Client privacy notice.

Effective Date: September 8, 2025

This page is a plain-language summary of our Privacy Notice to help you understand the key points. It does not add to or replace the full Privacy Notice. If there is a difference, the full Privacy Notice that follows the summary is the controlling version.

Scope: This Privacy Notice explains how we handle client information in the course of our services. For website visits, cookies, and analytics, see our Website Privacy Policy.

PRIVACY NOTICE SUMMARY

Why this notice

The Privacy Notice explains how we handle your personal, financial, and health-related information. Your signature indicates that you have received and reviewed this document.

What information we collect and how we use it

To provide the services in your Letter of Engagement and Understanding, we collect only the information that is reasonably necessary and use it to do the work you ask us to do. 

The types of information we collect include personal information (PII), financial information (FI), and health-related billing information (PHI) if we help with medical bills.

Who we share information with

  • Required by law: We disclose only what’s necessary to comply with a legal requirement (e.g., court orders, subpoenas, requests from law enforcement or public authorities, including public-health reporting).

  • Reporting abuse: We disclose suspected abuse, neglect, or exploitation of older adults or other vulnerable persons when the law requires it; if not required, only with your agreement.

  • Marketing: We do not use or disclose PII, PHI, or FI for marketing.

How we store and protect information

We use reputable tools and third-party vendors and apply safeguards to protect the information we hold. We limit access to people who need it to do the work.

How long we keep information

We retain records only as long as needed for our work or as required by law. When appropriate, we securely destroy records. 

Limits on our responsibility

We take reasonable steps to protect your information, but we are not responsible for losses caused by:

  • Failures of third-party software or service providers we reasonably use,

  • Your failure to follow recommended security practices, or

  • Events outside our reasonable control, such as cyberattacks or system outages.

Your responsibilities 

  • Use the secure methods we provide for sharing documents and information.

  • Safeguard your login credentials and devices and review your account statements.

  • Tell us promptly if your accounts change or if you suspect unauthorized access.

Dispute resolution

Any disputes about this notice are handled through binding arbitration as described in your Letter of Engagement and Understanding. 

Changes to this notice

We may change this notice at any time. We will notify you of changes via email. The changes become effective when posted on our website. 

Note: If this summary and the full Privacy Notice differ, the full Privacy Notice below controls.

THE STONEHAM GROUP LLC

PRIVACY NOTICE

In order to perform daily money management services, The Stoneham Group LLC (“the Provider”) must, in the normal course of business, collect, use and, when necessary, disclose the Client’s personally identifiable information (“PII”), protected health information (“PHI”) and financial information (“FI”).

Personally Identifiable Information

Personally Identifiable Information (“PII”) is data used to distinguish one’s identity. Examples of PII range from an individual’s name or email address to an individual’s financial and medical records and/or criminal history. Unauthorized access, use, or disclosure of PII can cause significant harm to individuals, by enabling the opportunity for identity theft, blackmail, or embarrassment. Storage, access, use and disclosure of PII are subject to applicable state and federal privacy laws. It is the Provider’s policy that the following information received from any Client be maintained and protected as PII:

  • Client names and addresses

  • Email addresses

  • Social security numbers, tax identification numbers

  • Dates and places of birth

  • Credit card and bank account numbers

  • Income tax records 

  • Insurance records

  • Account access, PIN numbers and passwords

  • Driver’s license numbers or other government issued identification

Protected Health Information

Protected Health Information (“PHI”) is individually identifiable health information, which is any information that identifies an individual and relates to the individual’s: past, present or future physical or mental health condition, the provision of healthcare, or payment for healthcare services. Storage, access, use and disclosure of PHI are regulated by applicable state and federal law, including the Health Insurance Portability and Accountability Act (“HIPAA”). Examples of PHI range from an individual’s medical condition to treatment by physicians and hospitals including:

  • Explanation Of Benefits (EOB)

  • Hospital and doctor records

  • Medical bills and statements

Financial Information

Financial information (“FI”) is any information or documents collected from a client that relates to their banking, insurance, investments, and payments (including credit cards, online payment systems such as apps accessible via phone, and invoices). 

Examples of FI include the following:

  • Bank records and account statements

  • Insurance policies

  • Investment and brokerage records and statements

  • Credit card, online payment information

  • Credit and loan records and information

  • Tax records and information

  • Bills, invoices and statements

Use Of Information

The Provider acts to maintain the privacy of PII, PHI and FI and provides individuals with this Privacy Notice describing its legal duties and privacy practices with respect to PII, PHI and FI. The Provider may collect, use, store and maintain only the information reasonably necessary to provide services under the Letter of Engagement and Understanding. The Provider may use third-party software such as Quicken, QuickBooks, financial institution web-based record and bill pay software and may store information on devices or cloud storage servers provided by third-party service providers. 

Data Retention

The Provider retains client information for as long as necessary to provide services described in the Letter of Engagement and Understanding or as required by applicable law. Upon termination of services, the Provider may retain or securely destroy client records.

Data Security

The Provider will take reasonable precautions to protect PII, PHI and FI and documents collected from the Client from loss, misuse and unauthorized access, disclosure, alteration, and destruction. All information that the Client provides to the Provider either in paper or electronic form is securely stored and protected. The Provider uses encrypted methods or secure tools to transfer information where available. However, these measures, standing alone, are not sufficient to ensure the security of the Client’s information. The Provider cannot guarantee the security of the Client’s data transmitted to us without using encryption or other secure ways to transmit data, thus any transmission is at the Client’s own risk. 

It is also important for the Client to guard against unauthorized access to the Client’s passwords and the unauthorized use of the Client’s computer. The Client is responsible for safeguarding the Client’s login credentials, passwords, and access to personal accounts. The Client agrees to notify the Provider promptly of any changes to relevant accounts, or if the Client suspects unauthorized access. The Provider is not responsible for delays or errors resulting from the Client’s failure to provide accurate or timely information.

Limitation of Liability

While the Provider takes reasonable measures to safeguard PII, PHI, and FI, the Provider shall not be held liable for any unauthorized access, loss, or misuse of information resulting from (a) the actions or failures of third-party software providers, (b) the Client’s failure to follow recommended security practices, or (c) circumstances beyond the Provider’s reasonable control, including cyberattacks, data breaches, or systems failures.

Information Disclosures

  • Disclosures required by law: The Provider may disclose PII, PHI, and FI when a law or legal process requires it and will disclose only what is reasonably necessary to comply. Examples include court orders, subpoenas, valid requests from law enforcement or public authorities, and public-health reporting.

  • Reporting of abuse: When required by law, the Provider may disclose PHI or other relevant information concerning suspected abuse, neglect, or exploitation of older adults, nursing-home residents, or other vulnerable persons to appropriate authorities. If not required by law, the Provider may disclose this information if the individual agrees to this disclosure. 

  • Marketing: The Provider does not use or disclose PII, PHI, or FI for marketing. 

Dispute Resolution

Any dispute arising out of or related to this Privacy Notice, including the Provider’s collection, use, or disclosure of personal information, shall be resolved through binding arbitration in accordance with the terms set forth in the Letter of Engagement and Understanding.

Changes To Privacy Notice

The Provider reserves the right, at any time and without prior notice, to add to, update, or modify this Privacy Notice. The Provider will notify the Client by providing a link to the Provider’s website and sending the Client a notification through email. Any such change, update or modification will be effective immediately upon posting on the Provider’s website.