Privacy policy

How Rialto Finance, Inc. (Byron) collects, uses, and protects personal information.

Last updated: May 1st, 2026

This Privacy Policy describes how Rialto Finance, Inc. (“Byron,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with the Byron platform (the “Service”) and our website at usebyron.com (the “Site”). It also describes the privacy rights you may have under applicable U.S. laws.

This policy applies to:

  • Customers of Byron — CPA firms and the team members who use the Service.
  • Visitors to our Site.
  • Individuals whose information is uploaded to the Service by our customers (for example, a tax client’s information uploaded by a CPA firm using Byron).
  • Others who interact with us.

For data uploaded by our customers in the course of using the Service (such as tax documents containing client information), Byron generally acts as a service provider or processor, processing that information on behalf of the firm under our customer agreements. The firm acts as the controller of that information and is responsible for its own privacy obligations to the individuals it represents. For all other personal information described in this policy (such as our customers’ own account and contact information), Byron acts as the controller.

Information we collect

Account information. Name, work email address, firm name, account credentials, role within your firm, and account preferences.

Customer content. Information that you or your firm uploads to the Service in the course of preparing tax returns. This may include tax documents (W-2s, 1099s, K-1s, brokerage statements, and similar) and the personal information contained within them — names, addresses, Social Security numbers, financial details, and other tax-related information for your clients and their dependents. Byron processes this information on behalf of your firm under our customer agreement.

Communications. The content of messages you send to our support team and requests submitted through forms on our Site.

Usage and device information. Log data including IP addresses, browser type, operating system, device identifiers, the pages or features accessed within the Service, and timestamps.

Cookies and similar technologies. Information collected through cookies and similar technologies on our Site and within the Service. See “Cookies and similar technologies” below.

How we collect information

  • Directly from you, when you create an account, configure your firm settings, upload documents, contact us, or otherwise use the Service.
  • Automatically, through your interaction with the Service and Site (logs, cookies, etc.).
  • From third parties that authenticate or support our Service, such as our identity provider.

How we use information

We use personal information for the following purposes:

  • To provide and operate the Service — including processing tax documents, generating extractions and workpapers, enabling exports to your tax software, and authenticating users.
  • To support our customers — responding to support requests, troubleshooting issues, and communicating about service changes.
  • To improve and develop our Service — analyzing how the Service is used (in aggregate or de-identified form), developing new features, and improving accuracy and reliability.
  • To protect the security of the Service — detecting and preventing fraud, abuse, security threats, and unauthorized access.
  • To comply with legal obligations — responding to lawful requests, complying with applicable laws and regulations, and enforcing our agreements.
  • To communicate with you — sending service notifications, account-related messages, and where appropriate updates about Byron.

How we share information

We do not sell personal information. We share information only as described below.

Subprocessors and service providers. We rely on third-party service providers to deliver the Service. These include cloud infrastructure, identity and authentication providers, monitoring tools, and other operational vendors. Each provider is bound by contractual obligations to protect personal information and to use it only as needed to support the Service. Our infrastructure is hosted on Amazon Web Services in the United States. A current list of subprocessors is available on request from support@usebyron.com.

Legal and safety reasons. We may disclose information when required by law, in response to valid legal process (such as subpoenas or court orders), to protect the rights, property, or safety of Byron, our customers, or others, or to enforce our agreements.

Business transactions. If Byron is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice in advance, and any successor will be bound by this Privacy Policy or one with comparable terms.

With your direction. We may share information at your direction or with your consent — for example, when you choose to export data to a tax software integration.

Where information is stored

Personal information is stored and processed on infrastructure located in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer and processing.

Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption of data in transit and at rest, role-based access controls, multi-factor authentication for privileged access, continuous monitoring, vulnerability management, and an annually tested incident response plan.

For an overview of how we protect customer data, see How we protect client data. For details on our independent attestations, see Compliance certifications.

No system is completely secure, and we cannot guarantee the absolute security of personal information.

Retention and deletion

We retain personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. In particular:

  • Customer accounts and customer content — deleted within 60 days of contract termination, or earlier on customer request, except where we are required to retain specific information to comply with legal obligations.
  • Personally identifiable information — deleted or de-identified once it no longer has a legitimate business purpose.
  • Logs and usage data — retained on rolling windows in line with our internal retention schedule.

Your rights

Depending on where you live and which laws apply to you, you may have the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that we correct inaccurate personal information.
  • Deletion — request that we delete personal information.
  • Portability — request a portable copy of certain personal information.
  • Objection or restriction — object to or restrict certain processing.
  • Withdrawal of consent — where processing is based on your consent, withdraw it without affecting prior processing.

If you are an end client of one of our customer firms and your information was uploaded to the Service by that firm, please contact that firm directly to exercise these rights. We will support our customer in responding to your request as required.

For all other requests, contact us at support@usebyron.com. We may need to verify your identity before responding.

Cookies and similar technologies

We use cookies and similar technologies on our Site and within the Service to support core functionality (such as authentication and session management) and to understand how the Service is used. We do not use these technologies for cross-site advertising.

You can configure your browser to reject cookies, though some parts of the Service may not function correctly without them.

We do not currently respond to “Do Not Track” browser signals.

Children’s privacy

Byron is a business-to-business service intended for use by tax professionals. The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at support@usebyron.com and we will take steps to delete it.

California privacy rights

This section provides additional information for California residents under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”).

No sale of personal information. We do not sell personal information as the term “sale” is defined under the CCPA, and we do not have actual knowledge of selling the personal information of consumers under 16.

Categories collected. In the past 12 months, we have collected the categories of personal information described above in the “Information we collect” section.

Categories disclosed. In the past 12 months, we have disclosed personal information for business purposes to the categories of recipients described in the “How we share information” section.

Your CCPA rights. California residents may have the following rights, subject to verification:

  • The right to know what personal information we collect, use, and disclose.
  • The right to access specific pieces of personal information we hold.
  • The right to request deletion of personal information.
  • The right to correct inaccurate personal information.
  • The right to opt out of any “sale” or “sharing” of personal information for cross-context behavioral advertising — Byron does not engage in either.
  • The right to limit our use and disclosure of sensitive personal information.
  • The right not to be discriminated against for exercising these rights.

To exercise any of these rights, contact us at support@usebyron.com. You may designate an authorized agent to make a request on your behalf, subject to verification.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. When we do, we will update the “Last updated” date at the top of this page. For material changes, we will provide notice through the Service, by email, or by other appropriate means.

Contact us

For questions about this Privacy Policy or our privacy practices:

Rialto Finance, Inc. support@usebyron.com

HomeBusiness TaxK-1 ProcessingSecurityCompany
BlogNewsPRArticles

Terms of Use   |   Privacy Policy   |   © 2026 Byron