Privacy Policy

EPG, Incorporated’s Privacy Policy

Under Title V of the Gramm-Leach-Bliley Act and SEC Regulation S-P, investment advisers are responsible for protecting the security and confidentiality of their clients’ personal information. The SEC requires investment advisers to issue annual privacy notices to individual clients. Regulation S-P places an affirmative obligation on advisers to ensure the security and confidentiality of your non-public personal/institution information, which is defined in regulation S-P as all non-public information a consumer/client provides to obtain a financial product or service, or information resulting from any transaction obtained in providing a financial product or service. EPG collects non-public personal information about you from the following sources:

• Information we receive from you on applications or other forms such as name, telephone numbers, address, private financial information, social security number, date of birth etc.
• Information about your transactions with others, or with EPG, Inc., such as brokers or accountants, which may include your account balances and transaction reports, and other similar information.
• Information provided by you in the form of client balance sheets, income statements, expense sheets, and other client generated data, including financial data.

EPG, Inc. does not disclose any non-public personal information about you to anyone, except as permitted by law and only with your consent.

In the event you terminate your relationship with EPG Inc., we will adhere to the privacy policies and practices as described in this notice.

Access to your personal account information is restricted to only those employees who need to know such information to provide services to you. EPG Inc. maintains physical, electronic, and procedural safeguards to ensure the security of your non-public personal information.

Effective March 1, 2010, the Commonwealth of Massachusetts enacted regulation 201 CMR 17 in support of M.G.L. c. 93H to protect personal information of Massachusetts residents.

Personal Information, as defined by this regulation, is a resident’s first and last name or first initial and last name in combination with any one or more of the following:

• Social Security number
• Driver’s license number or state-issued identification card number
• Financial account number or credit/debit card number

EPG has a duty to protect your confidential personal information in a manner fully consistent with industry standards, protect against anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to you.

Safeguards that have been implemented include the following:

• Personal information sent via email, including contents and attachments, are sent secured and encrypted.
• All hard copy personal information is securely kept in a locked cabinet.
• All files containing personal information that is maintained on EPG’s network server is password protected.
• Any discarded records that contain personal information will be shredded.

Effective December 3, 2025, the SEC amended Regulation S-P for Registered Investment Advisers (RIA) to adopt written policies and procedures for incident response programs to address unauthorized access to or use of client information.

The definition of “client/customer information” has been extended to cover not only nonpublic personal information that EPG collects about its own clients, but also any nonpublic personal information that EPG receives from another financial institution about clients/customers of that financial institution.

To further safeguard client confidential records, EPG has implemented the following updates to our WISP/Cyber Security Program’:

• Written Policies and Procedures to Safeguard Customer Information-Recordkeeping – EPG’s comprehensive “Written information security program (WISP)/Cyber security Program” details effective administrative, technical and physical safeguards for the protection of personal information of residents of the Commonwealth of Massachusetts, and to comply with obligations under 201 CMR 17.00 and to comply with the SEC Regulation S-P (effective 12/3/2025). The WISP sets forth our procedure for evaluating our electronic and physical methods of accessing, collecting, storing, using, transmitting, and protecting personal information of residents of the Commonwealth of Massachusetts.
• Incident Response Program – Included in EPG’s “WISP/Cyber security Program” is the Incident Response Program to help protect against harms that may result from a security incident involving client information, EPG’s policies/procedures are reasonably designed to detect, respond to, and recover from unauthorized access to, or use of, client information. EPG will assess the scope of an incident and take reasonable steps to contain and control incidents to prevent further access or use.
• Client/Customer Notification Requirement – With limited exception, EPG will notify clients as soon as practicable, and no later than 30days after discovery of an unauthorized access or use of client information occurred or likely occurred.
• Third-Party Service Providers – EPG maintains on-going oversight, including thorough due diligence and monitoring of service providers, to ensure that affected clients receive any required notices. EPG will notify you regardless of whether the third-party provider would also be providing its own notice.

Per Rule 17 CFR 275.204-2(a), EPG will maintain written records documenting compliance with the requirements of the safeguards rule and the disposal rule.

 

Any Questions?

Please Contact:
Dan Dube, CCO
Phone: 781-591-8204
Email: ddube@epgadv.com