Shaw Asset Management LLC

Privacy Policy

Last updated: April 21, 2026

This privacy policy describes how Shaw Asset Management LLC (“we,” “our,” or “the company”) handles data in connection with its internal bookkeeping application (the “application”). The application is a first-party internal tool used solely by the sole owner of Shaw Asset Management LLC to manage the company’s own financial records. It is not offered to, advertised to, or used by any external consumer, client, or third party.

Scope

The application connects to financial institutions that hold accounts owned by Shaw Asset Management LLC and its affiliated entity Swift Roadside LLC. It does not collect, process, or store data belonging to any consumer or external user.

Data we access

Account metadata and transaction history for the company’s own bank, credit-card, and payment-platform accounts, obtained through Plaid’s Transactions product.
Encrypted access tokens issued by Plaid, which permit the application to read the above data on an ongoing basis until the owner disconnects an institution.

We do not collect Social Security numbers, account numbers beyond the last four digits shown by Plaid, identity information about any consumer, or any data from consumers.

How we use data

Account and transaction data is used exclusively to prepare day-to-day internal bookkeeping records and year-end tax filings (including IRS Schedule C) for Shaw Asset Management LLC and Swift Roadside LLC. We do not sell, share, license, or disclose this data to any third party, except as required to perform the tax filings themselves (e.g., to our accountant or the IRS).

Security

Plaid access tokens are encrypted at the application layer using AES-256-GCM before storage. Keys are held as platform secrets accessible only to the application’s server-side runtime.
All data in transit is protected by TLS 1.2 or higher.
The hosting platform (Cloudflare) provides encryption at rest for the underlying database.
Administrative access to the infrastructure is protected by phishing-resistant two-factor authentication.

Consent

Access to each financial institution is authorized by the sole operator through Plaid Link, which surfaces Plaid’s own consent screen describing the data to be shared. Access can be withdrawn at any time by disconnecting the institution in the application, which triggers deletion at Plaid and in our systems (see next section).

Retention and deletion

When an institution is disconnected in the application, the associated Plaid access token is revoked with Plaid and deleted from our database.
Transaction records are retained for the period required to support tax filings and potential audits (generally seven years, in line with IRS recommendations for business records), after which they are purged.
This retention policy is reviewed at least annually by the company’s sole owner.

Changes

Any material change to this policy will be reflected on this page together with an updated “Last updated” date.

Contact

Questions about this policy can be sent to shawassetmanagement@yahoo.com.