Client’s Data Privacy and Digital Sovereignty Policy

Last updated: April 23, 2026

Given the sensitivity of EIN/IOR numbers and ACH details, these clauses provide the necessary guarantee and safeguards to ensure that all client data will be treated as confidential and that all client data — especially sensitive data — will be securely protected, temporarily maintained on our systems, and subject to use restrictions limiting our use of client data to measures reasonably necessary to facilitate the issuance of IEEPA duty refunds.

1. Sensitive Data Collection

The Platform collects and stores Importer of Record (IOR) numbers, EINs, and bank account information solely for the purpose of facilitating CBP Form 400/401 (ACH Enrollment) and CAPE submissions.

2. Permanent Removal Protocol

Upon the final resolution of all refund claims and the termination of the Service Agreement, the Firm shall, upon written request or within 60 days of determining the resolution of a client’s last eligible entry, permanently remove and delete all confidential client information, including ACE credentials and sensitive financial or business proprietary data, from the service provider’s systems.

Audit logs and executed legal documents (POAs/Agreements) will be retained to the extent required by DC Bar professional record-keeping rules.

3. Industry-Standard System Security Infrastructure and Data Protection Protocols

All data is stored using industry-standard encryption and protected in accordance with the latest NIST system security protocols for federal agencies and government contractors. Sensitive identifiers such as EINs are masked within the Administrative UI to prevent unauthorized exposure.