Privacy Statement

Effective Date: April 23, 2026
Last Updated: April 23, 2026

Cooper Norman, PC (“Cooper Norman,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal and financial information you share with us. This Privacy Statement explains what information we collect, how we use and protect it, when we share it, and the rights available to you as a client, prospective client, website visitor, or job applicant.

This Statement applies to information collected through coopernorman.com, utah.coopernorman.com, our client portals, our email communications, our social media pages, and any in-person or telephone interactions with our offices in Idaho Falls, Pocatello, Blackfoot, Rexburg, Twin Falls, and Pleasant Grove, Utah.

1. Information We Collect

Information You Provide Directly

When you engage Cooper Norman for tax, audit, accounting, business valuation, advisory, or coaching services, or when you contact us through this website, we may collect:

  • Identifiers: full name, Social Security Number, Taxpayer Identification Number, date of birth, driver’s license, passport, or other government-issued ID
  • Contact information: mailing address, email, phone number
  • Financial information: income, assets, liabilities, investment holdings, retirement accounts, payroll and banking details, tax documents, and prior returns
  • Business records: entity formation documents, financial statements, general ledger data, bank feeds, accounts receivable and payable, and operational metrics
  • Employment and professional information: occupation, employer, resume, work history (including job applicants through our Careers portal)
  • Dependent and beneficiary information: when required to prepare tax or estate filings
  • Payment information: credit card, ACH, or check information submitted through our Pay Now and Payment Portals

Information Collected Automatically

When you visit our websites, we automatically collect limited technical information including IP address, browser type, device identifiers, pages viewed, referral source, and time spent on pages. This is collected through cookies, pixels, and similar technologies — see Section 7 below.

Information from Third Parties

We may receive information from financial institutions, payroll providers, prior accountants, the IRS and state taxing authorities, software vendors (e.g., QuickBooks, Thomson Reuters, CCH), and background-check providers in connection with our engagement or your employment application.

2. How We Use Your Information

We use the information we collect to:

  • Deliver the professional services you engage us to perform, including preparing and filing tax returns, conducting audits and reviews, performing business valuations, providing advisory and accounting services, and delivering Kolbe and Working Genius coaching
  • Communicate with you regarding engagements, deadlines, appointments, invoices, and firm updates
  • Process payments and maintain billing records
  • Respond to inquiries submitted through our Contact Us forms
  • Evaluate job applications and administer the employment relationship
  • Maintain the security, integrity, and performance of our websites and systems
  • Comply with our legal, regulatory, and professional responsibilities, including those imposed by the AICPA, state boards of accountancy, the IRS, Treasury Circular 230, and applicable Idaho and Utah law
  • Detect and prevent fraud, unauthorized access, and misuse of our services
  • Improve our website, services, and client experience through aggregated analytics

We do not sell your personal information, and we do not share your nonpublic personal information with third parties for their own marketing purposes.

3. How We Share Information

We share information only as necessary and as permitted by law. Specifically, we may share your information with:

  • Our professionals and staff who need access to perform services for you
  • Taxing and regulatory authorities (IRS, state revenue departments, SEC, PCAOB peer reviewers) when required by law, subpoena, court order, or our professional obligations
  • Service providers and subcontractors under written confidentiality agreements — including secure-file-transfer platforms, practice-management software, e-signature providers, cloud storage, and payment processors
  • Successor firms or acquirers in the event of a merger, acquisition, or sale of firm assets, subject to written confidentiality requirements
  • Other professionals (attorneys, financial advisors, bankers, insurance agents) only with your written authorization
  • Peer reviewers as required by AICPA peer-review standards, subject to strict confidentiality rules

We will not disclose your nonpublic personal information to any third party except as described in this Statement or as you have specifically authorized.

4. Gramm-Leach-Bliley Act (GLBA) Notice

As a CPA firm, Cooper Norman is considered a “financial institution” under the Gramm-Leach-Bliley Act. We are required to provide you with this notice of our privacy practices for nonpublic personal information.

Categories of information collected: identifiers, financial and tax information, and transactional information described in Section 1.

Categories of parties to whom information may be disclosed: only those described in Section 3.

Safeguarding your information: we maintain physical, electronic, and procedural safeguards that comply with AICPA professional standards, the FTC Safeguards Rule, and applicable federal and state law. Access to nonpublic personal information is restricted to personnel who need it to provide services to you.

This GLBA notice remains in effect for the duration of our professional relationship and for as long as we retain your information.

5. Your Privacy Rights

If you are a California resident (CCPA/CPRA)

You have the right to:

  • Know what personal information we collect, use, disclose, and retain
  • Request a copy of your personal information
  • Request correction of inaccurate personal information
  • Request deletion of your personal information (subject to exceptions for tax, accounting, and legal recordkeeping)
  • Opt out of the sale or sharing of personal information — we do not sell or share personal information as those terms are defined under the CCPA
  • Limit use of sensitive personal information
  • Be free from retaliation for exercising these rights

Information collected in connection with professional services is largely exempt from CCPA deletion and access rights under Cal. Civ. Code § 1798.145(e) (GLBA carve-out), but we honor other CCPA rights where applicable.

If you are covered by other U.S. state privacy laws

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have similar rights to access, correct, delete, and limit processing of their personal information. The same GLBA and professional-recordkeeping exceptions generally apply.

If you are located in the European Economic Area or United Kingdom

You have the right under the GDPR and UK GDPR to access, rectify, erase, restrict processing of, or port your personal data, and to object to processing based on legitimate interests. Our lawful bases for processing are: performance of a contract, compliance with a legal obligation, and our legitimate interest in operating and improving our firm.

How to exercise your rights

Email privacy@coopernorman.com or write to Cooper Norman, Attn: Privacy Officer, 1000 Riverwalk Drive, Suite 100, Idaho Falls, ID 83402. We will verify your identity before responding and will respond within the timeframes required by applicable law (generally 45 days).

6. Data Retention

We retain your personal and financial information for as long as necessary to deliver our services, comply with our document-retention obligations under IRS, AICPA, and state professional rules, defend against potential claims, and meet other legal requirements. Tax records are generally retained for seven (7) years, audit workpapers for seven (7) years, and client correspondence for the duration of the engagement plus applicable statutes of limitation. Retention periods may be longer where required by law or by the nature of the engagement.

When information is no longer needed, we securely destroy paper records through cross-cut shredding and permanently delete electronic records using industry-standard methods.

7. Cookies and Tracking Technologies

Our websites use cookies and similar technologies in the following categories:

  • Strictly Necessary: required for the site to function (login state, security, form submission). These cannot be disabled.
  • Functional: remember your preferences, such as language or region.
  • Analytics: help us understand how visitors use the site (e.g., Google Analytics). Used only with your consent.
  • Marketing: used to measure the effectiveness of advertising and to provide relevant content. Used only with your consent.

You can accept, reject, or customize non-essential cookies at any time by clicking “Cookie Preferences” in the banner at the bottom of the page or in the footer. Your choice is saved for 12 months. You can also control cookies through your browser settings, and you can opt out of Google Analytics at https://tools.google.com/dlpage/gaoptout.

We honor Global Privacy Control (GPC) signals for applicable opt-out rights.

8. Information Security

Cooper Norman maintains a written information-security program that meets the requirements of the FTC Safeguards Rule (16 CFR Part 314), the AICPA Statements on Quality Management Standards, and applicable state law. Our safeguards include:

  • Multi-factor authentication for client portals and internal systems
  • Encryption of data in transit (TLS 1.2+) and at rest
  • Role-based access controls and least-privilege permissions
  • Annual security-awareness training for all personnel
  • Third-party risk assessments of key vendors
  • Written incident-response and breach-notification procedures
  • Secure destruction of paper and electronic media

Despite these safeguards, no method of transmission or storage is completely secure. If we become aware of a data breach affecting your information, we will notify you consistent with applicable federal and state breach-notification laws.

9. Client Portals and Third-Party Platforms

Cooper Norman uses secure, third-party client portals (such as SafeSend, ShareFile, or similar) to exchange documents and collect electronic signatures. These platforms maintain their own privacy and security practices and are governed by written data-protection agreements with our firm. Please do not send sensitive financial information by unencrypted email.

10. Children’s Privacy

Our services and websites are directed to businesses and adults. We do not knowingly collect personal information from children under 13 except in connection with a parent’s or guardian’s tax return preparation. If you believe we have collected information from a child in violation of this Statement, please contact us and we will delete it.

11. Links to Third-Party Websites

Our websites may link to third-party sites (for example, the IRS, state tax agencies, Kolbe Corp, or the Working Genius platform). We are not responsible for the privacy practices of those sites. Please review their privacy statements before providing information.

12. Changes to This Privacy Statement

We may update this Privacy Statement from time to time. When we do, we will revise the “Last Updated” date at the top of this page and, for material changes, provide additional notice (for example, via email or a prominent website notice). Your continued use of our websites and services after any change indicates your acceptance of the updated Statement.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Statement or how Cooper Norman handles your information, please contact our Privacy Officer:

Cooper Norman CPAs & Business Advisors
Attn: Privacy Officer
1000 Riverwalk Drive, Suite 100
Idaho Falls, ID 83402

Phone: 208.523.0862
Email: privacy@coopernorman.com
Web: coopernorman.com/contact-us

Cooper Norman is a professional corporation providing certified public accounting and business advisory services. This Privacy Statement is provided for informational purposes and does not create a contract, attorney-client, or accountant-client relationship.