Privacy Policy US
APRIO ADVISORY GROUP, LLC
PRIVACY POLICY
Last Updated: February 24, 2026
Aprio Advisory Group, LLC, a Georgia (US) limited liability company and its affiliates and subsidiaries, (collectively, “Aprio”, “we”, “us” or “our”) are committed to protecting your (“you”, “your”, or “user”) privacy and abide by this privacy policy (this “Privacy Policy”). This Privacy Policy explains how we collect, use, disclose, and apply the information collected when you use or access our mobile application as available on the Apple App Store and Google Play Store (the “Platform”), and its associated services, features, and functionalities (collectively, with the Platform, the “Services”). Our Terms of Service, as updated from time to time (the “Terms of Service”), applicable to users, as defined below, are expressly incorporated herein by reference and are an integral part hereof.
This Privacy Policy sets forth our policy with respect to information that we collect from you, on or through the Services, that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you (“Personal Information” or “Personal Data”). By accessing or using the Services, or otherwise interacting with us, you are agreeing to this Privacy Policy. Please read it carefully. If you do not agree herewith, do not access or use the Services.
For purposes of this Privacy Policy, “users” shall include and may be further referred to as the following: (i) a “Visitor”, meaning anyone accessing our Platform prior to creating or logging into an account and (ii) a “Registered User”, meaning any user who has registered to access and use the Platform.
1. Changes to this Policy. We may change this Privacy Policy from time to time by publication of an updated version on ourPlatform, which shall become effectiveimmediately upon publication. We encourage you to review our Privacy Policy whenever you access or otherwise use the Services. Your continued access or use of the Services constitutes your acceptance of any updated version of this Privacy Policy, as published.
2. How We Collect Information. We may collect information about you by and/or through the following means:
(i) Directly from you, when you provide information to us or interact with us;
(ii) Automatically when you access, utilize or interact with our Services;
(iii) From your employer, if authorized by you; or
(iv) From social networks and other sources of publicly available data.
3. What Information We Collect. The types of information we collect varies depending on whether you are a “Visitor”or “Registered User”.
3.1 Aprio Visitor. When a Visitor accesses or views our Platform or otherwise interacts with us, we may collect and process the following types of Personal Data in the usual course of business:
(i) Usage Details about your interaction with our Platform, such as the pages which you visited on our Platform;
(ii) Device Information, including the IP address and other details of the device that you use to access our Platform (such as the Internet Service Provider, operating system, timestamps, and/or mobile network information). We may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, and your mobile device’s unique device ID;
(iii) Location information, as we may use publicly available sources to approximate your geographic region and Internet Service Provider based on your IP address;
(iv) Contact information, such as your name, phone number, e-mail address, physical/mailing address, and any other information you choose to include when you interact and/or communicate with us through our Platform, including by e-mail or any other communication mechanism;
(v) Survey information in response to surveys or questionnaires that we may send, including for feedback and research purposes; and
(vi) Social Media Data, whereby when you interact with any of our pages on social media services, like Facebook, Twitter, Instagram, and LinkedIn (our “Social Media Pages”), we will collect the Personal Data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
3.2 Aprio Registered User. If you are a Registered User, we may collect and process the following types of Personal Data via the provision of the Services, including when accessing and/or using the Platform:
(i) Financial information, including bank account and tax information and history if you engage provide us with such information through the Services or with us generally.
(ii) Contact information, such as your name, e-mail address, phone number, physical/mailing address, account information and any other information you choose to include when you interact and/or communicate with us through our Services, including through any interactive feature, online contact form, by e-mail, or any other communication mechanism.
(iii) Account, profile, and account information, such as your username and password, name, and e-mail address, when you register for access to the Platform, and/or sign up for an account through the Services.
(iv) Registered User Data, if at any time certain features and functionalities of the Services allow you to upload, deliver, submit, store, transmit, integrate or otherwise make available certain information, documents, text, files, images, graphics, data, and other materials and which, for the avoidance of doubt, may include certain Personal Data of the Registered Users.
(v) Usage Details about your access to, use of, and interaction with our Services and about the features you use within the Services as well as the amount of the Services that you use, and the amount of time spent on the Services.
(vi) Device Information, including the IP address and other details of the device that you use to access our Services (such as the Internet Service Provider, operating system, device name, timestamps, and/or mobile network information). We may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of Platform that you accessed.
(vii) Location information, as we may use publicly available sources to approximate your geographic region and Internet Service Provider based on your IP address.
(viii) Crash and Error Information, whereby if the Services crash or return an error, we may collect certain data to determine the cause of the error using first or third-party services. The crash or error information collected may include, e.g., the following: device IP address, device name, operating system version, application configurations(s), timestamps, and other statistics.
(ix) Survey information in response to surveys or questionnaires that we may send, including for feedback and research purposes.
(x) Social Media Data, whereby when you interact with our Social Media Pages, we will collect Personal Data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
3.3 Push Notifications. We may request to send you push notifications regarding your account or certain features of the Platform. If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.
4. Disclaimers.
(a) You may have access to third-party websites or resources through the Services that provide medical or health services. Aprio is not a licensed health care provider, and the Services are not intended to be, and shall not be construed as, medical or health advice. The Services are provided for informational purposes only and are not a substitute for professional medical diagnosis, treatment, or advice. Always seek the guidance of a qualified health care provider with any questions you may have regarding a medical condition or treatment. Use of the Services does not create a provider-patient relationship between you and Aprio.
(b) To the extent that you provide us with any information that would be considered Protected Health Information (“PHI”) as defined under applicable law, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), you represent and warrant that you have the legal right and authority to do so, and you expressly authorize and consent to Aprio’s use, review, analysis, processing, and handling of such PHI for the purpose of providing the Services. Examples of PHI may include medical records, mental health conditions or treatment, or other information relating to your psychological health. You acknowledge that such PHI is provided voluntarily, i.e., if you do not wish to share PHI with us, you are not required to do so, and that Aprio will handle the receipt and use of PHI in accordance with Aprio’s privacy practices. However, please note that we are not a HIPAA “covered entity” and we do not act as a “business associate” as those terms are defined under HIPAA, unless we have explicitly agreed to do so in writing through a separate agreement.
5. Additional Information We May Obtain.We may obtain information about you from third parties who help us provide our Services to you. We may also obtain some information from our marketing partnersin order to inform you about products or services that we think you might be interested in. Finally, we may obtain information that does not identify you directly, but which is later used in a way that may later directly identify We may combine that general information with your information to provide related services to you.
6. Tracking Technologies and Similar Technologies.Our Services may use technologies functionallysimilar to cookies, including software development kits (SDKs), mobile analytics tools, device identifiers, app instance identifiers, pixel tags (also known as web beacons or clear GIFs), and other similar technologies (collectively, “Technologies”) to collect information and support certain features of our Services. Unlike websites, native mobile applications do not use browser cookies. Instead, information may be collected through app-based Technologies and device-level identifiers provided by the operating system (such as identifiers assigned by Apple or Google). Certain Technologies may rely on permissions granted at the device level (e.g., operating system privacy settings). Disabling or restricting such permissions may impact the availability or functionality of certain features of the Services. Information collected through these Technologies does not, by itself, directly identify you personally, but may in some cases be linked to other information we maintain about you in accordance with this Privacy Policy.
6.1 Categories of Technologies Used. We use the following categories of Technologies in connection with the Services:
6.1.1 Essential Technologies. Required to operate the Services, including authentication, security, account access, and core application functionality.
6.1.2 Functional Technologies. Used to remember user preferences and settings.
6.1.3 Session and Usage Technologies. Used to support the Application’s functionality and understand how users interact with the Services.
6.1.4 Analytics and Performance Technologies. Used to monitor Application performance and improve reliability and usability.
6.1.5 Advertising and Measurement Technologies. Used to measure the effectiveness of communications and marketing efforts. We do not engage in cross-app tracking for targeted advertising purposes without obtaining user permission where required by applicable law or platform policies (such as Apple’s App Tracking Transparency Framework).
6.1.6 Technologies Under Assessment. Technologies that are undergoing internal evaluation and categorization.
6.2 Other Technologies. In addition to the above, we may use pixel tags or similar Technologies within the Services or in communications to understand usage, measure engagement, and improve our Services.
7. How We Use Your Information.
7.1 For Our Legitimate Business Interests. We may use the Personal Data that we collect for our legitimate interests and the limited purpose of providing the Services and as permitted by applicable law. These purposes include circumstances where it is necessary to provide or fulfill the Services requested by or for you or where you have given us your express consent. As such, we may use your Personal Data to:
(i) Facilitate payroll payments to you by your employer;
(ii) Compile and provide resources related to the benefit plan(s) you select;
(iii) Provide the information and Services that you request;
(iv) Distribute payments among multiple bank accounts;
(v) Service your account and provide you with effective customer service;
(vi) Better understand your needs and interests, and provide you with a personalized experience when you use our Services;
(vii) Contact you with special offers and other information we believe will be of interest to you (in accordance with any privacy preferences you have expressed to us);
(viii) Contact you with information that you have requested, and notices related to your use of our Services;
(ix) Send you commercial or marketing/advertising messages, including, without limitation, messages, including via newsletters and phone, text message (SMS), and e-mail communications about our offerings and Services (in accordance with any privacy preferences you have expressed to us);
(x) Invite you to participate in surveys and to provide feedback to us (in accordance with any privacy preferences you have expressed to us);
(xi) Improve our Services, develop new services, improve our marketing and promotional efforts, and improve the content, functionality, and usability of the Platform;
(xii) Enforce our other policies or agreements, such as any agreement between us and a specific Registered User with respect to such Registered User’s account;
(xiii) Promote security and protect against and prevent fraud, claims, and other liabilities;
(xiv) Verify the information that you provide to us as well as the representations and warranties that you make to us in a certain agreement or via the Services;
(xv) Meet our internal and external audit obligations; and
(xvii) To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
7.2 With Your Consent. In some cases, we will ask you for consent to use your Personal Data for specific purposes. If we do, we will make sure that you can revoke your consent in accordance with the “Your Choices” section below.
7.3 Other Purposes. If we intend to use any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to, or at the time that, the Personal Data is collected, or we will obtain your consent subsequent to such collection, but prior to such use.
7.4 Aggregated Personal Data. We may aggregate and/or de-identify information collected through the Services and from other sources so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including, without limitation, for research, analytics, and marketing purposes.
8. How We Share and Disclose Information.
8.1 We Do Not Sell Personal Data. We do not sell, share, or otherwise disclose Personal Data that we collect about you, except as described herein or otherwise disclosed to you at the time the Personal Data is collected.
8.2 Service Providers; Business Partners. We provide access to or share your Personal Data with select third parties, including, but not limited to, business partners, service providers, subcontractors, and sub-processors (collectively, the “Service Providers”), who perform services on our behalf. Pursuant to our instructions, these third parties will access, process, or store Personal Data in the course of performing their duties to us. We take commercially reasonable steps to ensure that our Service Providers adhere to the security standards that we apply to your Personal Data. Our Service Providers provide a variety of services to us, including, for example, billing, sales, marketing, analytics, research, data storage, payment processing, and legal services.
8.3 Your Consent. We may ask for your consent to share your Personal Data with certain other third parties and your ability to use and/or receive the Services may be impacted by your denial of any requested consent. We may share your information for other purposes pursuant to your consent or with your further direction.
8.4 Settings. We may share information consistent with your setting selections within the Platform or on your device, as such setting functionality may be in effect from time to time.
8.5 Aggregate/De-Identified Data. From time to time, we may share Aggregate/De-Identified Information about the use of the Services, such as by publishing a report on usage trends. The sharing of such data is unrestricted.
8.6 Legal Reasons. We may also disclose your Personal Data when we, in good faith, believe disclosure is appropriate to comply with the law, a court order, or a subpoena. We may also disclose your Personal Data, e.g., to prevent or investigate a possible crime, such as fraud or identity theft; to protect the security of our Services; to enforce or apply our policies or other agreements; or to protect our own rights or property or the rights, property, or safety of our users or others. We will attempt to notify our users about legal demands for their Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague, or lack proper authority.
8.7 Sale, Merger, or Other Business Transfer. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), Personal Data may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, your Personal Data would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable law, we will comply with such restrictions.
9. Your Choices.
(a) Users may manage or limit cookies and similar technologies in the following ways:
(i) Device Settings: Users can control certain data collection and tracking practices through their mobile device settings, including limiting ad tracking, resetting advertising identifiers, or disabling permissions associated with the Platform.
(ii) Operating System Controls: Apple iOS and Android operating systems provide privacy controls that allow users to manage how applications use tracking technologies, including options related to personalized advertising and application tracking transparency.
(iii) Platform Settings (if available): The Platform may provide for in-app privacy or preference settings where users may adjust such settings to manage certain data collection practices.
(iv) Uninstallation: Users may stop all data collection by uninstalling the Platform from their device.
For more information on managing privacy and tracking settings, users should consult the privacy controls provided by Apple or Google for your respective device.
(b) You have a choice, at any time, to stop us from sending you e-mails for marketing purposes by following the “unsubscribe” link included in these messages or by replying “STOP” to these text messages. Please note that despite any indicated e-mail or text messaging marketing preferences, we may continue to send you administrative e-mails and text messages regarding Aprio and the Services, including, for example, notices of updates to our policies or this Privacy Policy if we choose to provide such notices to you in this manner.
(c) If you do not provide the information that we need to provide the Services, we may not be able to provide you with the Services or certain functionalities. We will tell you what Personal Data that you must provide in order to use the Services and its related functionalities or services.
(d) Advertisements on third-party websites may be directed to you based on information collected by advertising partners over time and across various websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.
10. Data Processing and Data Transfers. By accessing or using the Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and othercountries and territories, which may have different privacy laws from your country of residence. In such instances, we shall ensure that the transfer of your PersonalData is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place.
11. Security.
(a) We take security seriously and have implemented administrative, physical, and technological measures to protect your information from unauthorized access, loss, misuse, disclosure, alteration and destruction.
(b) You may access our trust portal, as available, at https://aprio.securitypal.com to review the security controls and policies that we have in place presently, along with our current security-related certifications. Information provided in the trust portal is for informational purposes only and is not a representation, warranty, or guarantee of current security conditions or practices, nor does Aprio undertake any obligation to update the trust portal or notify you of changes to our security posture. You agree that you will not rely on the trust portal as a substitute for your own due diligence, and Aprio shall have no liability arising from or relating to your access to or use of the trust portal or the information contained therein.
(c) If you wish to report a security concern or if you have a question around security, please submit your inquiry to us in accordance with the “Contact Us” section.
12. Additional Information for Residents of Certain U.S. States. If you are a U.S. resident, we process your Personal Datain accordance withapplicable U.S. state data privacy laws. Depending on where you live (including California, Colorado, Connecticut, Oregon, Nevada, Utah, Virginia, Washington, etc.), you may be entitled to certain rights with respect to your Personal Information, as further described in Exhibit A.
13. PersonalDataRetention. We will retain information required to comply with privacy requests, manage active accounts, as required by law, in order to resolve disputes, or enforce our agreements. We may also retain copies of your information for disaster recovery purposes. We will retain tax records for a minimum of three (3) years, in compliance with applicable law.
14. Links to Third Party Websites. The Services maycontainlinks to other websites or mobile applications not operated or controlled by us, including social media services (“Third Party Websites”). The information that you share with Third Party Websites will be governed by the specific privacy policies and terms of service of the Third Party Websites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these websites. Please contact the Third Party Websites directly for information on their privacy practices and policies.
15. Privacy of Children. We are committed to protecting the privacy of children and following all laws, regulations,and guidelines in respect thereof. We do not knowingly accept orsolicit Personal Data from a user who is known to be under the age of thirteen (13). As such, if you are under the age of thirteen (13), please do not use our Services, including our Platform, to provide, submit or transmit to us any Personal Data, and, for the avoidance of doubt, we will not be liable or responsible for any Personal Data which is provided, submitted, or transmitted to us by an individual who is under the age of thirteen (13). Further, by accessing, using, and/or receiving the Services, you represent and warrant that you have not and will not provide any personal information of a child under the age of thirteen (13) if you are not such child’s legal parent or guardian, or without having obtained verifiable consent from the legal parent or guardian of such child, in full compliance with COPPA and any other applicable laws. If you have concerns regarding the privacy of children, please contact us in accordance with the “Contact Us” section.
16. Contact Us.If you have any questions or concerns about our Privacy Policy, please contact us via e-mail at or by mail at:
Aprio Advisory Group, LLC
2002 Summit Blvd NE
Suite 120
Atlanta, GA 30319