cpazenithCPA Directory

Data Removal Request Policy

Last updated: June 6, 2026. We review this page periodically and will note material changes here.

You can ask us to access, correct, delete, export, or restrict use of your personal information. This page explains who can ask, what we can remove, what we may keep, and how the process works.

1. Who can request

  • Account holders — anyone with a CPAZenith account.
  • Listed professionals — individuals whose name and licensure information appear in our directory, even without an account.
  • Reviewers — for reviews you authored.
  • Lead and consultation submitters — for the information you sent us through a form.
  • Authorized agents acting on behalf of any of the above, where permitted by applicable law and supported by appropriate authorization.

2. What we can remove on request

  • Your CPAZenith account and associated profile content;
  • Lead-form and consultation submissions you sent us;
  • Reviews you authored;
  • Directory content you control through a claimed profile;
  • Marketing-email subscriptions (one click in any email also unsubscribes you).

3. What we may keep

  • Anonymized aggregates used for analytics and product improvement;
  • Payment and tax records we are required to retain under U.S. tax law (typically 7 years);
  • Fraud-prevention and security records needed to enforce our Terms;
  • Public-records-derived professional listing data while the underlying record remains public. We can usually redact contact information, photos, and other personally-identifying details on request; we cannot rewrite or remove the underlying public record.

4. How to submit a request

  1. Email hello@cpazenith.com with the subject line Data Request.
  2. Tell us the type of request (access, correction, deletion, export, restriction, opt-out).
  3. Include enough information for us to find the records: your account email, the URL of any listing or review at issue, the date range of a lead submission, etc.
  4. If you are an authorized agent, include written authorization from the data subject.

Account holders can delete their own account immediately from the dashboard ("Delete account"); this removes account and profile data tied to the user record.

5. Identity verification

To protect your information from impostors, we may verify your identity before acting on a request — for example, by confirming control of the email address on file or, for listed professionals, by matching license details. We collect only what we need to verify.

6. Response timing

We aim to acknowledge requests within 5 business days and to substantively respond within 30 days. We may extend by up to 60 additional days for complex requests and will notify you with the reason.

7. Denials and appeals

We may deny a request in whole or in part where required or permitted by law (for example, when fulfilling it would override a legal-retention obligation or violate another person's rights). If we deny a request, we will explain why and how you can appeal. You may also contact your state attorney general or supervisory authority.

8. California "Do Not Sell or Share" / Global Privacy Control

CPAZenith does not sell personal information and does not "share" personal information for cross-context behavioral advertising as those terms are defined under California law. If you submit a Do Not Sell / Do Not Share request anyway, we will confirm our position in writing. We honor Global Privacy Control (GPC) signals where applicable.

9. No retaliation

We will not deny service, charge different prices, or otherwise discriminate against you for exercising your privacy rights.