Privacy Policy

EDMA Group Inc – Privacy Policy

Last Updated: December 16, 2025

1. Scope

This Privacy Policy applies to all services, websites located at miguelsanda.com and edmagroup.com (including any subdomains), and mobile applications provided by EDMA Group Inc, including our accounting and financial management platform that integrates with third-party services like QuickBooks.

We are committed to protecting the privacy and security of your personal and financial data in compliance with applicable laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), and other data protection regulations.

2. Information We Collect

We collect the following categories of information:

  • Personal Information: Name, email address, company name, billing information, phone number, tax IDs, and any other identifiers you provide.
  • Financial Data: Transactions, chart of accounts, invoices, bills, expenses, bank feeds, payroll data, financial reports, and other accounting information you upload or import, including via QuickBooks APIs (e.g., customer/vendor details, payment history, balance sheets).
  • Technical & Usage Data: IP address, browser type, device information, activity logs, access times, and integration usage (e.g., QuickBooks connection details).
  • Client Data: If you are an accounting professional using the Services for clients, we may process their financial and personal data on your behalf.

We collect this information directly from you, automatically through your use of the Services (including visits to * miguelsanda.com and edmagroup.com*), or via authorized integrations (e.g., QuickBooks OAuth connections).

3. How We Collect Information

  • Through account registration and user inputs on miguelsanda.com and edmagroup.com.
  • Via integrations with third-party services like QuickBooks, where you authorize us to read and manipulate data.
  • Automatically using cookies, web beacons, and similar technologies for analytics and security on our websites and apps.
  • From third-party sources, such as payment processors or with your consent.

4. How We Use Your Information

We use your information to:

  • Deliver, maintain, and improve the Services, including processing accounting tasks and generating reports.
  • Facilitate integrations with QuickBooks to import, export, or modify financial data.
  • Process payments, issue invoices, and manage subscriptions.
  • Provide customer support, communicate updates, and (with opt-out options) send marketing materials.
  • Detect, prevent, and investigate fraud, abuse, or security incidents.
  • Comply with legal, tax, auditing, or regulatory obligations, including professional accounting standards.
  • Generate anonymized, aggregated insights for internal analytics or product improvement (without identifying individuals).

We do not use your data for purposes incompatible with these without your consent.

5. Data Sharing and Disclosure

We share data only as necessary:

  • With trusted sub-processors under strict Data Processing Agreements (e.g., AWS for hosting, Stripe for payments, Plaid/Yodlee for bank feeds, Intuit/QuickBooks for API integrations).
  • With your explicit consent, such as sharing reports with your clients or advisors.
  • To comply with legal requirements, such as subpoenas, tax audits, or regulatory inquiries.
  • In connection with a merger, acquisition, or sale of assets (with notice and opt-out where required).
  • To enforce our Terms or protect our rights, property, or safety.

We do not sell your personal information. For QuickBooks integrations, data is shared with Intuit as required for API functionality, subject to their privacy policies.

6. Data Security

We implement robust security measures to protect your data, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Access controls, multi-factor authentication, and role-based permissions.
  • Bank and API connections via secure, read/write integrations (e.g., QuickBooks OAuth, Plaid) without storing sensitive credentials.
  • Regular vulnerability scans, penetration testing, and security audits.
  • Pursuit of certifications such as SOC 2 Type II (reports available under NDA to enterprise customers).
  • Data minimization and pseudonymization where feasible.

Despite these measures, no system is infallible, and no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to notifying you of breaches as required by law. Any notification of a security incident does not constitute an admission of fault or liability on our part.

7. International Data Transfers

Data is primarily processed and stored in the United States. For transfers outside the U.S. (e.g., to EU users), we rely on Standard Contractual Clauses (SCCs), Binding Corporate Rules, or adequacy decisions to ensure compliance with GDPR and similar laws.

8. Your Rights

Depending on your location, you may have rights to:

  • Access, correct, or update your personal data.
  • Delete your data (subject to legal retention requirements, e.g., 7 years for U.S. tax records).
  • Export your data in a portable format (e.g., CSV, PDF, or API).
  • Object to or restrict processing, including automated decisions.
  • Withdraw consent where applicable.
  • Opt out of marketing or data sharing (under CCPA, no "sale" occurs).

Contact support@edmagroup.io or support@miguelsanda.com to exercise these rights. We respond within 30 days (or sooner as required by law), without discrimination.

For GDPR: Our legal bases for processing include consent, contract performance, legitimate interests (e.g., security), and legal obligations.

For CCPA/CPRA: California residents may request disclosure of categories collected, sources, purposes, and shared parties. We do not sell data; opt-out is not applicable.

9. Data Retention

We retain personal and financial data as long as your account is active or as required for legal, tax, auditing, or business purposes (generally 7 years for U.S. financial records under IRS guidelines). Inactive accounts may be deleted after 12 months, with notice.

10. Cookies and Tracking Technologies

We use cookies for essential functions, analytics, and personalization on miguelsanda.com and edmagroup.com. You can manage preferences via browser settings or our cookie banner. For details, see our Cookie Policy (available on request).

11. Children's Privacy

The Services are not intended for individuals under 18. We do not knowingly collect data from minors.

12. Third-Party Links and Integrations

The Services may link to or integrate with third-party sites (e.g., QuickBooks). We are not responsible for their privacy practices. Review their policies before authorizing access.

13. Changes to this Policy

Material changes will be notified via email or prominent in-app notice at least 30 days in advance. Continued use constitutes acceptance.

14. Contact & Data Protection Officer

EDMA Group Inc
Attn: Data Protection Officer
support@edmagroup.io
support@miguelsanda.com

If you have concerns, you may also contact relevant authorities (e.g., your local data protection agency).