Privacy Policy

1. Information We Collect

1.1 Account Information

• Name and email address
• Company name and role
• Login credentials (password is encrypted)
• OAuth information if you sign in with Google

1.2 Financial Data

• CSV files containing revenue, expenses, and other financial metrics
• QuickBooks data (future integration) including profit & loss statements, balance sheets, cash flow
• Financial goals and targets you set within the platform

1.3 Marketing Data

• Google Analytics 4 (GA4) metrics you connect
• Google Search Console data and performance metrics
• Marketing campaign information and performance data

1.4 Usage Information

• Pages visited and features used within the platform
• AI chat conversations and queries
• Session duration and interaction patterns
• Browser type, device information, and IP address

1.5 Payment Information

Payment card details are processed and stored by Stripe, our payment processor. We do not store full credit card numbers on our servers. We only retain the last 4 digits and card brand for display purposes.

2. How We Use Your Data

We use the information we collect for the following purposes:

• Provide the Service: Analyze your financial and marketing data using AI to generate insights and recommendations
• Improve the Service: Identify usage patterns, fix bugs, and develop new features
• Customer Support: Respond to your inquiries and provide technical assistance
• Communication: Send service-related emails, updates, and notifications
• Security: Detect and prevent fraud, abuse, and security threats
• Compliance: Meet legal and regulatory obligations

We do NOT sell your data to third parties or use it for advertising purposes outside of our platform.

3. AI Processing Disclosure

3.1 Anthropic's Data Handling

• Anthropic processes your data to generate AI responses but does not use it to train their models (as of February 2026)
• Data sent to Claude API is encrypted in transit using TLS 1.3
• Anthropic retains data for up to 30 days for safety and abuse monitoring, then deletes it
• Review Anthropic's privacy policy at: www.anthropic.com/privacy

3.2 Data Minimization

We send only the data necessary to answer your specific queries. For example, if you ask about Q4 revenue, we only send Q4 financial data to the AI, not your entire dataset.

4. Third-Party Services

We use the following trusted third-party services to operate our platform:

Each of these services has their own privacy policies and security standards. We carefully vet all third-party providers for data security and compliance.

5. Data Security

We implement industry-standard security measures to protect your data:

5.1 Encryption

• In Transit: All data transmitted to and from our servers uses TLS 1.3 encryption
• At Rest: Database and file storage is encrypted using AES-256 encryption
• Passwords: Hashed using bcrypt with salt

5.2 Access Controls

• Multi-factor authentication (MFA) available for user accounts
• Role-based access control (RBAC) for internal team members
• Regular access reviews and audit logs

5.3 Infrastructure Security

• Hosted on SOC 2 Type II compliant infrastructure (Supabase, Vercel)
• Regular security updates and vulnerability scanning
• DDoS protection and web application firewall (WAF)
• Automated backups with point-in-time recovery

While we implement strong security measures, no system is 100% secure. You should also take precautions to protect your account credentials.

6. Data Retention and Deletion

6.1 How Long We Keep Your Data

• Active Accounts: We retain your data for as long as your account is active
• Closed Accounts: Data is retained for 90 days after account closure, then permanently deleted
• Financial Records: Payment records are kept for 7 years for tax and legal compliance
• Backups: Deleted data may exist in backups for up to 30 days before permanent removal

6.2 Account Deletion

You can request account deletion at any time by:

• Going to Account Settings and clicking "Delete Account"
• Emailing privacy@fractionalchiefs.com

Upon deletion, we will permanently remove your personal data and business data within 90 days, except where retention is required by law.

7. Your Privacy Rights

You have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data (subject to legal requirements)
• Export: Download your data in a portable format (CSV, JSON)
• Restrict Processing: Limit how we use your data
• Object: Object to certain data processing activities
• Withdraw Consent: Revoke previously granted permissions

To exercise these rights, contact us at privacy@fractionalchiefs.com. We will respond within 30 days.

8. Cookies and Analytics

8.1 Essential Cookies

We use cookies necessary for the Service to function, including:

• Authentication cookies to keep you logged in
• Session cookies to maintain your state within the app
• Security cookies to prevent fraud and abuse

8.2 Analytics Cookies

We use Google Analytics 4 (GA4) to understand how users interact with our platform. This helps us improve the Service. GA4 collects:

• Page views and feature usage
• Session duration and bounce rate
• Device type, browser, and geographic location (city-level)

You can opt out of analytics tracking in your Account Settings or use browser extensions like Google Analytics Opt-out Add-on.

9. Children's Privacy

FractionalChiefs AI is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@fractionalchiefs.com.

10. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country.

We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission for GDPR compliance.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising your privacy rights

Note: We do NOT sell your personal information to third parties.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or a prominent notice in the platform. The "Last Updated" date at the top indicates when the policy was last revised.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: