Privacy Policy

1. Introduction

For Profit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial data conversion service. Please read this policy carefully. By using the Service, you consent to the practices described herein.

2. Information We Collect

Personal Information

When you create an account or use our Service, we may collect:

• Name and email address
• Business name and industry
• Payment information (processed securely through a PCI DSS Level 1 compliant payment processor; we do not store full card numbers)

Financial Data

When you upload bank statements for processing, we receive the text content of those statements. This data is processed in memory by our AI categorization engine to generate your financial reports. Raw bank statement data is not stored permanently after processing is complete. For paid users with dashboard storage enabled, categorized transaction data (not raw statement files) is retained until the user deletes it.

Payment Information

Payment processing is handled entirely by a PCI DSS Level 1 compliant payment processor — the highest level of security certification in the payments industry. We never see, store, or have access to your credit card numbers.

Usage Information

We automatically collect certain information when you access the Service:

• IP addresses
• Browser type and version
• Operating system
• Referring URLs
• Pages visited and time spent

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including processing your bank statements and generating financial reports
• Process financial data conversions using AI-powered categorization
• Improve and optimize the Service based on usage patterns
• Communicate with you about your account, service updates, and support requests
• Process payments and manage billing
• Provide customer support and respond to inquiries
• Comply with legal obligations and enforce our terms

4. Data Security

We implement industry-standard security measures to protect your financial data:

• All data is encrypted in transit using TLS/HTTPS
• All data is encrypted at rest using AES-256 encryption
• Authentication uses SOC 2 compliant identity management with email verification
• Payment processing is handled by a PCI DSS Level 1 compliant payment processor — we never store credit card data
• Row Level Security enabled on all database tables
• API keys and sensitive credentials stored server-side only, never exposed to the browser
• Automatic session timeout after 15 minutes of inactivity
• Security headers enforced: HSTS, X-Frame-Options, X-Content-Type-Options
• File upload validation: only PDF, CSV, and TXT files accepted, maximum 10MB
• Rate limiting on all API endpoints to prevent abuse

5. Data Retention

Free Trial

Bank statement data is processed in memory and not stored permanently. The generated P&L is available for immediate download only.

Paid Users

Your uploaded statements, transactions, and generated reports are stored securely in your account for as long as your subscription is active. You can delete any data at any time from your dashboard.

Account Termination

Upon account cancellation, all user data including transactions, reports, and uploaded statements will be permanently deleted within 30 days.

Financial Records

In accordance with standard financial record-keeping practices, anonymized transaction metadata (not raw statement data) may be retained for up to 7 years for compliance purposes.

6. Information Sharing

We do not sell, trade, or rent your personal or financial data to third parties. We may share information only in the following circumstances:

• With your explicit consent
• Legal obligations: When required by law, subpoena, or other legal process
• Protect rights: To protect our rights, safety, or property, or those of our users
• Business transfer: In connection with a merger, acquisition, or sale of assets
• Trusted service providers: With third-party vendors who assist in operating our Service (e.g., payment processing, hosting, AI processing), bound by confidentiality agreements
• AI Processing: Your bank statement text is sent to a secure AI service for transaction categorization. This data is processed in real-time and is not stored by the AI provider after processing is complete. The AI service is used solely for categorization and does not retain your financial data.

7. Third-Party Services

For Profit uses trusted third-party services to deliver our product, including services for website hosting, database storage, user authentication, payment processing, and AI-powered transaction categorization. All third-party providers meet industry-standard security certifications and are bound by data processing agreements. We select only providers that maintain encryption at rest and in transit, and that do not retain your financial data beyond what is necessary for real-time processing.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your personal data (subject to legal retention requirements)
• Object to the processing of your data for certain purposes
• Data portability: Receive your data in a structured, commonly used format
• Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at support@forprofit.io.

9. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze how the Service is used. You can control cookie settings through your browser. Disabling cookies may affect the functionality of certain features of the Service.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

12. International Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We will take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a revised "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us: