Privacy Policy

Last updated: February 21, 2026

1. What We Collect

ProCFO collects and stores the financial data you provide or authorize us to access. This includes:

• Account names, types, and balances
• Transaction descriptions, amounts, and dates
• Paycheck breakdowns you enter
• Categories, budgets, and goals you create
• Basic account information from your authentication provider (email, name, user ID)

We collect only what is necessary to provide the service. We do not collect data from other sources or build profiles beyond what you see in the app.

2. How We Use Your Data

Your data is used solely to provide and improve the ProCFO service:

• Generate financial statements (balance sheet, income statement, cash flow)
• Track contribution goals and spending targets
• Provide charts, analysis, and insights about your finances
• Improve the product based on aggregate, anonymized usage patterns

We do not sell your data. We do not share your personal financial data with third parties for marketing, advertising, or any purpose unrelated to delivering the ProCFO service.

3. Lawful Basis for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a lawful basis for processing personal data, we rely on the following:

• Contract performance: Processing your financial data is necessary to provide the ProCFO service you have subscribed to.
• Legitimate interest: First-party analytics to improve product quality and reliability, where these interests do not override your fundamental rights.
• Consent: Where required by law, such as for optional features or communications. You may withdraw consent at any time.

4. Third-Party Services

ProCFO relies on the following third-party services to operate. Each processes only the minimum data necessary for its function:

Clerk — Authentication and user management. Clerk receives your email and login credentials. See Clerk's Privacy Policy.

Yodlee (Envestnet) — Bank data aggregation. When you connect a bank account, Yodlee accesses your financial institution data on your behalf using industry-standard security protocols. Your bank credentials are stored by Yodlee, not by ProCFO. See Yodlee's Privacy Notice.

Neon — PostgreSQL database hosting. Your data is stored encrypted at rest on Neon's infrastructure. See Neon's Privacy Policy.

We require that all third-party service providers maintain appropriate security measures and process your data only as necessary to perform their function.

5. No Cookies or Third-Party Analytics

ProCFO does not use cookies, tracking pixels, or third-party analytics services. We do not use Google Analytics, Facebook Pixel, or any similar tracking technology. There are no ad trackers on this site.

6. First-Party Analytics

We collect basic, first-party usage data stored in our own database to understand how the product is used. This includes:

• Pages visited within the app (no external browsing data)
• Feature usage events (e.g., “categorized transactions,” “ran sync”)
• Signup attribution (which referral link brought you here)

This data is tied to your user account and is deleted when you delete your account. It is never shared with third parties. You may request that we stop collecting first-party analytics on your account by contacting us at privacy@procfo.ai.

7. Connected Financial Institution Data

When you connect a financial institution through Yodlee, ProCFO receives transaction history, account balances, and account metadata. This data is:

• Stored in our database, encrypted at rest
• Accessible only to you through the ProCFO interface
• Never shared with other users or third parties
• Deleted when you delete your account

You can disconnect any linked institution at any time from your account settings. ProCFO does not store your bank login credentials — those are managed exclusively by Yodlee.

8. Data Security

We take reasonable technical and organizational measures to protect your data, including encryption at rest, secure authentication via Clerk, and HTTPS for all data in transit. However, no system is perfectly secure, and we cannot guarantee absolute security. We encourage you to use a strong, unique password and enable any available multi-factor authentication.

9. Data Retention

We retain your data only as long as your account is active and as needed to provide the service. When you delete your account, all associated data enters a 30-day soft-delete period. This provides a safety net against accidental deletion. After 30 days, all data is permanently and irreversibly purged from our systems, including backups within a commercially reasonable timeframe.

10. Your Rights

Regardless of where you are located, you can at any time:

• Export your data in a machine-readable format (coming soon)
• Delete individual records (transactions, accounts, etc.)
• Delete your entire account and all associated data
• Disconnect linked financial institutions
• Request that we stop collecting first-party analytics on your account

Additional Rights for EEA/UK Residents

If you are located in the European Economic Area or the United Kingdom, you also have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Object to processing based on legitimate interest
• Restrict processing under certain circumstances
• Lodge a complaint with your local data protection authority

Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights, including the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@procfo.ai.

11. Children's Privacy

ProCFO is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Business Transfers

If ProCFO is acquired, merged with another company, or has its assets sold, your data may be transferred as part of that transaction. In such an event, we will notify you via email or in-app notification at least 30 days in advance and provide you the opportunity to delete your account and data before any transfer occurs.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy. We will maintain an archive of prior versions upon request.

14. Contact

For privacy questions, data requests, or to exercise any of your rights, contact us at privacy@procfo.ai.