Privacy Policy

Practice Books — operated by Red Rock Advisory LLC · Effective July 6, 2026

Practice Books (the "Application") is a bookkeeping, invoicing, and tax-workpaper platform operated by Red Rock Advisory LLC ("we", "us") and used by accounting firms and their business clients. This policy describes what we collect through the Application, how we use and protect it, and your choices.

What we collect

  • Account information: name, username, email address, and login credentials (passwords are stored only as one-way salted hashes; passkeys store a public key only).
  • Financial records you or your accounting firm enter or import: transactions, invoices, customers, vendors, and related bookkeeping data.
  • Bank account data via Plaid: if you connect a bank account, we use Plaid Inc. to retrieve your account and transaction information from your financial institution. We receive account names, types, balances, and transactions; we do not receive or store your banking username or password. Your use of Plaid is governed by the Plaid End User Privacy Policy.
  • Tax identification numbers (for payees on information returns such as Form 1099), which are stored encrypted.

How we use it

Solely to provide bookkeeping, invoicing, accounts-receivable, and tax-compliance services to you and your accounting firm: categorizing transactions, producing financial statements, preparing information returns, and sending invoices you ask us to send. We do not sell personal or financial data, use it for advertising, or share it with third parties except the service providers needed to operate the Application (such as Plaid for bank connectivity and, where enabled, a payment processor to accept invoice payments) or as required by law.

Consent

Connecting a bank account is always initiated by you (or your firm at your direction) and requires your explicit authorization in the Plaid connection flow. You may disconnect a bank account at any time, which stops further data retrieval and deletes the access credential.

How we protect it

  • All access to the Application is encrypted in transit (TLS 1.2+).
  • Sensitive fields (tax identification numbers, bank connection tokens) are additionally encrypted at rest.
  • Access is role-based and enforced at the database layer: each firm's data — and within a firm, each client's data — is isolated by row-level security.
  • Changes to financial records are kept in append-only audit logs.

Retention and deletion

Because the Application supports tax filings, books and records are retained for seven years consistent with IRS requirements, then deleted. Bank connection credentials are deleted immediately when a connection is removed. You may request deletion of your data at any time; we honor requests within 30 days except where law requires continued retention, in which case we will tell you what is retained and until when.

Your choices and contact

You may review your data in the Application, disconnect bank accounts, and request access, correction, or deletion by contacting us at ezra@redrock.business. We will respond within 30 days.

Changes

We will post any material changes to this policy on this page with a new effective date.