Privacy Policy

Updated as of June 2024

I. Introduction

The Purple Group, PLLC (“Company,” or “we,” “us” and “our”) values your privacy and is committed to maintaining your trust.  We provide this Privacy Policy to inform you of our policies and procedures regarding the collection, use, and disclosure of personally identifiable information received from visitors to and/or users of the Company’s website located at www.thepurplegroup.com (the "Website") and provision of services online. Specifically, the Company provides public accounting services through its Website (, the "Services").  

II. General Data Protection Regulation

This Company is headquartered in Washington.  As a Washington-based company, we do not knowingly advertise in the European Union (EU), or market our Services to residents of the EU.  However, our Website does not restrict visitors from the EU; we do not have in place any protections to prevent EU residents from accessing our Website. As a result, we provide the foregoing disclosure to EU data subjects.  

The Company’s processing of the Personal Information, such as the name, address, email address, or telephone number of an EU data subject (hereinafter, “Personal Information” or “Personal Data”) that is voluntarily supplied by the individual, or supplied by an authorized third party, shall always be in line with the General Data Protection Regulation (“GDPR”), and in accordance with the country-specific data protection regulations applicable to the Company.  

By means of this Privacy Policy, our Company would like to inform you of the nature, scope, and purpose of the Personal Information we collect, use and process, as defined herein.  Specifically, if you are an EU data subject visiting our Website, you are hereby informed, by means of this section of our Privacy Policy, of the rights to which you are entitled, and the recourse you may seek if you have any questions regarding the collection, use, and processing of Personal Information by the Company. You may email us with requests at hello@thepurplegroup.com.

Your Privacy Rights under the GDPR.   The GDPR includes the following rights for you, as an EU data subject, if you provide Personal Information to the Company in connection with accessing the Services or visiting our Website:

  • The right to be informed about how we store, use, or share your data;

  • The right to access your data;

  • The right to rectify your data;

  • The right to have us erase your data;

  • The right to prevent us from processing your data;

  • The right to request copies of your data from us in a commonly-used and machine-readable format, free of charge, for the purposes of transfer to a third party, where technically feasible;

  • The right to object to use or sharing of your data; and

  • The right not to be subject to automated decision-making, including profiling

Legitimate Business Interest under the GDPR.   Our use of your Personal Information is based on the legitimate business grounds that:

  • The use is necessary in order to fulfill our commitments to you under our Terms of Service or other agreements with you or is necessary to administer your account – for example, in order to enable access to our Website on your device or charge you for our Services; 

  • The use is necessary for compliance with a legal obligation; 

  • The use is necessary in order to protect your vital interests or those of another person or entity; 

  • We have a legitimate interest in using your information – for example, to provide and update our Website or Services, to improve our Website or Services so that we can offer you an even better user experience, to safeguard our Website or Services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Services, and to personalize your experience; and/or

  • You have given us your consent.

Data Retention/Erasure.   We will retain your Personal Information for as long as needed to provide the applicable Services, or for a minimum period of four (4) years.  If, at any time after agreeing to this Privacy Policy, you: (1) change your mind about receiving information from us; (2) wish to revoke permission for us to retain and use your Personal Information; (3) wish to object to the processing of your Personal Information; or (4)  wish for us to erase a copy of your data, please make a request to the Company at hello@thepurplegroup.com.  If you request erasure of your data, we may retain some of your Personal Information only for legitimate business interests, such as fraud detection, prevention, and enhancing the safety of our Website; and to comply with our legal obligations, specifically our tax, legal reporting, and auditing obligations. 

Our Response to Your Requests.   If you make any requests regarding your Personal Information, we will not charge you for compliance with the request.  The Company will respond and comply within 30 days.  The Company reserves the right to refuse or charge for requests that are manifestly unfounded or excessive.  If we refuse your request, we will tell you why we are refusing your request.  You have the right to complain to the relevant supervisory authority and to a judicial remedy, but you must do so within one month of our refusal. 

Data Controller.   With the exception of processing payments, for which Stripe and Ignition are the Payments Data Controller; the Company is the “data controller,” as defined under the GDPR, or the legal entity which determines the purposes and means of the processing of Personal Information of the customers of the Company and visitors to its Website.  The Company is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc.  If you wish to revoke consent for us to store, use, or share your Personal Information, you may contact us at hello@thepurplegroup.com. 

Data Processor.   The Company is the “data processor," as defined under the GDPR, or the legal entity which processes, as this term is defined here in footnote 1, your Personal Information.  The Company has not retained any third-party service provider to process your Personal Information.  Any processing of Personal Information shall be done solely by the Company.  The Company maintains records of any processing activities it performs, and is able to show how the Company complies with the data protection principles under the GDPR.  It has effective policies and procedures in place.  If you have questions regarding the processing of your Personal Data, you may contact us at hello@thepurplegroup.com.

Data Protection Officer.  The Company is not formally required to designate a Data Protection Officer (“DPO”) because it is not: (1) a public authority; (2) an organization that carries out regular and systematic monitoring of individuals on a large scale; or (3) an organization that carries out large scale processing of special categories of data, such as health information or information about criminal convictions.

Breach.   The Company has reasonable internal policies and procedures in place to effectively detect, report, and investigate a data breach.  The GDPR defines a Personal Information breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information.”  Pursuant to the GDPR, the Company will notify you of a Personal Information breach where the Personal Information breaches are likely to present a risk to data subjects to data protection authorities (“DPAs”) without undue delay, and within 72 hours if feasible, after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay.  In the unfortunate event of breach, the Company shall provide you with: (i) contact details of the DPO or other contact person for the Company, (ii) a description of the nature of the breach, (iii) likely consequences of the breach, (iv) measures the Company has taken or proposes to take to address the breach, and (v) advice on steps data subjects can take to protect themselves.

Note: Data Protection Impact Assessment (DPIA).   The Company is not required to undergo a DPIA because the Company’s data processing is not likely to result in a high risk to data subjects, such as in cases where: (1) new technology is being deployed; (2) profiling operations may significantly affect individuals; or (3) processing is on a large scale and involves special categories of data.  If you have any questions regarding DPIA compliance by the Company, you may contact us at hello@thepurplegroup.com.

Complaints.  Without prejudice to any other administrative or judicial remedy, every EU data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement of the data subject considers that the processing of Personal Information relating to him or her infringes this Regulation.

III. Use, Processing, and Sharing of Personal Information

The following information applies to anyone who shares with us his, her, or a third-party’s Personal Information.  We may use, process, and/or share your Personal Information (and we have done so in the past 12 months):

  • To respond to your inquiries and your requests regarding our Website or Services.

  • To send you information regarding our services and changes to our terms, conditions, and policies. 

  • To complete your account registration, process your payments, and communicate with you regarding your purchase of our Services.

  • To send you marketing communication and newsletters about our Services.

  • To personalize your experience on our Website.

  • To inform you and allow you to participate in our Company’s promotions.  

  • To facilitate social sharing functionality.

  • To collaborate with business affiliates, partners, vendors, or service providers to provide you with our Services.

  • In connection with our business purposes, as described above, including but not limited to data analysis, audits, fraud monitoring and prevention, developing or enhancing new and existing products and/or services, expanding our business activities, etc. 

We will not use and/or share your Personal Information:

  • With anyone except for our Company’s authorized service providers, business affiliates, and business partners, and strictly for business purposes; or unless we specifically inform you, and give you an opportunity to opt out of sharing your Personal Information.  You herein agree that you have visited the websites of the aforementioned entities, and agreed to their Privacy Policies and Terms of Service.

  • To run interest-based advertising campaigns that collect Personal Information such as email addresses, telephone numbers, and credit card numbers.

  • To use or associate Personal Information with remarketing lists, cookies, data feeds, or other anonymous identifiers.

  • To use or associate targeting information, such as demographics or location, with any Personal Information collected from the ad or its landing page.

  • To share any Personal Information with Google or third party companies through our remarketing tag or any product data feeds which might be associated with our ads.

  • To send Google or third party companies precise location information without obtaining your consent. 

However, we reserve the right to disclose Personal Information that we believe, in our sole discretion, to be necessary or appropriate in the following circumstances:

  • As required by law, such as to comply with a subpoena, or similar legal process.

  • When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

  • To enforce our Terms of Service.

  • To allow us to pursue available remedies or limit the damages that we may sustain.

IV. Collection of Other Information

Personally Non-Identifiable Information: We may collect personally non-identifiable information, including but not limited to demographic data, age, education level, profession, geographic location or gender, from you at the time of registration on our Website, or when you choose to use our Services. This information is not, by itself, sufficient to identify or contact you.  The Company may store such information, or it may be included in databases owned and maintained by partners, affiliates, agents, or service providers of the Company.  The Company may use such information and pool it with other information to track data related to growing the business, such as the total number of visitors to our Website and the domain names of our visitors' Internet service providers.  

Passively Collected Information:   Your visit to our Website may allow us to obtain certain additional, personally non-identifiable information that is collected passively using various technologies.  This information includes but is not limited to, for example, IP addresses, browser types, date and time of page views, location information associated with your IP address, domain names, your interactions to an ad delivered by us or our ad technology partners and other anonymous statistical data involving your use of the Website and/or our services.  This information cannot presently be used to specifically identify you.  

Aggregated Personal Data:   The Company may analyze your Personal Information provided through the Website or in connection with rendering the Services, in aggregate form.   This aggregate information does not identify you personally.   We may share this aggregate data with our partners, affiliates, agents, or service providers for business purposes.   We may also disclose aggregated statistics to explain our Services to current and prospective business partners, and to other third parties for other lawful, business-related purposes. 

Customer Credit Card Information.   The Company uses a Third-Party Payment Processor, as that term is defined in the Privacy Policy which is incorporated by reference herein, to keep a protected copy of your credit card number.  The Third-Party Payment Processor is Stripe and Ignition . This billing data belongs to you, and by utilizing the Service, you grant the Company a license to use this data to bill you for services rendered.  By purchasing the Services of the Company, you herein agree to the Terms of Service and Privacy Policy of Stripe, located at https://stripe.com/legal/consumer and https://stripe.com/privacy and Ignition located at https://www.ignitionapp.com/terms and https://www.ignitionapp.com/privacy.

V. Tracking Technologies on our Website

The Company may use the foregoing technologies to track your activity on our Website:

Cookies.   When you visit our Website or otherwise interact with the Service, we may send one or more “cookies” to your computer or other devices.  Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience.  Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from third party websites.  Some features on this site will not function if you do not allow cookies.  We may link the information we store in cookies to any Personal Information that you submit while visiting our Website.  

We may use both session ID cookies and persistent cookies.  A session ID cookie expires when you close your browser.  A persistent cookie remains on your hard drive for an extended period of time.  Persistent cookies enable us to track and target the interests of our users to enhance the experience on our site. 

Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and Client ID remembrance.

Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site and our marketing campaigns.

Advertising cookies may be set through our Website by our advertising partners. Data may be collected by these companies that enable the companies to serve up advertisements on other sites that are relevant to your interests. 

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies, or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site.  You may also wish to refer to 
http://www.allaboutcookies.org/manage-cookies/index.html.  

If you reject cookies, you may still use our site, but some features on the site will not function properly.

Log Files.   A Log File is a file that records either events that occur in an operating system or other software runs, or messages between different users of a communication software.  Log file information is automatically reported by your browser or mobile application each time you access the Website or our Services.  Along with cookies and web beacons, log files help provide additional functionality to the Website and Services and help us analyze Website and Services usage more accurately.  We and our third party tracking-utility partners may use log files on our Service to gather automatically gather and store information including, but not limited to, internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data, for business purposes.  We may use Google Analytics, which uses cookies and other similar technologies to collect and analyze information about the use of the Service and report on activities and trends.  This service may also collect information regarding the use of other websites, apps and online resources.  You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

Embedded Scripts.   An embedded script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third party service provider, is active only while you are connected to the Service, and is deactivated or deleted thereafter.

VI. Children   

The Children’s Online Privacy Protection Act of 1998 (COPPA) and its accompanying FTC regulation protects the privacy of American children aged 13 and under, who are using the Internet.  The GDPR sets the age at which an EU child can give their own consent in order to process their Personal Data at 16 years of age.  

The Website and our related Services are not intended for anyone under 16, and we do not knowingly collect information from anyone under the age of 16.  Anyone aged 16 or under should not submit any Personal Information without the permission of their parents or guardians.  Parents or guardians may, on behalf of their children, submit their children’s Personal Information.  By using the Website and our related Services, you are representing that you are at least 16 years old and that you have the relevant legal authority to submit your Personal Information or that of a third-party minor, to the Company or on the Company’s Website.

VII. Links to Other Websites   

This Privacy Policy does not address, and we are not responsible for the privacy, information or other practices of any third parties.  This Privacy Policy applies only to this Website and the Company’s Services.  It does not apply to any third-party sites, and the inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates.

We are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developers, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any Personal Information you disclose to other organizations through or in connection with the Website or Services. 

VIII. Security   

We maintain reasonable and appropriate, although not infallible, security precautions.  However, we cannot guarantee that hackers or unauthorized personnel will not gain access to your Personal Information, despite our reasonable efforts.  You should note that in using the Website, and/or our related Services, your information will travel through third-party infrastructures which are not under our control.  Please feel free to raise any questions, concerns or specific directions you may have regarding the privacy and security of your information to hello@thepurplegroup.com.

IX. Data Retention

We will retain your Personal Information for six (6) years, or as long as needed to provide the applicable Services.  Our data retention period may change in the future if a longer retention period is required or permitted by law.

X. Do Not Track   

Your browser setting may allow you to automatically transmit a "Do Not Track" signal to websites you visit.  The Company’s Website does not respond to "Do Not Track" signals or other mechanisms from a visitor's browser.  If, in the future, we create a program or protocol to respond to such web browser "Do Not Track" signals, we will inform you of the details of that protocol in this Privacy Policy.  To find out more about "Do Not Track," please visit https://www.allaboutdnt.com

XI. Disclosures Regarding U.S. State Data Privacy and Protection Acts       

Several United States jurisdictions, including California and others, provide users with certain rights regarding their personal information, including the right to access, delete, correct and/or opt-out of the “sale” or "sharing" of their personal information (“State Laws”). 

Based on the size of the Company and/or our activities, we are not currently subject to these State Laws but may become subject to them in the future. Nonetheless, the different State Laws, if applicable, would provide certain rights to residents of those states. While not subject to those laws, we are committed to transparency with respect to the collection and use of your personal data, so we provide the information below so that residents of those states, and all of our Users, understand how we interact with their personal information in the context of what would be required under those laws.

California Service Provider Status. To provide our Services, we may be involved in the storage or processing of certain Personal Information relating to California residents on behalf of customers who are themselves subject to the California Consumer Privacy Act (the “CCPA”), as set forth herein. In such instances, the data transfer services performed by us are in a “Service Provider” capacity, as that term is understood under the CCPA and related authorities, and is performed only for and at the direction of our customers. 

In connection with our provision of Services, Company does not:

  • Sell or share the Personal Information of its consumer’s uploaded data containing personal information relating to third parties;

  • Retain, use, or disclose Personal Information obtained under our Service contract for any purpose except that contract’s specified business purposes or as the CCPA otherwise permits;

  • Retain, use, or disclose Personal Information obtained or stored on our platform outside of the parties’ direct relationship, unless the CCPA or CCPA Regulations expressly permit its use; or

  • Combine or update Personal Information data stored on Company’s databases or uploaded to its platform by customers.  

Business Purpose. The California Service Provider activities performed by us relating to the processing of Personal Information of California residents is for the business purpose of providing our Services to customers, including helping to ensure the security and integrity of their data, and for our customer’s own permitted business use under the CCPA. 

CCPA Consumer Requests Related to Data. Some customers may be subject to the CCPA’s requirements to take certain actions in response to consumer requests, such as for Personal Information data disclosures or deletion requests. To the extent we are acting as a California Service Provider and we receive a verifiable CCPA consumer request made by a California resident 16 years of age or older relating to Personal Information stored with Company, it is the Company’s policy to notify the customer of the consumer request so they may take action to respond to such consumer directly. The Company also agrees to cooperate with its customers to the extent necessary to respond to such CCPA consumer requests. You may submit your verifiable consumer requests to us at hello@thepurplegroup.com along with information sufficient for us to identify your personal data, including the name of our California customer who controls or processes such data.

XII. Changes   

This Privacy Policy may be updated from time to time for any reason, at our sole discretion.  We will notify you of any material changes to our Privacy Policy by posting the new Privacy Policy on our Website, and emailing you a copy of the revised Privacy Policy or a link to it.  You are advised to consult our Website regularly for any changes. 

XIII. Incorporation into Terms of Service

By using or accessing the Website or the Services, you are accepting the practices described in this Privacy Policy, and you are consenting to our processing of your information as set forth in this Privacy Policy and as amended by us. This Privacy Policy is incorporated into, and considered a part of, the Company’s Terms of Service.

XIV. Opt-Out Policy   

If, at any time after registering, you change your mind about receiving information from us or about the use of information volunteered by you, or if you prefer that we do not share your Personal Information with third parties for marketing purposes, please contact us at hello@thepurplegroup.com.

XV. Contact Us   

If you have any questions or concerns relating to our use of your Personal Information, please email hello@thepurplegroup.com.  Additionally, you may reach us by postal mail at:

The Purple Group, PLLC
8201 164th Ave NE Suite 200
Redmond, WA 98052