Security Addendum

Overview

Q3 Advisors uses secure cloud services to support client file sharing and our Data Gathering Portal. We use these systems to help clients provide financial planning and advisory information in a secure, controlled environment.

Files and portal data are protected while they are being transmitted, and access is limited to authorized users, staff, and supporting systems needed to provide our services.

Secure File Uploads

When we ask a client to upload documents, we can provide a secure file upload link that is tied to a specific request. These upload links are time-limited and are designed for a defined purpose rather than open-ended file sharing.

Private file access is controlled through expiring access links and application-level permissions. Upload activity is logged, and once a file upload request is formally submitted, that request can be locked so additional changes require a new upload request.

Data Gathering Portal

Our Data Gathering Portal allows clients to provide financial and planning information online as part of the advisory process. This may include information such as income, assets, liabilities, planning assumptions, and supporting documents.

Portal access is controlled through account setup, invite-based access, and verification steps. Information submitted through the portal is stored in secure application systems and is accessible only to authorized personnel and systems supporting our services.

Encryption and Access Control

We use encryption to help protect information transmitted through our web applications. Stored files are protected in secure cloud storage, and access is limited through application permissions and operational controls.

Within Q3 Advisors, access to client information is limited to authorized team members and approved supporting systems that need that access to provide services, support operations, or meet legal and regulatory obligations.

Authentication and Verification

Access to the Data Gathering Portal and related secure workflows is controlled through account setup, invite-based access, and verification steps. Depending on the workflow, clients may be asked to complete one-time verification steps before accessing a portal workflow or finalizing a file-upload submission.

These controls are intended to help ensure that access is tied to the intended client request and that supporting actions are completed within an authorized session or invite flow.

Monitoring and Activity Logging

Q3 Advisors maintains activity records for portal and file-related actions to support operations, service review, and security oversight. This may include logging actions such as upload activity and other workflow events associated with client document handling.

Access to client information is also governed through internal permissions and operational controls designed to limit unnecessary exposure to sensitive information.

Third-Party Providers

Q3 Advisors uses third-party service providers to support secure operations, communications, and document workflows. This includes Google cloud services for file storage and related secure application functionality. In some approved-form workflows, Google Drive or Google Workspace services may also be used to support internal document handling.

We may also use other service providers that support communications, operations, and business workflows. These providers are used in connection with delivering and supporting our services.

How We Work With Google

Q3 Advisors uses Google cloud services as part of our secure application and file-handling workflows. For example, secure file storage and related application functionality may rely on Google cloud infrastructure, and certain approved-form internal document workflows may use Google Drive or Google Workspace services.

These services are used as part of Q3 Advisors’ broader operational and access-control framework, which is designed to limit access to authorized users and approved business processes.

Retention, Deletion, and Support

We retain client information in accordance with business, legal, and regulatory requirements. Requests to delete information are reviewed in light of those obligations, which means some information may need to be retained even after a deletion request.

If you have questions about privacy, data handling, or secure file sharing, please review the Q3 Advisors Privacy Policy at q3adv.com/privacy-policy or contact your Q3 Advisors point of contact.

Security Questions or Concerns

If you believe you have discovered a potential security vulnerability related to Q3 Advisors, please email your report to assistance@q3adv.com.

If you have questions about a secure file upload request, a portal invitation, or the handling of your information, please contact Q3 Advisors before sending documents through a link you are unsure about.

For general privacy inquiries, questions about your information, or concerns about suspicious email notifications or phishing attempts, please contact cw@craigwear.com. You may also contact your known Q3 Advisors point of contact so we can help verify the request.

Important Note

This FAQ is intended as a practical summary of how Q3 Advisors handles secure file sharing and portal-based client data collection. It is not a substitute for the Q3 Advisors Privacy Policy, engagement documents, or any legal disclosures that may apply to your relationship with Q3 Advisors. This document may be updated at any time.