Thrasoz Group

Effective Date: January 2026

Thrasoz Group ("Thrasoz," "we," "us," or "our") is committed to protecting the privacy and security of personal, business, and tax-related information we collect and process in providing our professional services.

Thrasoz Group operates as a doing business as (DBA) name of Get Refunds Inc., the legal entity responsible for data processing.

This Privacy and Security Policy applies to information collected through our website, online tools (if any), and in the course of delivering services such as ERC audit defense and resolution, tax incentive advisory, operational execution support, and related retainers.

By using our Site or engaging our services, you consent to the practices described here.

Information We Collect

We collect information you provide directly, such as:

• Business contact details (name, title, email, phone, company address).
• Tax and financial data necessary for services (e.g., EINs, payroll records, tax returns, ERC claim documentation).
• Payment information (processed securely via Stripe - we do not store full card details).
• Correspondence and files shared during retainers.

We may also collect limited data automatically via the Site (e.g., IP address, browser type) using cookies or similar technologies for functionality and analytics. You can manage cookie preferences via your browser.

For IRS-related services, we may access your data through IRS e-Services with your explicit authorization.

How We Use Information

We use collected information solely to:

• Deliver and manage retainer services.
• Process payments and communicate about your engagement.
• Comply with legal obligations (e.g., IRS authorizations).
• Improve our Site and services.

We do not sell personal information or use it for unrelated marketing.

Sharing and Disclosure

We share information only as necessary:

• With authorized subcontractors (bound by strict confidentiality and security obligations).
• With the IRS or authorities as required for representation.
• With payment processors (e.g., Stripe).
• In connection with legal requirements or business transfers.

Data Security

We treat data security as a top priority, given the sensitive nature of tax and payroll information we handle.

We implement reasonable and appropriate physical, technical, and administrative safeguards, including:

• Encryption for data in transit (e.g., HTTPS, secure file transfers) and at rest where applicable.
• Restricted access controls (role-based, multi-factor authentication).
• Regular employee training on data protection and confidentiality.
• Secure cloud storage with reputable providers.
• Cyber liability insurance coverage.

Subcontractors are required to maintain equivalent security standards and are bound by NDAs.

In the event of a suspected data incident, we will notify affected clients promptly and cooperate with any required reporting.

No system is impenetrable - transmission and storage risks remain. Clients are responsible for using secure methods when sharing information with us.

Your Rights and Choices

You may request access to, correction of, or deletion of your information (subject to legal retention). Contact security@thrasoz.com.

For California residents (CCPA): We do not sell personal information. You have rights to know, delete, and opt-out.

International Data

Services are U.S.-based; engaging us consents to data processing here.

Changes and Contact

We may update this Policy - material changes notified via Site or email.

Questions: security@thrasoz.com or 390 NE 191st St STE 8590, Miami, FL 33179.