Knoxville, Tennessee Mon- Sat 10a-7p
By Appointment Only - 865.359.0228
Upload Documents →
- LEGAL · PRIVACY -
Privacy Policy.
How HB Financial Group collects, uses, protects, and shares your information — written in plain terms with the legal precision required to do this work compliantly.
EFFECTIVE DATE
JUNE 1, 2026
LAST UPDATED
JUNE 1, 2026
APPLIES TO
workwithhb.com & all services
What's in this policy
01. Who We Are
02. Information We Collect
03. How We Use Your Information
04. Information Sharing & Disclosure
05. Sensitive Financial Information
06. Payment Information
07. Cookies & Tracking
08. Data Security
09. Data Retention
10. Your Rights & Choices
11. Children's Privacy
12. California Residents
13. Changes to This Policy
14. Contact Us
- Section 01
Who We Are
This Privacy Policy describes the practices of HB Financial Group ("HB," "we," "us," or "our") regarding the collection, use, and disclosure of personal information when you visit our website at workwithhb.com (the "Site") or engage with our services.
HB Financial Group is a Tennessee-based professional services firm operated by Melissa Griffin, an Enrolled Agent (EA) and Certified Acceptance Agent (CAA), providing tax preparation, bookkeeping, credit advisory, ITIN application services, notary services, business formation, financial education, and related professional services. HB Brand Co operates as the parent umbrella entity providing infrastructure, tech, and brand services.
We take your privacy seriously. The information you share with us — particularly the sensitive financial, tax, and credit information necessary to provide our services — is handled with the legal and ethical care those services require.
- Section 02
Information We Collect
The information we collect depends on how you interact with us. Below is a comprehensive list of information categories we may collect.
Information You Provide Directly
Contact information: Full legal name, email address, phone number, mailing address
Business information: Business name, entity type, EIN, business address, industry
Account information: Username, password, account preferences for any client portals
Communication content: Information you share in emails, intake forms, consultation calls, support requests
Tax service information: Income documents (W-2s, 1099s, K-1s), prior tax returns, dependent information, deduction records, financial statements
Bookkeeping information: Bank statements, credit card statements, expense receipts, invoices, payroll records, accounting software access credentials
Credit service information: Three-bureau credit reports, credit scores, account histories, dispute documentation, identification documents required for credit work
ITIN application information: Original or certified copies of identification documents (passports, national IDs, birth certificates), supporting documentation for ITIN eligibility
Business formation information: Organizational documents, member information, capital contribution details, operating agreement information
Sensitive identifiers: Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN), date of birth (where required for service delivery)
Information Collected Automatically
Device and connection information: IP address, browser type, operating system, device identifiers
Usage information: Pages visited, time spent on pages, links clicked, referring website
Cookies and similar technologies: See Section 7 for details
Information from Third Parties
Credit bureaus (Experian, Equifax, TransUnion) when you authorize us to obtain your credit reports
Payment processors (Stripe) regarding transaction status
Referral sources who connect you to our services
Public records and government agencies as relevant to your tax or business matters
- Section 03
How We Use Your Information
We use the information we collect for the following purposes:
To provide services: Tax preparation and filing, bookkeeping, credit advisory and dispute work, ITIN applications, business formation, notary, educational programs, and other professional services you engage us to provide
To communicate with you: Responding to inquiries, sending appointment confirmations and reminders, providing service updates, delivering written deliverables (audits, roadmaps, reports)
To process payments: Through our payment processor (Stripe) for service fees and ongoing engagements
To comply with legal obligations: Including IRS reporting requirements, state tax authority requirements, federal CROA disclosures for credit services, IRS CAA reporting for ITIN services, and other regulatory requirements applicable to our professional licensure
To maintain client records: As required by IRS recordkeeping rules, state professional licensure requirements, and our internal data retention policies (see Section 9)
To improve our services: Analyzing usage patterns to enhance our website, service delivery, and client experience
To send marketing communications: Only with your consent or as permitted under applicable law, with clear opt-out options provided in every marketing message
To protect our rights: Detecting and preventing fraud, enforcing our Terms & Conditions, and protecting the legal rights of HB, our clients, and others
- Section 04
Information Sharing & Disclosure
We do not sell your personal information. We share your information only in the following circumstances:
Service providers: With third-party vendors who help us operate our business (e.g., payment processing via Stripe, customer relationship management software, email delivery services, secure document storage). These providers are contractually obligated to protect your information and use it only for the purposes we specify.
Tax and regulatory authorities: The IRS, state tax authorities, and other government agencies as required for tax filing, ITIN processing, and other regulatory compliance with your authorization.
Credit bureaus and creditors: When you authorize us to perform credit work on your behalf, including disputes, goodwill requests, and credit monitoring.
Legal obligations: When required by law, court order, subpoena, or to respond to lawful requests from public authorities.
Professional advisors: Attorneys, accountants, and other professional advisors engaged by HB to operate our business, all bound by professional confidentiality requirements.
Business transfers: In connection with a merger, acquisition, sale of assets, or similar business transaction. We will notify you of any such transfer.
With your explicit consent: For any purpose disclosed to you at the time of consent.
We never sell your personal information to third parties for marketing purposes. Your sensitive financial information is shared only with the providers, agencies, and authorities necessary to deliver the services you've engaged us to provide.
- Section 05
Sensitive Financial Information
Because of the nature of our services, we routinely handle sensitive financial information including Social Security Numbers, tax returns, credit reports, bank account information, and identification documents. We treat this information with the heightened care it requires.
Tax Information
As an Enrolled Agent firm, we are bound by IRS Circular 230 and the confidentiality rules applicable to federally authorized tax practitioners. Tax return information is protected under IRC § 7216 and may not be disclosed without your explicit written consent except as required by law.
Credit Information
Credit reports and related information are handled in compliance with the Fair Credit Reporting Act (FCRA) and the Credit Repair Organizations Act (CROA). We obtain credit information only with your explicit written authorization and use it only for the purposes you have authorized.
ITIN Documentation
As a Certified Acceptance Agent (CAA), we are authorized by the IRS to verify identification documents for ITIN applications without requiring you to mail original documents to the IRS. Original documents reviewed at our office are returned to you the same day. Copies are stored securely as required by IRS CAA regulations.
Bank-Level Encryption
Sensitive information is transmitted and stored using industry-standard encryption protocols. Documents you upload to our client portals are encrypted in transit (TLS) and at rest. Physical documents we retain are stored in locked, access-controlled storage at our office.
- Section 06
Payment Information
All payments processed through workwithhb.com or in connection with our services are handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. HB does not directly store complete credit card numbers, CVV codes, or banking information.
When you make a payment, Stripe processes your payment information directly and provides us with limited transaction details (transaction ID, amount, status, last four digits of card). For more information on Stripe's privacy practices, see stripe.com/privacy.
For recurring monthly engagements (Foundation Year, monthly bookkeeping, credit tier engagements, Brand Co hosting), Stripe stores your payment method securely on file with your authorization to charge on a defined schedule. You may update or remove payment methods at any time by contacting us.
- Section 07
Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies for the following purposes:
Essential cookies: Required for the site to function properly (session management, form submissions)
Analytics cookies: To understand how visitors use our site and improve their experience (Google Analytics or similar)
Marketing pixels: Including Meta (Facebook) Pixel for advertising attribution when you've engaged with our paid campaigns
Functional cookies: To remember your preferences and settings
You can control cookies through your browser settings. Disabling certain cookies may impact site functionality. We honor Global Privacy Control (GPC) signals where technically supported.
- Section 08
Data Security
We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption of data in transit (TLS) and at rest where applicable
Access controls limiting employee and contractor access to your information on a need-to-know basis
Secure document portals for client uploads (rather than email attachments where possible)
Physical security measures for our office, including locked storage for paper records
Regular security review of our third-party service providers
Multi-factor authentication on systems containing client data
However, no method of internet transmission or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.
If we become aware of a data breach affecting your information, we will notify you in accordance with applicable law.
- Section 09
Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with our legal, regulatory, and professional obligations:
Tax records: Minimum seven (7) years from the date of filing, in accordance with IRS recordkeeping requirements and statutes of limitations on tax assessment
Bookkeeping records: Seven (7) years for active and former client records
Credit service records: Five (5) years from the conclusion of the engagement, as required under federal CROA recordkeeping requirements
ITIN documentation: Three (3) years for CAA-related records, as required by IRS regulations
Marketing data: Until you opt out, or until inactive for more than two (2) years
Website analytics: Generally retained for 26 months in standard analytics tools
After applicable retention periods expire, we securely delete or anonymize your information unless we have a legal obligation to retain it longer.
- Section 10
Your Rights & Choices
You have the following rights regarding your personal information:
Access: Request a copy of the personal information we hold about you
Correction: Request that we correct inaccurate or incomplete information
Deletion: Request that we delete your personal information, subject to our legal obligations to retain certain records (e.g., tax records under IRS requirements)
Portability: Request your information in a structured, commonly used format
Opt-out of marketing: Unsubscribe from marketing communications at any time via the link in any marketing email or by contacting us directly
Withdraw consent: Where we process information based on your consent, you may withdraw that consent at any time
Lodge a complaint: With a supervisory authority if you believe we have violated your privacy rights
To exercise any of these rights, contact us using the information in Section 14. We will respond within thirty (30) days, or as required by applicable law.
- Section 11
Children's Privacy
Our services are not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18 without verified parental consent, we will delete that information promptly.
If you believe we have collected information from your child without consent, please contact us using the information in Section 14.
- Section 12
California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information. These include:
The right to know what personal information is collected, used, shared, or sold
The right to delete personal information held by businesses
The right to opt-out of the sale or sharing of personal information (note: we do not sell personal information)
The right to non-discrimination for exercising your CCPA rights
The right to correct inaccurate personal information
The right to limit use and disclosure of sensitive personal information
To exercise these rights, contact us at the information provided in Section 14. We do not sell or share your personal information for cross-context behavioral advertising.
- Section 13
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:
Update the "Last Updated" date at the top of this policy
Post the revised policy on our website
Notify you by email or through our website if changes are significant
Your continued use of our services after any changes constitutes acceptance of the updated policy.
- Section 14
Contact Us
Questions about this policy?
If you have questions about this Privacy Policy or how we handle your information, contact us directly:
HB Financial Group
Melissa Griffin, EA · Privacy Officer
Email: [email protected]
Phone: 865.359.0228
Knoxville, Tennessee