Privacy Policy

Aprio Advisory Group, LLC, and its affiliates and subsidiaries and Aprio, LLP, (collectively, “Aprio”, “we”, “us” or “our”) are committed to protecting your (“you”, “your”, or “User”) privacy and abide by this privacy policy (this “Privacy Policy”). This Privacy Policy explains how we collect, use, disclose, and apply the information collected when you use or access Aprio’s general website, located at, https://www.aprio.com (the “Website”), and its integrated services, features, tools, and content as well as when you communicate, inquire, or interact with us, generally, or receive services from us (collectively, the “Services”).

This Privacy Policy sets forth our policy with respect to information that we collect from you, on or through the Services, that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you (“Personal Information” or “Personal Data”). By accessing, using the Services, or interacting with us, you are agreeing to this Privacy Policy. Please read it carefully. If you do not agree herewith, do not access or use the Services.

For purposes of this Privacy Policy, “Users” may be further referred to as the following: (i) a “Visitor”, meaning anyone accessing our Website as well as anyone, who is a non-current or former Aprio Customer, generally communicating or inquiring with us, or (ii) an Aprio “Customer”, meaning any former or current customers or clients of Aprio, if services were/are provided by Aprio to you in your individual capacity as well as any authorized representative of a former or current enterprise customer or client of Aprio.

If you are a resident of Colombia, you can learn more about your privacy rights that may be available to you by reviewing the English Colombia Privacy Policy or the Spanish Colombia Privacy Policy.

1. Changes to this Policy. We may change this Privacy Policy from time to time by publication of an updated version on our Website. We encourage you to review our Privacy Policy whenever you access or otherwise use or receive our Services.

2. How We Collect Information. We may collect information about you by and/or through the following means:

(i) Directly from you, when you provide information to us or otherwise interact with us;

(ii) Automatically when you access, utilize, interact with, or receive our Services; or

(iii) From social networks and other sources of publicly available data.

3. What Information We Collect The types of information we collect varies depending on whether you are a “Visitor” or a “Customer”.

3.1 Aprio Visitor. When a Visitor accesses or views our Website or otherwise communicates, inquires, or interacts with us, generally, we may collect and process the following types of Personal Data in the usual course of business:

(i) Usage Details about your interaction with our Website, such as the pages, features, chatbot, and content that you visited, used, interacted with, or accessed on our Website;

(ii) Device Information, including the IP address and other details of the device that you use to access our Website, such as the Internet Service Provider, operating system, browser type, browser activity, timestamps, and/or mobile network information);

(iii) Contact information, such as your name, e-mail address, phone number, physical/mailing address, and any other information you choose to include when you interact and/or communicate with us through our Website, including through any interactive feature, online contact form or forum, by e-mail or phone, or any other communication mechanism;

(iv) Crash and Error Information, whereby if the Website crash or return an error, we may collect certain data to determine the cause of the error using first or third-party services. The crash or error information collected may include, e.g., the following: device IP address, device name, operating system version, application configurations(s), timestamps, and other statistics.

(v) Survey information in response to surveys or questionnaires that we may send, including for feedback and research purposes; and

(vi) Social Media Data, whereby when you interact with any of our pages on social media services, like Facebook, X (formerly Twitter), Instagram, and LinkedIn (our “Social Media Pages”), we will collect the Personal Data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.

3.2 Aprio Customer. If you are an Aprio Customer, we may collect and process the following types of Personal Data in the provision of the Services:

(i) Transactional information, including payment information and payment history if you engage in transactions with us generally. All credit card information is stored by a third-party payment processor selected by us, from time to time, and such payment services are governed by such third-party payment processor’s terms of service and privacy policy. For the avoidance of doubt, your credit card information is never stored by Aprio or on Aprio’s servers.

(ii) Contact information, such as your name, company name, e-mail address, phone number, physical/mailing address, account information and any other information you choose to include when you interact and/or communicate with us related to your receipt of services from us, including through any interactive feature or forum, online contact form, by e-mail or phone, or any other communication mechanism.

(iii) Account and profile information, such as your username and password, name, company name, e-mail address, phone number, and physical/mailing address when you sign up for an account through the Services.

(iv) Customer Data, as related to your receipt of services from us, you may input, upload, provide, deliver, transmit, or otherwise make available certain data, information, text, files, and other materials to us, via e-mail or any other available mechanisms, which, for the avoidance of doubt, may include certain Personal Data of the Customer and of other related data subjects.

(v) Usage Details about your interaction with our Website, such as the pages, features, chatbot, and content that you visited, used, interacted with, or accessed on our Website;

(vi) Device Information, including the IP address and other details of the device that you use to access our Website, such as the Internet Service Provider, operating system, browser type, browser activity, timestamps, and/or mobile network information);

(vii) Crash and Error Information, whereby if the Website crash or return an error, we may collect certain data to determine the cause of the error using first or third-party services. The crash or error information collected may include, e.g., the following: device IP address, device name, operating system version, application configurations(s), timestamps, and other statistics.

(viii) Survey information in response to surveys or questionnaires that we may send, including for feedback and research purposes.

(ix) Social Media Data, whereby when you interact with our Social Media Pages, we will collect Personal Data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.

4. Additional Information We May Obtain. We may obtain information about you from third parties who help us provide our Services to you. We may also obtain some information from our marketing partners in order to inform you about services that we think you might be interested in. Finally, we may obtain information that does not identify you directly, but which is later used in a way that may later directly identify you. We may combine that general information with your information to provide related Services to you.

5. No Sensitive Data. Unless you are a Customer actively receiving services from us and such is specifically required or requested by us in in our provision of certain services to you, you agree to not upload, transmit, disclose, provide or make available to us, in any manner or form, any Sensitive Data (as defined below), and you agree and acknowledge that we will have no liability whatsoever for such Sensitive Data erroneously uploaded, transmitted, disclosed, provided or made available to us. For the purposes of this Privacy Policy, “Sensitive Data” means any Personal Data that requires a heightened degree of protection by applicable law. Sensitive Data includes, but is not limited to, social security numbers or other government-issued identification numbers, financial account numbers, geolocation, credit card or debit card numbers, CVVs, credit report information, health or medical information, or other information that is subject to international, federal, state, or local laws or regulations now or hereafter enacted requiring heightened standards for data protection or privacy, including, but not limited to, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health Act, the Fair Credit Reporting Act, the Children’s Online Privacy Protection Act, and the Gramm-Leach-Bliley Act.

6. Cookies and Other Technologies. Like many Third Party Websites (as defined below), our Website may use “cookies” or “other technologies” (such as “pixel tags”, “web beacons”, “clear GIFs”, links in emails, JavaScript, device IDs, or similar technologies) to collect information and support certain features of our Website. Cookies and other technologies allow us and third parties to obtain information about your visits to our Services, including analyzing your visiting patterns. Although you are not required to accept cookies when you visit our Services, you may be unable to use all of the functionality of our Services if your browser restricts our cookies. We may use this information to process your requests and to deliver online advertisements, messages and content from us and others that are specific to your interests. The information we collect from your web browser and from cookies and other technologies does not identify you personally, but in some cases, we may link it to personally identifiable information.

6.1 Cookies. Below, we explain the different types of cookies that may be used on the Services.

6.1.1 Necessary Cookies. Necessary cookies are required to enable the basic features of the Website, such as adjusting your consent preferences. These cookies do not store any Personal Data.

6.1.2 Functional Cookies. Functional cookies are used to enhance the Website’s performance and functionality. Without them, certain functions of the Website may not be available. They are used to remember your preferences and settings to enhance your Website browsing experience.

6.1.3 Performance Cookies. Session cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the Website. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our Website, and will not be able to monitor its performance.

6.1.4 Analytics Cookies. Analytics cookies help collect information about your use of our Services and enable us to improve the way it works. These cookies give us aggregated information that we use to monitor site performance, count page visits, spot technical errors, see how users reach the Services, and measure the effectiveness of marketing (including emails).

6.1.5 Marketing Cookies. Marketing cookies are used to measure the performance of our advertising campaigns and to help us optimize our advertising resources. Unlike targeting cookies that build detailed user profiles, the marketing cookies which we employ, for example, marketing cookies provided by Google Ads and LinkedIn Ads, are not used to track you across unrelated websites or to create personal behavioral profiles. Instead, these Marketing Cookies allow us to understand whether our ads are effective, how often they are clicked, and which campaigns generate results. The information is used solely for internal measurement and advertising/marketing campaign optimization purposes.

6.2 Your Rights to Opt-out of Cookies. When you visit our Website, you are given the choice to manage your cookie preferences through the cookie consent banner displayed on the footer of the Website. This banner allows you to:

(i) Accept all cookies, including necessary, functional, performance, and marketing cookies; or

(ii) Customize your preferences, so that you can choose which categories of cookies you allow (for example, enabling functional, and performance cookies, while rejecting marketing cookies). Please note that if you opt out of certain cookies, some features of the Website may not function as intended.

6.3 Other Technologies. In addition to Cookies, we may use other similar technologies, like pixel tags (also known as web beacons and clear GIFs), to, among other things, track the actions of users of the Services (about usage and including email recipients), measure the success of our marketing campaigns, and compile statistics of the Website and response rates.

7. How We Use Your Information.

7.1 For Our Legitimate Business Interests. We may use the Personal Data that we collect for our legitimate interests and the limited purpose of providing the Services and as permitted by applicable law. These purposes include circumstances where it is necessary to provide or fulfill the Services requested by or for you or where you have given us your express consent. As such, we may use your Personal Data to:

(i) Complete transactions between you and Aprio;

(ii) Provide the information and Services that you request;

(iii) Provide you with effective customer service;

(iv) Better understand your needs and interests, and provide you with a personalized experience when you use our Services;

(v) Improve our Website’s artificial intelligence (“AI”) chatbot’s output, responses, and overall functioning (accordingly, our AI chatbot’s conversations may be reviewed by our content team to effect this);

(vi) Contact you with special offers and other information we believe will be of interest to you (in accordance with any privacy preferences you have expressed to us);

(vii) Contact you with information that you have requested, and notices related to your use of our Services;

(viii) Send you commercial or marketing/advertising messages, including, without limitation, messages, including via newsletters and phone, text message (SMS), and e-mail communications about our offerings or Services;

(ix) Invite you to participate in surveys and to provide feedback to us (in accordance with any privacy preferences you have expressed to us);

(x) Improve our Services, develop new services, improve our marketing and promotional efforts, and improve the content, functionality, and usability of the Website;

(xi) Enforce our other policies or agreements, such as any agreement between us and a specific Customer;

(xii) Promote security and protect against and prevent fraud, claims, and other liabilities;

(xiii) Verify the information that you provide to us as well as the representations and warranties that you make to us in a certain agreement;

(xiv) Meet our internal and external audit obligations; and

(xv) To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

7.2 With Your Consent. In some cases, we will ask you for consent to use your Personal Data for specific purposes. If we do, we will make sure that you can revoke your consent in accordance with the “Your Choices” section below.

7.3 Other Purposes. If we intend to use any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to, or at the time that, the Personal Data is collected, or we will obtain your consent subsequent to such collection, but prior to such use.

7.4 AI Tools. We may use AI–enabled tools and technologies to support internal business operations, including improving efficiency, providing and enhancing the Services, conducting data analysis, and assisting with customer support and administrative functions. These tools may process information, including Personal Data, provided to or generated by us in accordance with this Privacy Policy and applicable data protection laws. We do not use AI tools to make decisions that produce legal or similarly significant effects on individuals without appropriate human review, where required by applicable law. We take reasonable measures to evaluate AI vendors and to implement safeguards designed to protect Personal Data processed through AI tools. We do not use AI tools to train public or third-party AI models using Personal Data unless expressly disclosed or permitted by law.

7.5 Aggregated Personal Data. We may aggregate and/or de-identify information collected through the Services and from other sources so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including, without limitation, for research and marketing purposes.

8. How We Share and Disclose Information.

8.1 We Do Not Sell Personal Data. We do not sell or share your Personal Data for monetary consideration. This means that we do not exchange your Personal Data with third parties in return for payment, nor do we disclose it for purposes that would constitute a “sale” or “sharing” under applicable privacy laws. As such we only disclose Personal Data that we collect about you as described herein or otherwise disclosed to you at the time the Personal Data is collected.

8.2 Service Providers; Business Partners. We provide access to or share your Personal Data with select third parties, including, but not limited to, business partners, service providers, subcontractors, and sub-processors (collectively, the “Service Providers”), who perform services on our behalf. Pursuant to our instructions, these third parties will access, process, or store Personal Data in the course of performing their duties to us. We take commercially reasonable steps to ensure that our Service Providers adhere to the security standards that we apply to your Personal Data. Our Service Providers provide a variety of services to us, including, for example, billing, accounting, sales, marketing, advertising, analytics, research, customer relationship management, customer service, data storage, security, payment processing, and legal services.

8.3 Affiliates. We may share Personal Data about you with firms that assist us in servicing your account or accounts and processing transactions that you request. As such, we may share Personal Data about you among our affiliates to offer or provide further products and services to you. Our affiliates include, but are not limited to, the following: Aprio Advisory Group, LLC, Aprio Strategic Partners, LLC, Aprio Risk Management, LLC, Aprio Benefit Advisors, LLC, Aprio Wealth Management, LLC, Aprio Cyber Solutions, LLC, and Aprio Philippines Incorporated.

8.4 Your Consent. We may ask for your consent to share your Personal Data with certain other third parties and your ability to access, use, and receive the Services may be impacted by your denial of any requested consent. We may share your information for other purposes pursuant to your consent or with your further direction.

8.5 Aggregate/De-Identified Data. From time to time, we may share Aggregate/De-Identified Information about the use of the Services, such as by publishing a report on usage trends. The sharing of such data is unrestricted.

8.6 Legal Reasons. We may also disclose your Personal Data when we, in good faith, believe disclosure is appropriate to comply with the law, a court order, or a subpoena. We may also disclose your Personal Data, e.g., to prevent or investigate a possible crime, such as fraud or identity theft; to protect the security of our Services; to enforce or apply our policies or other agreements; or to protect our own rights or property or the rights, property, or safety of our users or others. We will attempt to notify our users about legal demands for their Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague, or lack proper authority.

8.7 Sale, Merger, or Other Business Transfer. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), Personal Data may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, your Personal Data would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable law, we will comply with such restrictions.

9. Your Choices.

(a)You can manage cookies through your web browser. Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu or by visiting www.allaboutcookies.org. Please note, however, that without cookies you may not be able to take full advantage of all our Website’s features. In addition to the browser-based controls, you can manage third-party cookies by visiting www.aboutads.info/choices/. Alternatively, for some devices, you may use your device’s platform controls in your settings to exercise choice. Please note you must separately opt-out in each browser and on each device.

(b) You have a choice, at any time, to stop us from sending you e-mails for marketing purposes by following the “unsubscribe” link included in these messages or text messages for marketing purposes by replying “STOP” to these text messages. Please note that despite any indicated e-mail or text messaging marketing preferences, we may continue to send you administrative e-mails and text messages regarding Aprio and the Services, including, for example, notices of updates to our policies or this Privacy Policy if we choose to provide such notices to you in this manner.

(c)If you do not provide the information that we need to provide the Services, we may not be able to provide you with the Services or certain functionalities. We will tell you what Personal Data that you must provide in order to use the Services and its related functionalities or services. Do not provide the AI chatbot or, as applicable, any other AI tool hosted on our Services with any Personal Data or Sensitive Data. Aprio shall have no obligation to safeguard or protect, and no liability arising from, any Personal Data or Sensitive Data which you elect to provide to the AI chatbot or, as applicable, other AI tools.

(d) Some browsers offer a “do not track” (“DNT”) option. Since no common industry or legal standard for DNT has been adopted by industry groups, technology companies, or regulators, we do not respond to DNT signals. We will make reasonable efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

10. Data Processing and Data Transfers. By accessing or using the Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries and territories, which may have different privacy laws from your country of residence. Personal Data collected within the European Economic Area may, for example, be transferred to and processed by third parties located in a country outside of the European Economic Area. In such instances, we will ensure that the transfer of your Personal Information is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place.

11. Security; Trust Portal.

(a) We take security seriously and have implemented administrative, physical, and technological measures to protect your information from unauthorized access, loss, misuse, disclosure, alteration and destruction.

(b) You may access our trust portal, as available, at https://aprio.securitypal.com to review the security controls and policies that we have in place presently, along with our current security-related certifications. Information provided in the trust portal is for informational purposes only and is not a representation, warranty, or guarantee of current security conditions or practices, nor does Aprio undertake any obligation to update the trust portal or notify you of changes to our security posture. You agree that you will not rely on the trust portal as a substitute for your own due diligence, and Aprio shall have no liability arising from or relating to your access to or use of the trust portal or the information contained therein.

(c) If you wish to report a security concern or if you have a question around security, please submit your inquiry to us in accordance with the “Contact Us” section.

12. European Residents. If you are a resident of the European Economic Area, you may have certain rights regarding the Personal Data we maintain about you. We offer you certain choices about what Personal Data we collect from you, how we use that information, and how we communicate with you. If at any time you wish to exercise your rights, please reach out to us in accordance with the “Contact Us” section:

12.1 Information and Access. You can request to see which Personal Data we process from you. We can inform you how and why we process this data unless restricted by law, or if we are unable to verify your identity.

12.2 Submitting Information. You may refrain from submitting information directly to us, although doing so may impact our ability to provide the services and information you request and/or affect your ability to access and use the Services.

12.3 Rectification. You may request to update or correct the Personal Data that we maintain for you.

12.4 Right to be Forgotten/Request Deletion. You may request deletion of your Personal Data. We may ask you for additional information to verify your identity and will process your request subject to and in accordance with the law.

12.5 Restriction. You may request the limitation on the processing of your Personal Data.

12.6 Restricting Cookies. Generally, if you do not wish to receive cookies, you may set your cookie preferences through the cookie consent banner displayed on the footer of the Website or, alternatively, you may set your browser to deny cookies or to alert you when a cookie is placed on your computer.

12.7 Objection. You may remove your consent for the processing of your Personal Data.

12.8 Transferability. You may request to transfer your Personal Data.

13. Canadian Residents. If you are a resident of Canada, you may have certain rights regarding the Personal Information we maintain about you. We offer you certain choices about what Personal Information we collect from you, how we use that information, and how we communicate with you. If at any time you wish to exercise your rights, please reach out to us in accordance with the “Contact Us” section:

13.1 Information and Access. You can request to see which Personal Information we hold about and process from you. We can inform you how we use or disclose, why we use or disclose, and to whom we disclose this data unless restricted by law, or if we are unable to verify your identity.

13.2 Rectification. You may request that we correct or update any Personal Information that is inaccurate, incomplete, or outdated.

13.3 Objection. Where we rely on your consent to process your Personal Information, you may withdraw such consent at any time, subject to legal or contractual restrictions.

13.4 Challenging Compliance. You may submit to us a challenge concerning our compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) as related to our handing of your Personal Data.

13.5 Compliant. If you are not satisfied with how we handle your privacy request, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.

14. Additional Information for Residents of Certain U.S. States. If you are a U.S. resident, we process your Personal Data in accordance with applicable U.S. state data privacy laws. Depending on where you live (including California, Colorado, Connecticut, Oregon, Nevada, Utah, Virginia, etc.), you may be entitled to certain rights with respect to your Personal Data, as further described in Exhibit A.

15. Personal Information Retention. We will retain information required to comply with privacy requests, manage active Customer accounts, as required by law, in order to resolve disputes, and to enforce our agreements. We may also retain copies of your information for disaster recovery purposes.

16. Links to Third Party Websites. The Website may contain links to other websites not operated or controlled by us, including social media services (“Third Party Websites”). The information that you share with Third Party Websites will be governed by the specific privacy policies and terms of service of the Third Party Websites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these websites. Please contact the Third Party Websites directly for information on their privacy practices and policies.

17. Privacy of Children. We are committed to protecting the privacy of children and following all laws, regulations and guidelines in respect thereof. We do not knowingly accept or solicit Personal Data from a User, who is known to be under the age of thirteen (13). As such, if you are a User who is under the age of thirteen (13), please do not use our Services, including our Website, to provide, submit or transmit to us any Personal Data, and, for the avoidance of doubt, we will not be liable or responsible for any Personal Data which is provided, submitted, or transmitted to us by a User who is under the age of thirteen (13). By receiving Services, you, as a Customer, represent and warrant that you have not and will not provide any Personal Data of a child under thirteen (13) without first obtaining verifiable parental consent in full compliance with COPPA and any other applicable laws. If you have concerns regarding the privacy of children, please contact us in accordance with the “Contact Us” section.

18. Contact Us. If you have any questions or concerns about our Privacy Policy, please contact us via e-mail at [email protected] or by mail at:

Aprio, LLP
2002 Summit Blvd NE
Suite 120
Atlanta, GA 30319

Your Rights

You have the right to:

Request access, correction, or deletion of your data.
Opt out of non-essential data use.
Report concerns about AI-enabled tools.
Challenge Decisions: If an AI-assisted process affects you, you can request human review.

Contact Us

Aprio is committed to earning and maintaining your trust as we responsibly leverage technology to serve your needs.
To exercise any of the above stated rights, or for any other privacy-related questions or concerns, you can contact us at [email protected]

EXHIBIT A

U.S. State-Specific Privacy Information

This Exhibit A is designed to be consistent with California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Montana, Minnesota, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia privacy laws, and provides you with certain U.S. State-specific disclosures and rights which may be applicable and afforded to you depending on your U.S. State of residency.

Aprio Advisory Group, LLC and Aprio, LLP Privacy Policy