Polanco Advisory Group LLC (“PAG,” “we,” “our”) is a Massachusetts limited liability company (EIN 41-4962011) operating the website at polancoadvisorygroup.com. We provide bilingual (English / Spanish / Portuguese) tax preparation, IRS representation, ITIN applications, LLC formation, bookkeeping, payroll, credit coaching, business credit, and related advisory services to small business owners, entrepreneurs, and immigrant families across Massachusetts and New England.
When you submit a form, book a consultation, or engage us for a service, we collect what you choose to provide. This typically includes your name, email, phone number, preferred language, business name (if applicable), and any message or document you upload.
For specific services, we may also collect:
If you accept analytics cookies, we use Google Analytics 4 to understand how visitors use the site. This may include your truncated IP address, device and browser type, approximate city-level location, pages viewed, referring URL, and time on page. See our Cookie Policy for the full list and opt-out controls. By default, no analytics cookies are set until you explicitly accept.
The on-site search box is powered by Algolia. When you type a search query, that query (and a coarse browser fingerprint) is sent to Algolia’s servers so we can return matching pages. Algolia may set cookies for abuse prevention; see Cookie Policy.
We do not sell your personal information.
We do not use your information for unrelated marketing without your separate consent. If you opt into our newsletter or social-media follow-ups, you can opt out any time.
If we ever ask for additional consent to use your tax-return information beyond preparation (for example, to recommend a related advisory service or partner), we will use the IRS-prescribed §7216 consent form, which you may decline without affecting our preparation of your return.
We retain tax-return information for the period required by 26 U.S.C. § 6107 and IRS regulations — generally a minimum of three years from the close of the return period — and longer where state law, statute of limitations on assessment, or your engagement letter requires it.
The FCRA Letter Review is an educational service — we review the dispute letter you have already drafted and return it with comments and a mailing checklist. We do not draft, mail, or transmit disputes on your behalf, and we do not promise any specific credit-report or credit-score outcome. Outcomes depend on the factual accuracy of your dispute and the credit reporting agency’s investigation under 15 U.S.C. § 1681i.
Documents you upload through the Letter Review intake form are stored by Netlify Forms (our form processor) and accessed only by PAG personnel for the purpose of reviewing your letter. We retain the uploaded letter and our marked-up version for up to 12 months and then permanently delete them.
Our Business Credit Blueprint is a one-time service for businesses (not consumers); business credit data is not regulated by the federal Credit Repair Organizations Act (CROA) or M.G.L. c. 93 § 68A, both of which cover natural-person consumer credit only.
Our Credit Coaching service line, when launched, will operate strictly under CROA § 1679e and Massachusetts c. 93 § 68A — billed in arrears, no upfront fees, three-business-day cancellation. Until the program receives Massachusetts counsel sign-off, the service is listed on our website as “coming soon” and not available for purchase.
Online payments are processed by Stripe. We do not store your full card number, CVC, or bank login on our servers. Stripe’s privacy practices are described in Stripe’s Privacy Policy. When you pay through a Stripe Payment Link or Stripe Checkout session, Stripe acts as a separate data controller for your payment information.
The merchant statement descriptor on your card statement reads “POLANCO ADVISORY GROUP” or “KATES ESSENTIALS” depending on which product you purchased. If you do not recognize a charge, contact us at info@bradleypolanco.com before disputing with your bank — most non-recognition is a simple statement-descriptor explanation that we can resolve in minutes.
| Recipient | Purpose |
|---|---|
| Internal Revenue Service, Massachusetts DOR, and other taxing authorities | To file your return, register your entity, respond to notices, or represent you in an audit or examination — strictly under the scope of your engagement letter. |
| Stripe, Inc. | To process payments for our services. |
| Netlify, Inc. | Hosting our website and processing form submissions. |
| Algolia, Inc. | Powering on-site search. |
| Google LLC (Analytics) | Aggregated website usage analytics — only with your consent. |
| Software vendors used in our engagements (QuickBooks Online, Xero, Gusto, ProConnect, Drake, etc.) | To perform the engaged service. We use only services that meet IRS Publication 4557 safeguards. |
| Dun & Bradstreet, Experian Business, Equifax Business | Only when you engage us for the Business Credit Blueprint and authorize the registration. |
| Sandbar Fund or other capital partners | Only with your separate written authorization to refer your application; we receive a referral commission disclosed in writing under FTC Endorsement Guides. |
| Authorities under valid legal process | To comply with subpoenas, court orders, or other binding legal process. |
We keep cookies to a minimum and operate on a consent-first basis: until you click “Accept” on the cookie banner, no analytics cookies are set. See the Cookie Policy for the full list, durations, and opt-out instructions. You can revoke consent at any time by clicking “Cookie Preferences” in the site footer.
Depending on where you live, you may have the right to:
To exercise any right, email info@bradleypolanco.com from the address you used to engage us. We respond within 30 days. Some requests may require identity verification before we act.
We follow IRS Publication 4557 (Safeguarding Taxpayer Data) practices: encrypted transmission (TLS) for all client uploads, encryption at rest with our cloud providers, multi-factor authentication on every PAG account that touches client data, role-based access for any contractor or staff member, written information security plan (WISP) on file as required by the IRS for all paid preparers, and prompt incident response procedures consistent with Massachusetts data-breach law (M.G.L. c. 93H).
Our services are intended for adults (18+). We do not knowingly collect personal information from children directly. If you provide information about a dependent child as part of a tax return or family-related engagement, we treat that information under the same protections as adult taxpayer information and use it strictly to complete the engagement.
Information you submit may be stored and processed in the United States by our service providers (Netlify, Stripe, Algolia, Google). If you submit information from outside the United States, you understand that your information may be transferred to and processed in the U.S. under U.S. law, which may differ from the law of your country of residence.
We may update this Privacy Policy as our services, partners, or legal obligations change. Material changes will be announced on this page with a new “Effective date” at the top. Continued use of the site after a change means you accept the revised policy.