.g., encrypted vaults)
  • Continuous monitoring and audit logging of system activity
  • Use of enterprise AI models that do not retain or publicly train on user data

While no system can guarantee absolute security, we continuously assess and upgrade our security to safeguard your information.

6. Data Retention

We retain your personal information as long as your account is active or as needed to provide our Services, and as outlined in any applicable licensing or service agreements. Once it's no longer needed, we securely delete or anonymize the data.

We also maintain data backups for up to one year after account termination or data deletion from our production systems. These backups, which may include personal information, are deleted on a rolling 90-day basis unless otherwise required.

In certain cases, we may keep personal information longer to comply with legal obligations, resolve disputes, enforce agreements, or as required by law. For example, if we're involved in litigation or a regulatory investigation, we may retain data during the process and for up to five years afterward. If required by a settlement, we retain data as long as needed to comply. If we provide information to law enforcement, we maintain a record of that disclosure for one year following the close of the investigation.

7. For EU and EEA Users (GDPR)

If you are located in the European Union or European Economic Area, your personal data is protected under the General Data Protection Regulation (GDPR).

  • Data Controller vs. Processor: When you use Sweet to manage client data, you are the Data Controller, and we act as your Data Processor. For certain data (e.g. billing, marketing, or site analytics), we are the Controller.

  • Legal Bases: We process your data based on one of the following:

    • Contractual necessity (e.g., to deliver our Services)
    • Legitimate interest (e.g., to improve Sweet, prevent fraud)
    • Consent, where required
    • Legal obligations or to protect vital/public interests

  • Your Rights: Under GDPR, you have the right to:

    • Access, correct, delete, or restrict your data
    • Withdraw consent at any time (without affecting prior processing)
    • Receive a copy of your data (data portability)
    • Object to certain processing
    • File a complaint with a supervisory authority

To exercise these rights, contact us at info@verysweet.co. If we're processing data on behalf of your firm, please direct your request to that email. We may verify your identity before fulfilling requests.

  • International Transfers: If data is transferred outside the EU, we use Standard Contractual Clauses or other lawful mechanisms to protect it.

For California Residents (CCPA & CPRA)

If you are a California resident, you are entitled to rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • We do not sell personal information.
  • We do not knowingly collect or sell personal data of individuals under 16 years old.

You have the right to:

  • Know what personal data we collect, use, and disclose
  • Request deletion of your personal data
  • Opt out of any sale or sharing (we don't sell, but you may still opt out)
  • Correct inaccurate personal data
  • Not receive discriminatory treatment for exercising your rights

To make a request, email us at info@verysweet.co. We may ask for identity verification. You may also designate an authorized agent to act on your behalf.

Under California's "Shine the Light" law (Cal. Civ. Code §1798.83), you may request details about our disclosures for third-party marketing purposes. We have a policy to not share your personal data for third-party direct marketing if you opt out.

8. Children's Privacy

Sweet is not intended for children under 13, and we do not knowingly collect personal data from children. If we learn that we have collected such information, we will delete it promptly. Please notify us if you are aware of any such cases.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time on this page and notify all users promptly via email if we do so.

10. Contact

If you have questions about this Privacy Policy or our data practices, please contact:

Very Sweet, Inc. info@verysweet.co