Cannabis CPA & Tax Accountant for Dispensaries
570-417-0393
drustcpa@gmail.com

Privacy Policy

Last Updated: February 13, 2026

Overview

This Privacy Policy describes how Cannadrust CPA ("Company," "we," "us," or "Cannadrust") collects, uses, discloses, and protects your information when you use our website at cannadrust.com (the "Site") and engage with our professional accounting, tax, bookkeeping, and financial services (collectively, the "Services").

We take your privacy seriously. As a CPA firm serving cannabis businesses, we understand the sensitive nature of financial information and maintain the highest standards of confidentiality and professional ethics. We use your personal data for internal business and professional service purposes only. We do not sell your data to other companies or third parties.

By using the Site or engaging our Services, you agree to the collection and use of information in accordance with this Privacy Policy and our Terms and Conditions.

Interpretation and Definitions

1. Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

2. Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for you to access our Services, client portal, or parts of our Site.

Company (referred to as either "the Company," "we," "us," or "our" in this Policy) refers to Cannadrust CPA, doing business as Cannadrust and Adam Drust CPA.

Client means an individual or business entity that has entered into an engagement letter for professional accounting, tax, bookkeeping, or financial services with Cannadrust CPA.

Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing details of your browsing history on that website among its many uses.

Device means any device that can access the Service such as a computer, cellphone, or digital tablet.

Personal Data means any information that relates to an identified or identifiable individual.

Service refers to the Website and all professional services provided by Cannadrust CPA.

Service Provider means any natural or legal person who processes data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analyzing how the Service is used.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Website or Site refers to Cannadrust CPA, accessible from cannadrust.com.

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Information We Collect

Types of Data Collected

1. Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to:

Contact Information:

  • First name and last name
  • Email address
  • Phone number (business and mobile)
  • Business address
  • Mailing address

Business Information:

  • Business name and legal entity type
  • Business structure (LLC, S-Corp, C-Corp, etc.)
  • Business Tax ID (EIN)
  • State cannabis license numbers
  • Business formation dates
  • Industry classification

Financial Information (for Clients):

  • Banking information (for payment processing and bookkeeping services)
  • Credit card information (processed through secure third-party payment processors)
  • Financial statements and accounting records
  • Tax returns and supporting documentation
  • Payroll information
  • Revenue and expense data
  • Cost of goods sold documentation
  • 280E cost accounting records

Cannabis Business-Specific Information:

  • State cannabis licenses and compliance documentation
  • Seed-to-sale tracking system data (Metrc, BioTrack, etc.)
  • Point-of-sale system data (Dutchie, Flowhub, Treez, Cova, etc.)
  • Inventory management data
  • Dispensary operational data
  • Cultivation and processing records
  • Product testing and compliance documentation

Professional Engagement Information:

  • Service preferences and history
  • Communication preferences
  • Engagement letter documentation
  • Consultation notes and records
  • Project deliverables and work product

2. Usage Data

Usage Data is collected automatically when using the Service. This may include:

  • Your Device's Internet Protocol address (IP address)
  • Browser type and version
  • Pages of our Service that you visit
  • Time and date of your visit
  • Time spent on those pages
  • Unique device identifiers
  • Diagnostic data
  • Pages visited before and after our Site
  • Operating system type

3. Information from Third-Party Services

When you integrate third-party cannabis business software with our Services (such as POS systems, seed-to-sale tracking, e-commerce platforms, or other business tools), we may receive information from these services including:

  • Transaction data from POS systems
  • Inventory data from seed-to-sale tracking systems
  • E-commerce sales data
  • Payment processing information
  • CRM data
  • Time tracking and payroll data

We collect this information only with your explicit authorization and for the purpose of providing accounting and bookkeeping services.

4. Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track activity on our Service and store certain information. Technologies used may include:

Cookies or Browser Cookies: A cookie is a small file placed on your device. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some parts of our Service.

Web Beacons: Certain sections of our Service and emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company to count users who have visited those pages or opened an email.

Types of Cookies We Use:

  • Necessary/Essential Cookies: Required for the Site to function properly
  • Functionality Cookies: Remember your preferences and settings
  • Analytics/Performance Cookies: Help us understand how visitors interact with our Site
  • Advertising Cookies: Used to deliver relevant advertisements (if applicable)

You can manage cookie preferences through your browser settings.

How We Use Your Information

Cannadrust CPA uses the collected data for various purposes:

Professional Services Delivery

  • Providing accounting, bookkeeping, tax preparation, payroll, and fractional CFO services
  • Preparing financial statements and reports
  • Filing tax returns and managing tax compliance
  • Managing 280E cost accounting and documentation
  • Conducting financial audits and reviews
  • Providing strategic financial advisory services
  • Managing cannabis software integrations
  • Maintaining accurate financial records

Service Management

  • Creating and managing your account
  • Providing customer support and responding to inquiries
  • Sending service-related notifications
  • Managing engagement letters and contracts
  • Processing payments and maintaining billing records
  • Scheduling consultations and meetings

Service Improvement

  • Monitoring and analyzing usage of our Service
  • Detecting, preventing, and addressing technical issues
  • Improving and optimizing our website and services
  • Developing new services and features
  • Understanding cannabis industry trends to better serve clients

Communication

  • Contacting you via email, phone, SMS, or other means
  • Providing updates about services, regulatory changes, or tax deadlines
  • Sending newsletters, educational content, and industry updates (with your consent)
  • Responding to inquiries and requests
  • Sending important notices regarding engagement terms or service changes

Legal and Compliance

  • Complying with legal obligations and professional standards
  • Protecting against fraudulent or illegal activity
  • Enforcing our Terms and Conditions
  • Responding to lawful requests from public authorities
  • Maintaining professional liability insurance and risk management

Marketing (with Consent)

  • Providing information about services that may interest you
  • Conducting market research
  • Analyzing effectiveness of marketing campaigns
  • Note: You can opt out of marketing communications at any time

Disclosure of Your Personal Data

Professional Service Providers

We may share your information with trusted third-party service providers who assist us in operating our business and delivering Services, including:

Accounting and Financial Software Providers:

  • QuickBooks/Intuit
  • Xero
  • Bill.com
  • Practice management software providers
  • Document management systems

Cannabis Industry Software Providers (with your authorization):

  • Point-of-sale systems (Dutchie, Flowhub, Treez, Cova, BLAZE, etc.)
  • Seed-to-sale tracking systems (Metrc, BioTrack, Leaf Data Systems)
  • E-commerce platforms (Jane, Leafly, etc.)
  • CRM and business management tools
  • Analytics and reporting platforms

Payment Processors:

  • Secure payment gateway providers
  • Credit card processing services
  • ACH transfer services
  • Note: Cannabis-friendly banking partners when necessary

Technology and Communication Providers:

  • Email service providers
  • Cloud storage and backup services
  • Website hosting and security services
  • Video conferencing platforms
  • SMS communication services

Professional Services:

  • Legal counsel (when necessary)
  • Professional liability insurance providers
  • Peer review and quality control services
  • Continuing education providers

All service providers are bound by confidentiality obligations and are authorized to use your information only as necessary to provide services to us or on our behalf.

Business Transfers

If Cannadrust CPA is involved in a merger, acquisition, asset sale, or similar transaction, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Legal Requirements and Protection

We may disclose your Personal Data in good faith where such action is necessary to:

  • Comply with a legal obligation or regulatory requirement
  • Respond to lawful requests from public authorities (courts, government agencies, IRS)
  • Protect and defend the rights or property of Cannadrust CPA
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability
  • Comply with professional accounting standards and ethics requirements
  • Respond to valid subpoenas or court orders

Professional Standards and Peer Review

As a CPA firm, we may share certain anonymized or aggregated information:

  • For peer review or quality control purposes
  • With professional liability insurance providers
  • For continuing education and training purposes
  • For industry research and best practices development
  • Note: Such disclosures maintain strict confidentiality and professional standards

With Your Consent

We may disclose your information for any other purpose with your explicit consent, such as:

  • Providing references or case studies (with identifying information removed or anonymized)
  • Sharing success stories or testimonials (with your permission)
  • Connecting you with strategic partners or resources

Cannabis Industry-Specific Data Considerations

Sensitive Business Data

We recognize that cannabis businesses operate in a unique regulatory environment with heightened privacy considerations. We take extra precautions when handling:

  • Cannabis license information
  • Cultivation and processing data
  • Dispensary sales and inventory records
  • Banking and payment processing information
  • Customer data from your cannabis business
  • Compliance documentation

Federal vs. State Law Considerations

While we provide services to cannabis businesses operating legally under state law, we acknowledge that cannabis remains illegal under federal law. We maintain strict confidentiality protocols and do not voluntarily share client information with federal authorities except as required by valid legal process.

Software Integration Data Security

When integrating with cannabis-specific software platforms, we:

  • Use secure API connections with encryption
  • Maintain access controls and authentication
  • Limit data access to authorized personnel only
  • Follow industry best practices for data security
  • Regularly audit integration security

Data Retention

We retain your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy and to comply with legal, accounting, and professional standards requirements.

Active Client Data: Maintained for the duration of our professional relationship and as required for ongoing service delivery.

Historical Records: Financial and tax records are retained for minimum periods required by law and professional standards (typically 7+ years for tax records).

Marketing Communications: Maintained until you opt out or request deletion.

Usage Data: Generally retained for shorter periods, except when used for security purposes or legal requirements.

Cannabis Business Records: Retained in accordance with state cannabis regulations, IRS requirements, and professional standards.

When data is no longer needed, we will securely delete or anonymize it in accordance with professional standards and data protection laws.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at Cannadrust CPA's operating offices and may be stored on cloud-based systems located in secure data centers. This means information may be transferred to—and maintained on—computers located outside of your state, province, country, or governmental jurisdiction where data protection laws may differ.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. No transfer of your Personal Data will take place to an organization or country unless there are adequate security controls in place, including encryption and access restrictions.

Security of Your Personal Data

The security of your Personal Data is critically important to us, particularly given the sensitive nature of financial information and cannabis business data.

Security measures we implement include:

  • End-to-end encryption for data transmission
  • Secure cloud storage with encryption at rest
  • Multi-factor authentication for system access
  • Role-based access controls limiting data access
  • Regular security audits and vulnerability assessments
  • Employee training on data security and confidentiality
  • Secure document management systems
  • Encrypted backup systems
  • Compliance with professional CPA security standards

Important Security Disclaimer: While we strive to use commercially acceptable means to protect your Personal Data and maintain professional security standards, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to using industry-standard security practices and immediately addressing any security concerns.

Your Role in Security:

  • Use strong, unique passwords for any account access
  • Enable two-factor authentication when available
  • Do not share account credentials
  • Report any suspicious activity immediately
  • Keep contact information current for security notifications

Your Data Protection Rights

Depending on your location and applicable laws, you may have certain rights regarding your Personal Data:

General Rights

Right to Access: You have the right to request copies of your personal data. We may charge a reasonable fee for this service if requests are excessive.

Right to Rectification: You have the right to request correction of any information you believe is inaccurate or completion of information you believe is incomplete.

Right to Erasure: You have the right to request deletion of your personal data under certain conditions, subject to legal and professional retention requirements.

Right to Restrict Processing: You have the right to request restriction of processing your personal data under certain conditions.

Right to Object: You have the right to object to our processing of your personal data under certain conditions.

Right to Data Portability: You have the right to request transfer of data we have collected to another organization, or directly to you, under certain conditions.

Professional Services Limitations

Important Note: As a CPA firm, certain data retention requirements and professional standards may limit our ability to delete or modify certain records, particularly:

  • Tax returns and supporting documentation (IRS retention requirements)
  • Financial statements and audit work papers (professional standards)
  • Engagement documentation (professional liability and ethics requirements)
  • Records subject to legal holds or regulatory inquiries

We will work with you to honor your rights while maintaining compliance with professional and legal obligations.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [Insert Privacy Contact Email]
Phone: [Insert Business Phone]
Mail: [Insert Business Address]

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

California Privacy Rights (CCPA)

If you are a California resident, California law provides you with additional rights regarding your personal information under the California Consumer Privacy Act (CCPA).

Categories of Personal Information We Collect

As detailed in the "Information We Collect" section above, we collect the following categories of personal information:

  • Identifiers (name, email, phone, business information)
  • Commercial information (transaction history, financial records)
  • Financial information (banking, credit cards, accounting records)
  • Internet/network activity (website usage, IP address)
  • Professional information (business details, license information)
  • Business records (cannabis license data, compliance records)

Your California Rights

Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.

Right to Delete: You have the right to request deletion of personal information we collected from you, subject to certain exceptions including legal and professional retention requirements.

Right to Opt-Out of Sales: We do not sell personal information. If our practices change, we will update this policy and provide opt-out mechanisms.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

Right to Limit Use of Sensitive Personal Information: We limit use of sensitive personal information to providing services and as permitted under the CCPA.

How to Exercise California Rights

California residents may exercise these rights by:

  • Emailing us at [privacy contact email]
  • Calling us at [business phone]
  • Submitting a request through our website contact form

We will verify your identity before processing requests. You may designate an authorized agent to make requests on your behalf.

Shine the Light: California law permits customers who are California residents to request certain information once per year regarding our disclosure of personal information to third parties for direct marketing purposes. To request this information, please contact us using the information below.

Do Not Track: We currently do not respond to "Do Not Track" browser signals, as there is no industry standard for compliance. However, we respect browser-based opt-out preference signals as required by California law.

Children's Privacy

Our Services are not directed to persons under 18 years of age. We do not knowingly collect personal information from children under 18.

Cannabis-related services are legally restricted to adults. If you are a parent or guardian and become aware that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from children under 18 without parental consent, we will take steps to delete that information from our systems.

Links to Other Websites and Third-Party Services

Our Service may contain links to third-party websites, cannabis software platforms, regulatory resources, or other services that are not operated by us. These may include:

  • Cannabis software vendors (POS, seed-to-sale, e-commerce)
  • Banking and payment processing services
  • State regulatory agencies
  • Industry associations
  • Educational resources
  • Partner services

We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

When you integrate third-party services with our accounting systems, those integrations are governed by both our privacy practices and the third party's privacy policy.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or industry standards—particularly given the evolving cannabis regulatory landscape.

We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top of this Policy
  • Sending email notification to registered users and active clients
  • Posting prominent notice on our website

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when posted on this page. For material changes affecting how we handle sensitive financial information, we may require your explicit consent to continue services.

Professional Standards and Ethics

As a Certified Public Accountant (CPA) firm, Cannadrust CPA adheres to professional standards and ethics requirements that govern confidentiality, including:

  • AICPA Code of Professional Conduct
  • State Board of Accountancy regulations
  • Professional accounting standards for confidentiality
  • Attorney-client privilege equivalents for accountant-client relationships (where applicable)

These professional obligations provide additional protections for your information beyond the requirements of general privacy laws.

Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

Cannadrust CPA
Adam Drust, CPA

Email: drustcpa@gmail.com
Business Phone: 570-417-0393
Website: cannadrust.com

For privacy-specific inquiries: [Insert dedicated privacy email if different]

For professional services inquiries: Visit cannadrust.com/contact to schedule a consultation

We will respond to privacy inquiries within 30 days and work diligently to address your concerns while maintaining compliance with professional standards and legal requirements.

Notes for Implementation:

You'll need to fill in:

  1. Privacy contact email address
  2. Business phone number
  3. Complete business mailing address
  4. Dedicated privacy inquiry email (if different from general contact)
  5. Any specific cookie management tools or links
  6. Payment processor names (if you want to list them specifically)
  7. Your preferred data subject request process/form

Optional enhancements to consider:

  • Cookie consent banner implementation
  • "Your Privacy Choices" link for California users
  • Data subject request form or portal
  • Privacy shield or international data transfer certifications (if applicable)
  • Specific retention schedules for different data types
  • Breach notification procedures

Cannabis & 280E Tax & Accounting Specialist.
Adam Drust CPA
CannaDrust CPA

Connect
HomeContactAboutReviewsSitemap
Privacy Policy - Terms & Conditions -
Canna Drust & Adam Drust CPA - Accountant Website by Feedbackwrench