Skip to content
Laya

Privacy Policy

Last Updated: February 10, 2026

Laya Group LLC (“Laya,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information and business data that you share with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website, platform, and services.

By using our website, platform, or services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use our website, platform, or services.

1. INFORMATION WE COLLECT

1.1 Information You Provide to Us

We collect information that you voluntarily provide to us, including:

  1. Account and Contact Information: Name, email address, phone number, mailing address, company name, job title, and other contact details provided when you create an account, sign an Order Form, or communicate with us.
  2. Business and Financial Information: Financial records, transaction data, bank account information, credit card data, accounting records, payroll data, vendor and customer lists, tax return information, entity and ownership information, and other business data provided in connection with the Services.
  3. Payment Information: Billing address, bank account details, and credit card information used to process payments for the Services. Payment information may be processed by our third-party payment processors.
  4. Communications: Content of emails, messages, support requests, and other communications you send to us.
  5. Tax Return Information: Information provided for the purpose of tax compliance Services, including financial statements, entity details, ownership information, and completed tax returns. Tax return information is subject to additional protections under IRS regulations, as described in our Tax Service Terms.

1.2 Information We Collect Automatically

When you access our website or platform, we may automatically collect:

  1. Usage Data: Information about how you interact with our website and platform, including pages viewed, features used, actions taken, and time spent.
  2. Device and Technical Information: IP address, browser type, operating system, device identifiers, and other technical information about your device and internet connection.
  3. Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. You can manage your cookie preferences through your browser settings.

1.3 Information from Third Parties

We may receive information about you from:

  1. Third-Party Services: When you connect Third-Party Services (such as QuickBooks Online, payroll providers, banking institutions, or expense management tools) to our platform, we may receive data from those services as necessary to provide the Services.
  2. Service Providers: Our service providers may provide us with information in connection with the services they perform for us.
  3. Public Sources: We may collect information from publicly available sources, such as business registrations and public filings.

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  1. To Provide and Deliver Services: Including bookkeeping, monthly close, financial reporting, tax compliance, and advisory services as described in your Agreement.
  2. To Communicate with You: Including responding to your inquiries, sending service-related notifications, providing deliverables, and sending transactional emails.
  3. To Process Payments: Including charging fees for the Services and processing refunds.
  4. To Improve Our Services: Including analyzing usage patterns, developing new features, improving the accuracy of our AI and automation tools, and conducting benchmarking studies using aggregated, de-identified data.
  5. To Facilitate Tax Compliance Services: Including sharing information with our designated tax Service Provider and its affiliates and subcontractors as described in the Tax Compliance Service Terms and the 7216 consent therein.
  6. To Comply with Legal Obligations: Including responding to subpoenas, court orders, or other legal process; maintaining records as required by tax preparer regulations; and cooperating with regulatory authorities.
  7. To Protect Our Rights and Safety: Including detecting, preventing, and addressing fraud, security incidents, and technical issues; enforcing our agreements; and protecting the rights, property, and safety of Laya, our clients, and others.
  8. For Business Operations: Including managing our business, administering our platform, training our personnel, conducting audits, and managing our vendor relationships.

3. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers and Subcontractors

We share information with service providers, subcontractors, and other third parties who perform services on our behalf, including:

  1. Tax compliance service providers (as described in the Tax Compliance Service Terms and identified on your Order Form);
  2. Cloud hosting and infrastructure providers;
  3. Payment processors;
  4. Accounting software providers (e.g., Intuit Inc. / QuickBooks Online);
  5. Communication and productivity tools; and
  6. Professional advisors (e.g., attorneys, accountants, auditors).

Some of our service providers and subcontractors may be located outside of the United States, including qualified accounting professionals who assist in preparing workpapers, schedules, and tax return inputs.

We require all service providers and subcontractors to maintain confidentiality and data security obligations substantially similar to those described in this Privacy Policy and our client agreements.

3.2 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, including the consents provided in the Tax Service Terms.

3.3 Legal Compliance and Protection

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to:

  1. Comply with applicable law or legal process;
  2. Protect and defend our rights or property;
  3. Prevent or investigate fraud, security incidents, or other wrongdoing;
  4. Protect the personal safety of our clients, employees, or the public; or
  5. Respond to lawful requests from public authorities.

3.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of such transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.5 Aggregated and De-Identified Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you for purposes including benchmarking, analytics, and product improvement.

4. DATA SECURITY

We implement administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, alteration, and destruction. These measures include:

  1. Encryption: Sensitive data is encrypted in transit and at rest;
  2. Access Controls: Access to client data is limited to authorized personnel who need it to perform their job functions;
  3. Multi-Factor Authentication: Required for access to systems containing client data;
  4. Monitoring and Logging: We maintain audit logs of access to client data and monitor for unauthorized activity;
  5. Vendor Security Requirements: We require our service providers to maintain appropriate security measures and include data protection obligations in our agreements with them;
  6. Written Information Security Plan (WISP): We maintain a written information security plan as required by the FTC Safeguards Rule and IRS guidelines for tax preparers; and
  7. Employee and Contractor Training: Our personnel receive training on data privacy and security practices.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee its absolute security.

5. DATA RETENTION

We retain your information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

  1. Client Data (Financial Records): Retained for the duration of the client relationship and for a reasonable period thereafter, subject to legal and regulatory requirements.
  2. Tax Return Information and Workpapers: Retained for seven (7) years from the due date of the applicable return (including extensions), as required by IRS regulations.
  3. E-File Authorization Forms (Form 8879): Retained for three (3) years as required by IRS e-file rules.
  4. 7216 Consent Records: Retained for at least three (3) years as required by IRS regulations.
  5. Account and Contact Information: Retained for the duration of the client relationship and for a reasonable period thereafter for business continuity and legal compliance purposes.

When information is no longer needed, we will securely delete or de-identify it in accordance with our data retention policies and applicable law.

6. YOUR RIGHTS AND CHOICES

6.1 Access, Correction, and Deletion

You may request access to, correction of, or deletion of your personal information by contacting us at privacy@withlaya.com. We will respond to your request within a reasonable timeframe and in accordance with applicable law. Certain information may be retained as required by law or for legitimate business purposes.

6.2 Communication Preferences

You may opt out of receiving promotional communications from us by following the unsubscribe instructions in those communications. You may not opt out of service-related communications (such as invoices, deliverable notifications, or important account updates).

6.3 Cookie Preferences

You can manage your cookie preferences through your browser settings. Disabling cookies may affect the functionality of our website and platform.

7. STATE-SPECIFIC PRIVACY RIGHTS

7.1 California Residents (CCPA / CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), including:

  1. Right to Know: The right to request information about the categories and specific pieces of personal information we have collected, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
  2. Right to Delete: The right to request deletion of your personal information, subject to certain exceptions.
  3. Right to Correct: The right to request correction of inaccurate personal information.
  4. Right to Opt Out of Sale or Sharing: We do not sell or share (as defined by the CCPA) your personal information. If this changes, we will provide a “Do Not Sell or Share My Personal Information” link.
  5. Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, contact us at privacy@withlaya.com. We may verify your identity before responding to your request.

Laya processes personal information on behalf of its business clients as a “service provider” under the CCPA. We do not retain, use, or disclose personal information obtained in the course of providing Services for any purpose other than performing the Services, as permitted by the CCPA.

7.2 New York Residents

If you are a New York resident, your personal information is protected under the New York SHIELD Act and other applicable New York privacy laws. We implement reasonable safeguards to protect your private information, including the security measures described in Section 4 of this Privacy Policy. In the event of a data breach involving your private information, we will provide notice in accordance with the New York SHIELD Act.

7.3 Other State Privacy Laws

Residents of other states with comprehensive privacy laws (such as Virginia, Colorado, Connecticut, and others) may have similar rights. Please contact us at privacy@withlaya.com to inquire about your rights under applicable law.

8. CHILDREN’S PRIVACY

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will promptly delete it.

9. THIRD-PARTY LINKS AND SERVICES

Our website and platform may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you use.

10. INTERNATIONAL DATA TRANSFERS

As described in this Privacy Policy and our client agreements, some of our service providers and subcontractors are located outside of the United States, including qualified accounting professionals who assist in delivering the Services. When we transfer data outside the United States, we require that the receiving parties maintain appropriate data protection safeguards.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated Privacy Policy on our website and, where required, by providing direct notice (such as by email). The “Last Updated” date at the top of this policy indicates when it was last revised.

Your continued use of our website, platform, or services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

12. CONTACT US

If you have questions about this Privacy Policy, or if you wish to exercise any of your rights described herein, please contact us at:

Laya Group LLC

Email: privacy@withlaya.com