Privacy Policy

Overview

F1RST CFO ("we," "our," or "us") is committed to protecting your privacy and the security of your financial data. This Privacy Policy describes how we collect, use, store, and protect information when you use our platform and services.

We take your privacy seriously. Your financial data is your data. We do not sell, rent, or trade your personal or financial information to third parties. Ever.

Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, and billing information necessary to provide our services.

Financial Data: When you connect accounting software (QuickBooks, Xero, etc.) or banking institutions through our platform, we access financial records including transactions, invoices, account balances, payroll data, and related financial information necessary to perform our analysis.

Usage Data: We collect anonymized data about how you interact with our platform, including features used, pages visited, and session duration, to improve our services.

How We Use Your Information

Your information is used exclusively to:

• Provide AI-powered financial analysis and insights
• Generate reports, forecasts, and recommendations
• Detect anomalies, fraud patterns, and risk indicators
• Process payments and manage your subscription
• Send alerts, notifications, and service communications
• Improve our platform and develop new features

Data Protection

Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Your financial data is never stored in plain text.

Access Controls: We implement strict role-based access controls. Only authorized personnel with a business need can access customer data, and all access is logged and audited.

Infrastructure: Our platform runs on enterprise-grade cloud infrastructure with SOC 2 Type II compliance, redundant backups, and 24/7 monitoring.

Data Isolation: Each customer's data is logically isolated. No customer can access another customer's data under any circumstances.

Third-Party Integrations

When you connect third-party services (QuickBooks, Xero, banking institutions via Plaid), we access only the data necessary to provide our services. We adhere to each provider's API terms and security requirements. We do not store your third-party login credentials — we use secure OAuth tokens that you can revoke at any time.

Data Retention

We retain your financial data for as long as your account is active and as needed to provide our services. If you cancel your subscription, we retain your data for 90 days to allow for reactivation. After that period, your data is permanently deleted from our systems.

You may request immediate deletion of your data at any time by contacting us at support@f1rstcfo.com.

Your Rights

You have the right to:

• Access and receive a copy of your data
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in standard formats
• Revoke third-party integration access at any time
• Opt out of non-essential communications

GDPR & CCPA Compliance

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for California residents. If you are subject to either regulation, you have additional rights regarding your personal data. Contact us to exercise these rights.

Cookies

We use essential cookies required for platform functionality (authentication, session management). We do not use advertising or third-party tracking cookies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-platform notification at least 30 days before they take effect.

Contact Us

For questions about this Privacy Policy or to exercise your data rights:

Email: support@f1rstcfo.com

Company: F1RST CFO