SuperCFO LogoSuperCFO
Privacy Policy

Last updated: 4/4/2026

Introduction

Welcome to SuperCFO ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial report analysis application.

Information We Collect

Personal Information

When you register for an account, we may collect:

  • Email address
  • Name (if provided through social login)
  • Profile picture (if provided through social login)

Financial Documents

When you use our service, you upload:

  • PDF financial statements and reports
  • Extracted text data from your uploaded documents
  • AI-generated analysis results

Usage Information

We automatically collect certain information when you use our service:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage patterns and preferences

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our service
  • Process and analyze your financial documents using AI
  • Improve and personalize your experience
  • Communicate with you about service updates
  • Detect and prevent fraud or security issues
  • Comply with legal obligations

Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL database) with industry-standard encryption. We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Data Retention

We retain your personal information and uploaded documents only for as long as necessary to provide you with our services or as required by law. You can delete your data at any time through your account settings or by contacting us.

Third-Party Services

We use the following third-party services:

  • Supabase: Authentication
  • OpenRouter: AI-powered financial analysis (via Claude, GPT-4o, Gemini)
  • DigitalOcean: Application hosting, deployment, and database
  • Google: Social authentication (OAuth)
  • Stripe: Payment processing

These services have their own privacy policies. We do not share your financial documents with third parties except as necessary to provide our AI analysis service.

Your Data Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your account and data
  • Export your data
  • Opt-out of certain data processing
  • Withdraw consent at any time

Social Login (Google/Facebook)

When you sign in using Google or Facebook, we only access basic profile information (name, email, profile picture) that you authorize. We do not access your Google or Facebook posts, contacts, or other private information.

Children's Privacy

Our service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at:

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed about data processing
  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights