Privacy Policy

This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services. By accessing or using the platform, you agree to the practices described in this policy.

We may collect the following types of information:

• Personal information such as name, email address, and company name
• Account credentials and authentication data
• Payment and billing information
• Usage data, logs, and device information

• To provide, operate, and maintain our services
• To process transactions and manage subscriptions
• To improve product performance and user experience
• To communicate updates, security alerts, and support messages

We do not sell your personal data. We may share information only in the following circumstances:

• With trusted service providers acting on our behalf
• To comply with legal obligations or lawful requests
• To protect the rights, safety, and security of our platform

We follow industry-standard practices to protect your data across its lifecycle — from transmission to storage and access.

Secure Data Transmission

All data transmitted between your browser and our platform is encrypted using HTTPS (TLS 1.2/1.3). This ensures that sensitive information remains protected while in transit.

Secure Data Storage

Your data is stored on secure servers with strict physical and technical access controls. Infrastructure is monitored 24/7, and access is limited only to authorized personnel.

Data Classification

• Public – Marketing and publicly available content
• Internal – Internal documents and operational data
• Sensitive – User data and financial records
• Highly Sensitive – Passwords, tokens, and API keys

Data Encryption

• Encryption in transit via HTTPS (TLS 1.2/1.3)
• API-level encryption
• Encryption at rest for databases and backups

• Data encrypted in transit
• Encryption at rest enabled

Network & Infrastructure Security

• Firewalls and network isolation
• API security controls
• Rate limiting to prevent abuse
• Secure HTTP headers
• DDoS protection mechanisms

Access Control & Authentication

• Role-Based Access Control (RBAC)
• Least privilege access principle
• Multi-factor authentication (MFA)
• Secure session management

Application Security

• Strict input validation
• Protection against SQL injection
• Protection against cross-site scripting (XSS)
• Protection against CSRF attacks
• Secure coding practices and regular audits

Employee Security Practices

• Strong password policies
• Device and endpoint security enforcement
• Immediate access revocation upon role change or exit
• Ongoing security awareness training

We process your data to deliver core functionality such as financial analysis, categorization, and insights.

• Data is securely ingested and processed within our systems
• Automated systems may categorize, analyze, or transform data
• AI-based processing may be used to generate insights and suggestions
• Data may be shared with integrated third-party services only when required

• Data is stored on encrypted servers with strict access control
• Retention period depends on your selected plan (maximum 30 days)
• Users can request deletion of their data at any time
• All requested deletions are processed within 48 hours

• Right to access, update, or delete your personal data
• Request a copy (data export) of your stored information
• Request account deletion at any time
• Withdraw consent where applicable

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.

If you have any questions about this Privacy Policy, please contact our support team through the platform.