Privacy Policy
Effective date: April 19, 2026 · Last updated: April 19, 2026
On this page
1. Introduction
The Successful Bookkeeper Global Inc. ("TSB," "we," "us," "our") is a coaching, podcast, education, and community ecosystem for bookkeeping business owners, headquartered in Richmond Hill, Ontario, Canada.
This Privacy Policy explains what personal information we collect, why we collect it, who we share it with, how long we keep it, and the rights you have. It applies to our website at thesuccessfulbookkeeper.com, our community platform at community.thesuccessfulbookkeeper.com, our podcast, our paid programs, our webinars and workshops, and any other service we operate under The Successful Bookkeeper name.
We work with people in Canada, the United States, the United Kingdom, the European Union, Australia, and elsewhere. Depending on where you live, specific laws apply — PIPEDA in Canada, the GDPR in the EU, the UK GDPR in the UK, the CCPA/CPRA in California, and the Privacy Act in Australia. This policy is written to respect all of them.
If anything here isn't clear, email us at privacy@thesuccessfulbookkeeper.com. A human reads that inbox.
2. Information we collect
We only collect what we need to run our business and serve you. Here's the full inventory.
2.1 Information you give us directly
- Free community signup. Name and email address when you create a free account on our community platform.
- Paid membership and program purchases. Name, email, billing address, and payment method. Payment card details are entered directly into Spiffy, our PCI-compliant payment processor — we never see or store your card number.
- Contact form submissions. Name, email, subject, and the message you write.
- Podcast guest applications. Name, email, business details, and the pitch you submit.
- Testimonial submissions. Name, email, photo (if you include one), and the story you share.
- Webinar and workshop registrations. Name, email, country, and your responses to any preparation survey we ask you to complete.
2.2 Information we collect automatically
- Usage data. Pages visited, clicks, referring URL, device type, browser type, operating system, approximate location (derived from IP address), and timestamps.
- Cookies and similar technologies. See our Cookie Policy for the full inventory.
- Email engagement. Whether you opened our emails, clicked links, and which links — tracked via HubSpot.
2.3 Information from third parties
We do not buy contact lists. Occasionally we receive your information from a partner (for example, a co-hosted summit or webinar) — only when you've consented to that partner sharing it with us.
3. How we use that information
We use your information for the following purposes, and no others:
- To deliver what you signed up for. Run your community account, deliver programs, send workshop replays, provide customer support, process payments.
- To communicate with you. Transactional emails (receipts, program access, password resets) and marketing emails about new content, events, and programs. You can unsubscribe from marketing emails at any time; we'll keep sending transactional ones because you need them.
- To improve our services. Analyze which content performs, fix what's broken, test new features.
- To power our Assessment Engine and "Ask the Show" features. When you fill out a preparation survey or ask a question through these tools, your responses are processed by Anthropic's Claude API to generate personalized results or answers. See section 5 for details.
- To keep our platforms secure. Detect fraud, prevent abuse, comply with legal obligations.
- To meet our legal and tax obligations. Keep financial records, respond to lawful requests from authorities.
What we do not do: We do not sell your personal information. We do not share it for cross-context behavioural advertising. We do not use your data to make automated decisions that produce legal or similarly significant effects about you.
4. Legal bases for processing (GDPR)
If you're in the EU or UK, the GDPR requires us to tell you the legal basis we rely on for each processing activity.
| Activity | Legal basis | Plain English |
|---|---|---|
| Delivering paid programs and memberships | Performance of a contract | We can't deliver what you paid for without using your details. |
| Sending transactional emails | Performance of a contract | Receipts, access links, password resets. |
| Sending marketing emails | Consent | You opted in. You can opt out in one click, any time. |
| Analytics and marketing cookies | Consent | You'll see a consent banner when you visit. Nothing fires until you choose. |
| Security and improving our services | Legitimate interest | Running our business responsibly — weighed against your privacy rights. You can object. |
| Meeting tax and legal obligations | Legal obligation | The law requires us to keep certain records. |
5. Who we share information with
We share personal information only with the service providers who help us run the business (called "sub-processors" under the GDPR). Each of these companies is contractually required to protect your data and use it only on our instructions.
| Provider | What they do for us | Where | Their policy |
|---|---|---|---|
| HubSpot | CRM, email marketing, website forms, marketing analytics | United States | View |
| Spiffy | Payment processing (checkouts for programs and memberships) | United States | View |
| Komunily | Hosting our community platform and course delivery | Global | Contact us for details |
| Cloudflare | Website hosting, DNS, CDN, security, and the Worker infrastructure that powers our Assessment Engine | Global (edge network) | View |
| Anthropic (Claude API) | AI processing for our Assessment Engine results and "Ask the Show" podcast Q&A feature | United States | View |
| Google Analytics 4 | Website analytics | United States | View |
| Meta Pixel | Advertising measurement and audience building for campaigns on Facebook and Instagram | United States | View |
| Cookiebot | Managing your cookie consent preferences and keeping an audit record of your consent choices | European Union (Denmark) | View |
A note on our use of Anthropic Claude
Some of our tools — the Assessment Engine, which generates personalized results from your workshop prep survey, and the "Ask the Show" feature, which answers questions about our podcast catalogue — send the text you submit to Anthropic's Claude API for processing. Under Anthropic's commercial terms, the content you submit is not used to train their AI models and is retained only briefly for abuse monitoring before deletion.
If you'd rather not have your responses processed by an AI service, don't submit them through these tools — email us instead at privacy@thesuccessfulbookkeeper.com and we'll help you another way.
Other disclosures
We may also share information:
- With your permission — for example, if you ask us to feature your testimonial.
- When legally required — in response to a valid court order, subpoena, or lawful government request.
- To protect rights and safety — our own, yours, or the public's, where we reasonably believe it's necessary.
- In a business transfer — if we're ever acquired or merge with another company, your information may transfer as part of that deal. We'd give you notice first.
6. International data transfers
We're based in Canada, and some of our sub-processors (HubSpot, Anthropic, Cloudflare, and others) are in the United States. If you're in the EU, the UK, Australia, or elsewhere outside North America, your information will cross borders when you use our services.
We use Standard Contractual Clauses (the model contracts approved by the European Commission and the UK Information Commissioner's Office) with our sub-processors to make sure your data is protected to the standard required by the GDPR and the UK GDPR, regardless of where it's processed. For transfers into the United States specifically, we also rely on the EU-US and UK-US Data Privacy Frameworks where our processors are certified.
7. How long we keep it
We don't keep personal information longer than we need to.
| Type of information | How long we keep it |
|---|---|
| Free community account data | For as long as your account is active. If you don't log in for 24 months, we may delete or anonymize the account. |
| Paid program and membership records | For the length of your engagement, plus 24 months after it ends, so we can respond if you come back. |
| Payment and tax records | Seven years after the transaction, as required by Canadian tax law (and similar rules in other jurisdictions). |
| Contact form and support messages | Up to 24 months after the conversation ends, then deleted. |
| Marketing email lists | Until you unsubscribe, or after 24 months of no engagement — whichever comes first. |
| Unsubscribe / opt-out suppression list | Kept indefinitely as a hashed email and IP record. We keep it so we don't accidentally email you again — it's how we honour your opt-out. This is a standard industry practice under CAN-SPAM, CASL, and the GDPR. |
| Assessment Engine submissions | Up to 12 months, linked to your email, so we can send you your results and related follow-up. You can request deletion sooner. |
| "Ask the Show" queries | Up to 12 months for quality improvement, then deleted. |
If a legal obligation requires us to keep something longer (for example, a tax audit), we'll keep only what's necessary to meet that obligation and delete the rest.
8. Your rights
You have rights over your personal information. The exact list depends on where you live, but the practical effect is similar everywhere we operate — you can find out what we have, correct it, get a copy, or ask us to delete it.
To exercise any of these rights, email privacy@thesuccessfulbookkeeper.com. We'll respond within 30 days, as required by the GDPR and generally expected under other privacy laws. We may need to verify your identity first.
8.1 If you're in the European Union or United Kingdom (GDPR / UK GDPR)
- Right of access — a copy of the personal data we hold about you.
- Right to rectification — correct anything that's wrong.
- Right to erasure ("right to be forgotten") — have your data deleted, in the cases the law covers.
- Right to restrict processing — ask us to pause certain uses while a dispute is resolved.
- Right to data portability — get a machine-readable copy of data you've given us.
- Right to object — to processing based on our legitimate interests, or to direct marketing (we'll always honour this).
- Right to withdraw consent — where we rely on consent, you can take it back any time.
- Right to complain — to your local data protection authority. In the UK, that's the ICO. In Ireland, the DPC.
8.2 If you're a California resident (CCPA / CPRA)
- Right to know what personal information we've collected about you, where we got it, why we have it, and who we've shared it with.
- Right to delete personal information we've collected, subject to legal exceptions.
- Right to correct inaccurate information.
- Right to opt out of the sale or sharing of your personal information. We do not sell your personal information and do not share it for cross-context behavioural advertising — but the right to request this is yours.
- Right to limit use of sensitive personal information. We don't collect the categories defined as "sensitive" under the CPRA (government IDs, precise geolocation, biometrics, etc.) in the course of our normal services.
- Right to non-discrimination — we won't charge you a different price or give you worse service for exercising these rights.
8.3 If you're in Canada (PIPEDA)
- Right of access to your personal information.
- Right to correct inaccurate information.
- Right to withdraw consent for our collection, use, or disclosure of your information (subject to legal or contractual limits — for example, we can't refund you without your payment details).
- Right to complain to the Office of the Privacy Commissioner of Canada.
8.4 If you're in Australia (Privacy Act)
- Right of access to your personal information.
- Right to correct it if it's wrong.
- Right to complain to us first, and then to the Office of the Australian Information Commissioner if you're not satisfied with how we've handled it.
9. Children
Our services are built for adults running bookkeeping businesses. We don't target anyone under the age of 16, and we don't knowingly collect information from children. If you're a parent or guardian and believe your child has submitted information to us, email privacy@thesuccessfulbookkeeper.com and we'll delete it.
10. Cookies
We use cookies and similar technologies to run the site, remember you when you log in, understand how the site is used, and measure our marketing. If you're visiting from the EU, UK, or another region where cookie consent is required, you'll see a consent banner on your first visit asking which categories of cookies to allow; no non-essential cookies are set until you choose. You can change your preferences any time using the "Cookie settings" link in our website footer.
The full inventory of cookies — what's set, by whom, and for how long — is in our Cookie Policy.
11. Changes to this policy
We'll update this policy when our practices change or when the law requires it. When we do, we'll update the "Last updated" date at the top. If the change is significant — for example, a new category of data or a new sub-processor that materially affects your privacy — we'll tell you by email or with a prominent notice on the site before the change takes effect.
12. Contact us
Questions, requests, or complaints — any of them — start here:
Email: privacy@thesuccessfulbookkeeper.com
Mail: The Successful Bookkeeper Global Inc.
120 East Beaver Creek Road, Suite 200
Richmond Hill, Ontario L4B 4V1
Canada
If you're in the EU or UK and would prefer to contact a designated representative, email us and we'll route you. If we can't resolve something to your satisfaction, you can always complain to your local data protection authority (see section 8 for links).