Privacy Policy

1. Introduction

BlinkCFO ("we," "our," or "us") operates the blinkcfo.com website and the BlinkCFO application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information through our authentication provider, Clerk, including your name, email address, and profile picture. If you sign in using a social login provider (such as Google), we receive the information you authorize that provider to share.

2.2 Financial Data

If you connect your QuickBooks Online account via OAuth, we import and store your chart of accounts, transactions, invoices, and related financial data. We do not store your QuickBooks credentials. We only access the data you authorize through Intuit's OAuth 2.0 flow, and you can revoke access at any time.

You may also upload financial data via CSV import. Any data you upload is stored in our database and associated with your organization.

2.3 AI Interactions

When you use the AI analyst feature, your prompts and the financial context provided to the AI model are processed by Anthropic's API. We send only the data necessary to generate a response. Anthropic does not use your data to train their models. Conversation history is stored to provide continuity within your session.

2.4 Payment Information

Payments are processed by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. Stripe handles all payment data in compliance with PCI DSS standards. We retain your subscription status, plan details, and Stripe customer identifier.

2.5 Usage and Analytics Data

We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, browser type, operating system, IP address, and referring URLs. This data helps us improve the Service and diagnose technical issues.

2.6 Communications

If you contact us by email or through the Service, we collect the contents of your message and any attachments. We use Resend as our email delivery provider for transactional emails such as account notifications, weekly digests, and reports.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Sync and display your financial data from connected accounts
• Generate financial reports, dashboards, and AI-powered insights
• Process payments and manage your subscription
• Send transactional emails (account notifications, reports, weekly digests)
• Respond to your requests, comments, or questions
• Analyze usage patterns to improve performance and user experience
• Detect, prevent, and address fraud or technical issues
• Comply with legal obligations

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on secure, managed infrastructure. We implement industry-standard security measures to protect your information, including:

• Encryption in transit via TLS for all connections
• Encryption of sensitive credentials (such as QuickBooks OAuth tokens) at rest using AES-256-GCM
• Secure authentication managed by Clerk with support for multi-factor authentication
• Role-based access controls ensuring users can only access data within their authorized organizations
• Regular security reviews and dependency updates

While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services to operate the Service. Each has its own privacy policy governing the data they process:

• Clerk — Authentication and user management. Privacy Policy
• Stripe — Payment processing and subscription management. Privacy Policy
• Intuit (QuickBooks Online) — Financial data sync via OAuth 2.0. Privacy Policy
• Anthropic — AI model provider for the financial analyst feature. Privacy Policy
• Vercel — Application hosting and edge network. Privacy Policy
• Resend — Transactional email delivery. Privacy Policy

6. Data Retention

We retain your account information and financial data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, tax, or compliance purposes.

Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytics and product improvement.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request that we correct inaccurate or incomplete data.
• Deletion — Request that we delete your personal data, subject to legal retention requirements.
• Export — Request a machine-readable export of your data.
• Restriction — Request that we restrict processing of your data in certain circumstances.
• Objection — Object to processing of your data for certain purposes.

To exercise any of these rights, contact us at privacy@blinkcfo.com. We will respond to your request within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, and analytics. The types of cookies we use include:

• Essential cookies — Required for authentication and core Service functionality. These cannot be disabled.
• Analytics cookies — Help us understand how you use the Service so we can improve it. You can opt out of analytics cookies through your browser settings.

We do not use advertising cookies or sell your data to advertisers.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete that information promptly.

10. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these locations. We ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on the Service prior to the change becoming effective. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

BlinkCFO
Email: privacy@blinkcfo.com
Website: blinkcfo.com