Privacy Policy
This Privacy Policy explains how CashflowReviewer ("we", "us") collects, uses, and protects information in connection with the CashflowReviewer service (the "Service"). The Service is a business-to-business tool: our customers are businesses that upload bank-statement data to underwrite commercial deals. By using the Service you agree to this Policy.
1. Information we collect
- Account information — name, email address, firm name, team membership, and login events.
- Customer Data — the bank statements, CSVs, and related deal information your business uploads for analysis, and the classifications, notes, and results generated from them.
- Usage and security data — IP address, approximate location, browser type, timestamps, and credit-usage records, used for security, abuse prevention, metering, and support.
- Local storage — the app caches your own deals in your browser for speed; the cache is wiped on sign-out and when a different account signs in on the same browser.
2. How we use information
- To provide the Service: parse and classify uploaded statements, compute metrics, store deals for your team, and meter credits.
- To secure the Service: authentication, tenant isolation (your data is scoped to your account), fraud and abuse detection.
- To support you and to send service communications (e.g., credit balance, account notices).
- To improve the Service using aggregated, de-identified usage patterns.
3. What we do NOT do
- We do not sell Customer Data or personal information.
- We do not share one customer's deals, statements, or account-level classification rules with another customer. Account rules you create apply only to your account. Only a keyword suggestion you explicitly submit for review may — after human approval — be added to the shared classification database, and it is added as a keyword rule, not as your statement data.
- We do not use your uploaded statements to provide advice to, or underwrite for, anyone else.
4. Third-party processors
We use a small number of infrastructure providers to run the Service, each processing data only on our behalf:
- Netlify — hosting, serverless compute, and authentication.
- Google Cloud (Drive API) — encrypted storage of account and deal records.
- Anthropic — optional AI processing used (a) to map an unrecognized CSV column layout (only the header row and a few truncated sample rows are sent) and (b) for optional AI review features where offered. API data is not used by Anthropic to train models per its commercial API terms.
- Stripe — payment processing, once online checkout is enabled. We never store full card numbers.
5. Third-party data inside statements
Statements you upload typically describe a third-party business (e.g., a merchant applying to you for funding). For that data, your business is the party responsible for having a lawful basis to process it, and we process it only as your service provider to deliver the analysis you requested (see the Terms of Service, Section 4).
6. Retention and deletion
- Account and deal data are retained while your account is active so your team can re-open past deals.
- You can delete individual deals in the app. You can request deletion of your account and its data by emailing ml7779@gmail.com; we will delete it within 30 days except records we must keep for legal, billing, or security purposes.
7. Security
Data is encrypted in transit (TLS). The analysis engine runs server-side; uploaded data is scoped to your account with server-enforced tenant isolation, and access to production systems is restricted. No method of transmission or storage is 100% secure, but we work to protect Customer Data with commercially reasonable safeguards, and we review the Service's security on an ongoing basis.
8. Your choices and rights
- You can access and update account information in the app, and export or delete your deals.
- Depending on your jurisdiction, you may have rights to access, correct, delete, or port personal information — contact us and we will honor applicable rights.
- The Service is not directed to children and we do not knowingly collect children's data.
9. Changes
We may update this Policy; material changes will be posted here with a new "Last updated" date. Continued use after a change is acceptance.
10. Contact
Privacy questions or requests: ml7779@gmail.com.