Last Updated: March 18, 2026
1. Introduction
YourCFO ("we," "us," or "our") operates the website https://yourcfo.tech and the YourCFO financial planning platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
2. Information We Collect
2.1 Account Information
When you register, we collect your name, email address, and organization details.
2.2 Financial Data
You may upload or input financial data including revenue projections, cost structures, cap tables, and historical financial records. This data is used solely to provide the forecasting and analysis features of the Service.
2.3 Third-Party Integration Data
When you connect third-party services, we receive data from those platforms to populate your financial model. Integrations include:
- QuickBooks (Intuit) — accounting data such as income, expenses, and chart of accounts
- Xero — accounting data including profit & loss and balance sheet items
- HubSpot — CRM data such as deal pipelines and customer metrics
- Google Analytics — website traffic and conversion data
We only access data scopes you explicitly authorize during the OAuth connection flow. You can disconnect integrations at any time.
2.4 Payment Information
Payments are processed by Stripe. We do not store your credit card details. Stripe's privacy policy governs payment data: https://stripe.com/privacy.
2.5 Usage Data
We automatically collect technical information such as browser type, IP address, pages visited, and feature usage patterns to improve the Service.
3. How We Use Your Information
- To provide and maintain the financial planning Service
- To process your transactions and manage your subscription
- To sync data from connected third-party integrations
- To generate financial projections, forecasts, and scenario analyses
- To send service-related communications (e.g., account verification, billing notices)
- To improve and optimize the Service
- To comply with legal obligations
4. Data Storage & Security
Your data is stored securely using Supabase infrastructure with row-level security (RLS) policies ensuring data isolation between organizations. All data is encrypted in transit (TLS) and at rest. Integration credentials are stored using Supabase Vault encryption.
5. Data Sharing
We do not sell your personal or financial data. We share data only in these circumstances:
- Service Providers — Supabase (hosting), Stripe (payments), and connected integrations you authorize
- Organization Members — Data is shared within your organization as configured by your team permissions
- Legal Requirements — When required by law, regulation, or legal process
6. Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising cookies.
7. Your Rights
You have the right to:
- Access and export your data
- Correct inaccurate information
- Delete your account and associated data
- Disconnect third-party integrations at any time
- Opt out of non-essential communications
8. Data Retention
We retain your data for as long as your account is active. Upon account deletion, all associated data is permanently removed within 30 days.
9. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect data from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service.
11. Contact Us
If you have questions about this Privacy Policy, please contact us at [email protected].
