Privacy Policy

Blue Haven Advisory  ·  Prosper, Texas

Last updated: July 10,2026

 

  1. Who We Are

Blue Haven Advisory is a registered trade name of Groves Tax Consulting, LLC, a Texas limited liability company. Legal services are provided separately by Blue Haven Law, PLLC, a Texas professional limited liability company. In this policy, “Blue Haven Advisory,” “we,” “us,” and “our” refer collectively to these affiliated entities and their operations.

Our principal office is located in Prosper, Texas. We serve clients globally.

  1. Information We Collect

We collect information you provide directly to us and information we receive through your interactions with our website and services.

Information you provide

—  Contact and identity information — your name, email address, phone number, and postal address.

—  Inquiry information — details you share about your tax compliance, advisory, or contract support needs.

—  Lead form data — information submitted through native lead forms on Google or Meta advertising platforms.

—  Engagement data — documents, financial records, correspondence, and other information relevant to the services you engage us for.

Information collected automatically

—  Technical data — IP address, browser type, device information, and pages visited on our website.

—  Cookie data — information collected through cookies and similar technologies, as described in Section 5.

  1. How We Use Your Information

We use the information we collect to:

—  Evaluate your tax compliance, advisory, and contract support needs and respond to your inquiries.

—  Provide, manage, and improve the services described in your engagement letter.

—  Communicate with you about your engagement.

—  Send you information about our services where you have consented or where we have a legitimate interest and you have not opted out.

—  Comply with applicable legal, tax, and professional obligations.

—  Protect the security of our systems and detect and prevent fraud.

—  Maintain records required by applicable law and professional conduct rules.

We do not sell your personal information, and we do not use your information for automated decision-making that produces legal or similarly significant effects.

  1. Legal Basis for Processing (EEA, UK, and Switzerland)

If you are located in the EEA, UK, or Switzerland, we process your personal information on the following legal bases under the GDPR:

—  Performance of a contract — where processing is necessary to provide the services described in your engagement letter or to take steps at your request before entering into an engagement.

—  Legitimate interests — for business operations, direct marketing to existing clients, system security, and general firm administration, where these do not override your rights and interests.

—  Consent — for direct marketing to prospective clients and for non-essential cookies, where consent is required.

—  Compliance with legal obligations — including tax and financial reporting requirements, professional conduct obligations, and responses to lawful requests from authorities.

  1. Cookies and Website Analytics

Our website uses cookies and similar technologies to support essential website functions, remember your preferences, and understand how our website is used. Where required by law, we ask for your consent before setting non-essential cookies through the cookie consent banner displayed on your first visit.

You can manage or withdraw your cookie preferences at any time through your browser settings or by revisiting the cookie consent banner on our website.

  1. How We Share Your Information

We share personal information only where necessary to provide our services or comply with applicable law. Categories of recipients include:

—  Service providers and processors — including secure client portal platforms, cloud storage and document management providers, email and communication services, calendar and scheduling tools, payment processors, and website analytics providers. These parties process personal information on our instructions and are bound by written agreements requiring appropriate confidentiality and security measures.

—  Professional advisors — including our own accountants, auditors, insurers, and legal counsel, where necessary for firm operations.

—  Authorities and third parties — where required by law, court order, or professional regulation, or where necessary to establish, exercise, or defend legal claims.

—  Advertising platforms — as described in Section 10 (joint controllers).

A current list of our specific service providers is available on request.

We do not sell your personal information.

  1. International Data Transfers

Blue Haven Advisory is based in Texas, United States. If you are located in the EEA, UK, or Switzerland, your personal information will be transferred to and processed in the United States and, potentially, in other countries where our service providers operate.

Where personal data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards including the European Commission’s Standard Contractual Clauses and equivalent UK and Swiss mechanisms. A copy of these safeguards is available on request.

  1. Data Retention

We retain personal information only for as long as necessary to provide our services, comply with our legal and professional obligations, resolve disputes, and enforce our agreements. Retention periods vary by the type of information:

—  Tax deliverables and workpapers — retained for seven years following the completion of the engagement, consistent with the retention period described in our Terms of Use.

—  Legal engagement files — retained for seven years following the completion of the engagement, subject to any longer period required by applicable law or the nature of the matter.

—  Marketing and lead form data — retained for twelve months or until you request deletion, whichever comes first.

—  Inquiries that do not result in an engagement — retained for twelve months and then deleted or anonymized.

—  Website analytics data — retained for fourteen months, consistent with default analytics provider retention settings.

We may retain information longer where required by law, in connection with a legal hold, or to address ongoing disputes.

  1. Data Security and Confidentiality

We use encrypted platforms and secure client portals for all document sharing and communication. We limit access to personal information to those who need it to perform their duties, and we require all personnel and service providers to maintain confidentiality.

Attorney-client privilege applies to work handled by Blue Haven Law, PLLC. The attorney is the only person with access to privileged documents, unless you have consented in writing. Work handled on the tax and accounting side is protected under separate accountant-client confidentiality rules.

Joint meetings involving both our attorney and CPA are available and are confirmed with you in writing in advance, so that all parties understand how privilege applies in a joint session.

No system is 100% secure, and you transmit data to us at your own risk. We take reasonable steps to protect the information we hold and will notify you of any security incident that affects your personal data as required by applicable law.

  1. Advertising Platforms and Joint Controllers

If you submit your information through a native lead form on Google or Meta, Blue Haven Advisory and the relevant platform (Google LLC or Meta Platforms, Inc.) act as joint data controllers for that submission, in accordance with Article 26 of the GDPR. Google’s and Meta’s own data practices are described in their respective privacy policies.

Data submitted through an advertising lead form is retained as described in Section 8.

  1. Your Rights

Depending on your location, you may have the following rights in relation to your personal information:

—  Access — request a copy of the personal information we hold about you.

—  Rectification — request correction of inaccurate or incomplete information.

—  Erasure — request deletion of your personal information where legal grounds apply.

—  Restriction — request that we limit our processing in certain circumstances.

—  Portability — request a copy of certain information in a structured, machine-readable format.

—  Objection — object to processing based on legitimate interests or for direct marketing.

—  Withdraw consent — withdraw consent where processing is based on consent.

To exercise any of these rights, contact us using the details in Section 15. We will respond within one calendar month of receiving your request, or within any shorter period required by applicable law. If your request is complex, we may extend this period by up to two additional months and will inform you of the extension.

If we are unable to comply with your request, we will explain why. You have the right to lodge a complaint with your local data protection supervisory authority — in the UK, the Information Commissioner’s Office (ICO); in the EEA, the supervisory authority in your Member State of residence, work, or the alleged infringement.

  1. US State Privacy Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended:

—  Right to know the categories and specific pieces of personal information we collect, use, and disclose.

—  Right to delete personal information, subject to certain exceptions.

—  Right to correct inaccurate personal information.

—  Right to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA.

—  Right to limit the use and disclosure of sensitive personal information.

—  Right to non-discrimination for exercising your privacy rights.

Residents of Virginia, Colorado, Connecticut, Utah, and other US states with comprehensive privacy laws may have similar rights. To exercise your rights, contact us using the details in Section 15.

  1. Children’s Privacy

Our services are directed to adults and are not intended for children. We do not knowingly collect personal information from anyone under the age of 16 (or under 13, in the United States). If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

  1. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our services, applicable law, or firm operations. The “Last updated” date at the top of this policy indicates when it was most recently revised. Material changes will be communicated to active clients by email or by prominent notice on our website. Your continued use of our services after the effective date of any revised policy constitutes acceptance of the updated terms.

  1. Contact and Privacy Requests

For questions about this policy, to exercise any of your rights, or to request the specific service provider list referenced in Section 6:

Blue Haven Advisory

Prosper, Texas

[email protected]

We aim to respond to all privacy-related requests promptly and within the timeframes required by applicable law.

 

This firm is not a CPA firm and these services are not regulated by the Texas State Board of Public Accountancy.

Blue Haven Advisory  ·  Prosper, Texas  ·  Rooted in insight. Guided by clarity