Privacy Policy
Effective date: April 19, 2026 · Last updated: June 20, 2026
On this page
1. Introduction
The Successful Bookkeeper Global Inc. ("TSB," "we," "us," "our") is a coaching, podcast, education, and community ecosystem for bookkeeping business owners, headquartered in Richmond Hill, Ontario, Canada.
This Privacy Policy explains what personal information we collect, why we collect it, who we share it with, how long we keep it, and the rights you have. It applies to our website at thesuccessfulbookkeeper.com, our community platform at community.thesuccessfulbookkeeper.com, our podcast, our paid programs, our webinars and workshops, and any other service we operate under The Successful Bookkeeper name.
We work with people in Canada, the United States, the United Kingdom, the European Union, Australia, and elsewhere. Depending on where you live, specific laws apply — PIPEDA in Canada, the GDPR in the EU, the UK GDPR in the UK, the CCPA/CPRA in California, and the Privacy Act in Australia. This policy is written to respect all of them.
If anything here isn't clear, email us at privacy@thesuccessfulbookkeeper.com. A human reads that inbox.
2. Information we collect
We only collect what we need to run our business and serve you. Here's the full inventory.
2.1 Information you give us directly
- Free community signup. Name and email address when you create a free account on our community platform.
- Paid membership and program purchases. Name, email, billing address, and payment method. Payment card details are entered directly into Spiffy, our PCI-compliant payment processor — we never see or store your card number.
- Contact form submissions. Name, email, subject, and the message you write.
- Podcast guest applications. Name, email, business details, and the pitch you submit.
- Testimonial submissions. Name, email, photo (if you include one), and the story you share.
- Webinar and workshop registrations. Name, email, country, and your responses to any preparation survey we ask you to complete.
2.2 Information we collect automatically
- Usage data. Pages visited, clicks, referring URL, device type, browser type, operating system, approximate location (derived from IP address), and timestamps.
- Cookies and similar technologies. See our Cookie Policy for the full inventory.
- Email engagement. Whether you opened our emails, clicked links, and which links — tracked via HubSpot.
2.3 Information from third parties
We do not buy contact lists. Occasionally we receive your information from a partner (for example, a co-hosted summit or webinar) — only when you've consented to that partner sharing it with us.
3. How we use that information
We use your information for the following purposes, and no others:
- To deliver what you signed up for. Run your community account, deliver programs, send workshop replays, provide customer support, process payments.
- To communicate with you. Transactional emails (receipts, program access, password resets) and marketing emails about new content, events, and programs. You can unsubscribe from marketing emails at any time; we'll keep sending transactional ones because you need them.
- To improve our services. Analyze which content performs, fix what's broken, test new features.
- To power our Assessment Engine and "Ask the Show" features. When you fill out a preparation survey or ask a question through these tools, your responses are processed by Anthropic's Claude API to generate personalized results or answers. See section 5 for details.
- To keep our platforms secure. Detect fraud, prevent abuse, comply with legal obligations.
- To meet our legal and tax obligations. Keep financial records, respond to lawful requests from authorities.
What we do not do: We do not sell your personal information. We do not share it for cross-context behavioural advertising. We do not use your data to make automated decisions that produce legal or similarly significant effects about you.
4. Legal bases for processing (GDPR)
If you're in the EU or UK, the GDPR requires us to tell you the legal basis we rely on for each processing activity.
| Activity | Legal basis | Plain English |
|---|---|---|
| Delivering paid programs and memberships | Performance of a contract | We can't deliver what you paid for without using your details. |
| Sending transactional emails | Performance of a contract | Receipts, access links, password resets. |
| Sending marketing emails | Consent | You opted in. You can opt out in one click, any time. |
| Analytics and marketing cookies | Consent | You'll see a consent banner when you visit. Nothing fires until you choose. |
| Security and improving our services | Legitimate interest | Running our business responsibly — weighed against your privacy rights. You can object. |
| Meeting tax and legal obligations | Legal obligation | The law requires us to keep certain records. |
5. Who we share information with
We share personal information only with the service providers who help us run the business (called "sub-processors" under the GDPR). Each of these companies is contractually required to protect your data and use it only on our instructions.
| Provider | What they do for us | Where | Their policy |
|---|---|---|---|
| HubSpot | CRM, email marketing, website forms, marketing analytics, and cookie consent management | United States | View |
| Spiffy | Payment processing (checkouts for programs and memberships) | United States | View |
| Komunily | Hosting our community platform and course delivery | Global | Contact us for details |
| Cloudflare | Website hosting, DNS, CDN, security, and the Worker infrastructure that powers our Assessment Engine | Global (edge network) | View |
| Anthropic (Claude API) | AI processing for our Assessment Engine results and "Ask the Show" podcast Q&A feature | United States | View |
| Google Analytics 4 | Website analytics | United States | View |
| Meta Pixel | Advertising measurement and audience building for campaigns on Facebook and Instagram | United States | View |
| Telnyx | SMS message delivery (text reminders and notifications) | United States | View |
| Resend | Transactional and notification email delivery | United States | View |
| Bunny Stream (bunny.net) | Video hosting and streaming for program and event replays | Slovenia (EU) | View |
| Google Fonts | Serving web fonts used on our websites | United States | View |
A note on our use of Anthropic Claude
Some of our tools — the Assessment Engine, which generates personalized results from your workshop prep survey, and the "Ask the Show" feature, which answers questions about our podcast catalogue — send the text you submit to Anthropic's Claude API for processing. Under Anthropic's commercial terms, the content you submit is not used to train their AI models and is retained only briefly for abuse monitoring before deletion.
If you'd rather not have your responses processed by an AI service, don't submit them through these tools — email us instead at privacy@thesuccessfulbookkeeper.com and we'll help you another way.
Other disclosures
We may also share information:
- With your permission — for example, if you ask us to feature your testimonial.
- When legally required — in response to a valid court order, subpoena, or lawful government request.
- To protect rights and safety — our own, yours, or the public's, where we reasonably believe it's necessary.
- In a business transfer — if we're ever acquired or merge with another company, your information may transfer as part of that deal. We'd give you notice first.
6. International data transfers
We're based in Canada, and some of our sub-processors (HubSpot, Anthropic, Cloudflare, and others) are in the United States. If you're in the EU, the UK, Australia, or elsewhere outside North America, your information will cross borders when you use our services.
We use Standard Contractual Clauses (the model contracts approved by the European Commission and the UK Information Commissioner's Office) with our sub-processors to make sure your data is protected to the standard required by the GDPR and the UK GDPR, regardless of where it's processed. For transfers into the United States specifically, we also rely on the EU-US and UK-US Data Privacy Frameworks where our processors are certified.
7. How long we keep it
We don't keep personal information longer than we need to.
Rather than deleting everything on a fixed countdown, we keep personal information for as long as your account or relationship with us is active, for as long as we need it to provide our services and fulfill the purposes described in this policy, and for any longer period required by law. For example:
- Payment and tax records are kept for seven years after the transaction, as required by Canadian tax law and similar rules elsewhere.
- Our unsubscribe / opt-out suppression list is kept indefinitely (as a hashed email and IP record) so we can honour your opt-out and not contact you again — a standard practice under CAN-SPAM, CASL, and the GDPR.
- SMS consent records are kept for as long as required to comply with applicable law.
When information is no longer needed for any of these purposes, we delete or anonymize it. You can ask us to delete your information at any time — see Your rights — and we honour verified deletion requests, except where the law requires us to keep certain records.
If a legal obligation requires us to keep something longer (for example, a tax audit), we'll keep only what's necessary to meet that obligation and delete the rest.
8. Your rights
You have rights over your personal information. The exact list depends on where you live, but the practical effect is similar everywhere we operate — you can find out what we have, correct it, get a copy, or ask us to delete it.
To exercise any of these rights, email privacy@thesuccessfulbookkeeper.com. We'll respond within 30 days, as required by the GDPR and generally expected under other privacy laws. We may need to verify your identity first.
8.1 If you're in the European Union or United Kingdom (GDPR / UK GDPR)
- Right of access — a copy of the personal data we hold about you.
- Right to rectification — correct anything that's wrong.
- Right to erasure ("right to be forgotten") — have your data deleted, in the cases the law covers.
- Right to restrict processing — ask us to pause certain uses while a dispute is resolved.
- Right to data portability — get a machine-readable copy of data you've given us.
- Right to object — to processing based on our legitimate interests, or to direct marketing (we'll always honour this).
- Right to withdraw consent — where we rely on consent, you can take it back any time.
- Right to complain — to your local data protection authority. In the UK, that's the ICO. In Ireland, the DPC.
8.2 If you're a California resident (CCPA / CPRA)
- Right to know what personal information we've collected about you, where we got it, why we have it, and who we've shared it with.
- Right to delete personal information we've collected, subject to legal exceptions.
- Right to correct inaccurate information.
- Right to opt out of the sale or sharing of your personal information. We do not sell your personal information and do not share it for cross-context behavioural advertising — but the right to request this is yours.
- Right to limit use of sensitive personal information. We don't collect the categories defined as "sensitive" under the CPRA (government IDs, precise geolocation, biometrics, etc.) in the course of our normal services.
- Right to non-discrimination — we won't charge you a different price or give you worse service for exercising these rights.
8.3 If you're in Canada (PIPEDA)
- Right of access to your personal information.
- Right to correct inaccurate information.
- Right to withdraw consent for our collection, use, or disclosure of your information (subject to legal or contractual limits — for example, we can't refund you without your payment details).
- Right to complain to the Office of the Privacy Commissioner of Canada.
8.4 If you're in Australia (Privacy Act)
- Right of access to your personal information.
- Right to correct it if it's wrong.
- Right to complain to us first, and then to the Office of the Australian Information Commissioner if you're not satisfied with how we've handled it.
9. Children
Our services are built for adults running bookkeeping businesses. We don't target anyone under the age of 16, and we don't knowingly collect information from children. If you're a parent or guardian and believe your child has submitted information to us, email privacy@thesuccessfulbookkeeper.com and we'll delete it.
10. Cookies
We use cookies and similar technologies to run the site, remember you when you log in, understand how the site is used, and measure our marketing. If you're visiting from the EU, UK, or another region where cookie consent is required, you'll see a consent banner on your first visit asking which categories of cookies to allow; no non-essential cookies are set until you choose. You can change your preferences any time using the "Cookie settings" link in our website footer.
The full inventory of cookies — what's set, by whom, and for how long — is in our Cookie Policy.
11. Changes to this policy
We'll update this policy when our practices change or when the law requires it. When we do, we'll update the "Last updated" date at the top. If the change is significant — for example, a new category of data or a new sub-processor that materially affects your privacy — we'll tell you by email or with a prominent notice on the site before the change takes effect.
12. SMS / Text Messaging
When you provide your mobile number and opt in, we send text messages of the types you selected — session and event reminders (transactional), and/or offers and announcements (marketing). Message frequency varies. Message and data rates may apply. You can cancel at any time by replying STOP and get help by replying HELP. Opting out will not affect your access to any product or service — consent is not a condition of any purchase.
We treat reminders and promotional messages as separate consents: opting out of one does not opt you out of the other unless you ask us to stop all messages. When you opt in to text messages, we use a double opt-in process and keep a record of your consent — including the disclosure you agreed to and its version, the date and time, and technical details such as your IP address and device — so we can demonstrate that consent was properly given. We retain these consent records as required by applicable law.
Mobile opt-in information and your consent to receive text messages are never shared or sold to third parties or any other parties for any reason, including for marketing or promotional purposes.
13. Contact us
Questions, requests, or complaints — any of them — start here:
Email: privacy@thesuccessfulbookkeeper.com
Mail: The Successful Bookkeeper Global Inc.
120 East Beaver Creek Road, Suite 200
Richmond Hill, Ontario L4B 4V1
Canada
If you're in the EU or UK, email us and we'll do our best to assist with your request. If we can't resolve something to your satisfaction, you can always complain to your local data protection authority (see section 8 for links).