Privacy Policy

How Keeper Bookkeeping collects, uses, and protects your information.

Effective date: April 13, 2026

Keeper Bookkeeping ("Keeper", "we", "us", "our") is a bookkeeping firm based in British Columbia, Canada. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights under Canadian privacy law.

By using our website or engaging our services, you agree to the practices described in this policy.

1. Who This Policy Applies To

This policy applies to:

  • Website visitors who contact us through our website form or book a call via Calendly.
  • Clients who engage Keeper for bookkeeping services and authorize access to their QuickBooks Online data.

2. Information We Collect

From website visitors

When you submit the contact form or book a call, we collect:

  • Name
  • Email address
  • Company name (optional)
  • Your message

We do not use cookies or analytics tracking on this website.

From clients

When you become a client, we collect and process:

  • Business contact information (name, email, phone, address)
  • Financial data accessed via your QuickBooks Online company (transactions, accounts, vendors, customers, payroll data, and financial reports)
  • Documents you provide for bookkeeping purposes (receipts, invoices, bank statements)
  • GST/HST numbers and CRA correspondence as needed for filings

3. How We Use Your Information

  • To deliver the bookkeeping services described in your Engagement Letter
  • To respond to your inquiry or booking request
  • To prepare and file GST returns and year-end documentation as required by CRA
  • To communicate with you about your account, reports, and deadlines

We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

4. Third-Party Services We Use

We rely on the following third-party platforms to deliver our services. Each has its own privacy policy governing data it holds.

Intuit QuickBooks Online

Client financial data is accessed through the QuickBooks Online API. Intuit stores data on servers primarily located in the United States (AWS), with a backup copy of Canadian customer data maintained in Canada. As a US-incorporated company, Intuit is subject to the US CLOUD Act, which may allow US law enforcement to compel disclosure of data regardless of where it is stored. See Intuit's Privacy Statement and Intuit Canada Terms of Service.

Google Drive

Client files and working documents are stored in Google Drive, within a dedicated folder per client. Google's servers may be located in Canada or the United States. See Google's Privacy Policy.

Formspree

Contact form submissions on our website are handled by Formspree, a US-based service. Submissions are forwarded to our business email and not retained by us beyond what arrives in our inbox. See Formspree's Privacy Policy.

Calendly

Booking requests are handled by Calendly, a US-based service. When you book a call, Calendly collects your name and email to send a calendar invitation. See Calendly's Privacy Policy.

5. Cross-Border Data Transfers

Some of the third-party services listed above store or process data in the United States. By using our website or services, you acknowledge that your information may be transferred to and processed in the United States, where privacy laws may differ from those in Canada.

Keeper uses only reputable, established service providers and implements contractual safeguards where applicable. We disclose this transfer as required under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

6. Data Retention

  • Client financial records: retained for 7 years from the end of the fiscal year they relate to, as required by the Canada Revenue Agency.
  • Contact form inquiries: retained in our business inbox; deleted upon request if no engagement follows.
  • QBO access tokens: deleted within 48 hours of engagement termination or revocation request.

7. Your Rights Under PIPEDA

Under Canada's Personal Information Protection and Electronic Documents Act, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Withdraw consent for non-essential data processing (note: withdrawal may prevent us from continuing to deliver services)
  • Request deletion of your information, subject to CRA retention requirements

To exercise any of these rights, contact us at kneilson@keepercom.com. We will respond within 30 days.

8. Data Breach Notification

If a data breach occurs that poses a real risk of significant harm to you, Keeper will notify you and report the breach to the Office of the Privacy Commissioner of Canada within 72 hours of becoming aware of it, as required under PIPEDA.

9. Security

We implement reasonable technical and organizational safeguards including:

  • AES-256 Fernet encryption for stored QuickBooks authorization tokens
  • Access-controlled Google Drive folders (one per client)
  • Business email used for all client communication — no personal accounts
  • Client data never stored on unencrypted personal devices

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated to active clients by email at least 14 days before taking effect. The effective date at the top of this page will be updated with each revision.

11. Contact

For privacy questions, access requests, or complaints:

Keeper Bookkeeping
British Columbia, Canada
kneilson@keepercom.com

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.