Privacy
Policy

1. Information We Collect

1.1 Information You Provide Directly

• Account information: name, email address, business name, phone number, and password when you create an account
• Business information: industry type, business size, and other details you provide during onboarding
• Payment information: billing address and payment method details, processed securely through Stripe Inc.
• Communications: messages, feedback, and support requests you send us

1.2 Financial Data Connections

With your explicit authorization, we connect to third-party financial and business platforms to retrieve your data:

• Bank accounts and financial institutions via Plaid Inc. — including transaction history, account balances, and cash flow data
• Accounting software via Intuit QuickBooks Online — including profit & loss statements, balance sheets, and general ledger data
• Point-of-sale and business management systems such as Shopify, Toast, Square, Open Dental, Mindbody, and other supported platforms as listed on our website

We retrieve only the data necessary to provide the Services. We store access tokens server-side and never expose them to client applications.

1.3 Automatically Collected Information

• Device and browser information (type, operating system, browser version)
• IP address and approximate geographic location
• Usage data (features accessed, pages visited, session duration)
• Log data and error reports
• Cookies and similar tracking technologies used for authentication, preferences, and analytics

You can manage cookie preferences through your browser settings, though disabling cookies may affect the functionality of the Services.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Services: to deliver financial analysis, generate insights, build financial models, and produce reports for your business
• AI-powered analysis: to process your financial data through our AI agents, which generate plain-English summaries, trend analyses, forecasts, and strategic recommendations
• Account management: to create and maintain your account, process payments, and manage your subscription
• Service improvement: to understand how our Services are used and to develop new features and enhancements
• Communications: to send you service-related notices, security alerts, and support messages
• Security and fraud prevention: to detect, prevent, and respond to fraud, unauthorized access, and other harmful activity
• Legal compliance: to comply with applicable laws, regulations, and legal processes

3. How We Share Your Information

We share your information only in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating the Services, including cloud infrastructure (Microsoft Azure), database services (Neon), identity and authentication (Auth0), payment processing (Stripe), financial data connectivity (Plaid), and accounting integrations (Intuit). These providers are contractually obligated to handle your data securely and only as directed by us.

Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or other governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit using TLS for all data communications
• Encryption at rest using AES-256 for stored data
• Role-based access controls ensuring only authorized personnel access data on a need-to-know basis
• Multi-tenant data isolation ensuring each business's data is logically separated and inaccessible to other users
• OAuth 2.0 authentication with secure token management — Plaid access tokens and API credentials are stored server-side only
• Audit logging of access events and administrative actions
• Regular security reviews and monitoring of our infrastructure

Our infrastructure is hosted on Microsoft Azure, which maintains SOC 2 Type II, ISO 27001, and other industry certifications. Our database provider (Neon) and identity provider (Auth0) also maintain SOC 2 certifications.

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Services. We also retain information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

When you close your account or request deletion of your data, we will:

• Revoke all third-party access tokens (Plaid, QuickBooks, POS integrations)
• Delete or de-identify your financial data within 30 days
• Retain only such information as is necessary for legal, accounting, or compliance purposes, which will be securely deleted when no longer required

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: request a copy of the personal information we hold about you
• Correction: request that we correct inaccurate or incomplete information
• Deletion: request deletion of your personal information, subject to certain exceptions
• Portability: request a machine-readable copy of your data
• Opt-out of marketing: unsubscribe from marketing emails at any time using the unsubscribe link in any email we send

To exercise these rights, contact us at info@denbighgroup.com. We will respond within 30 days and may verify your identity before fulfilling your request.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for authentication, remembering your preferences, and understanding how you use the Services. We do not use cookies for cross-site behavioral advertising or sell cookie data to third parties.

You may configure your browser to refuse cookies or to alert you when cookies are being sent. Note that some features of the Services may not function properly if cookies are disabled.

8. Third-Party Links and Services

The Services may contain links to or integrations with third-party websites and services, including Plaid, Intuit QuickBooks Online, Stripe, and others. This Privacy Policy does not apply to those third-party services, and we encourage you to review their privacy policies. We are not responsible for the practices or availability of any third-party service.

9. Children's Privacy

Our Services are designed for business use and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: you may request details about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes of collection, and the categories of third parties with whom we share your information
• Right to Delete: you may request deletion of personal information we have collected from you, subject to certain exceptions
• Right to Correct: you may request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: we do not sell your personal information or share it for cross-context behavioral advertising
• Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at info@denbighgroup.com. We may verify your identity before fulfilling your request.

11. International Users

Our Services are primarily operated from and intended for users in the United States. If you access the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you consent to such transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the effective date at the top of this Policy and, where appropriate, providing additional notice through the Services or via email. Your continued use of the Services after any update constitutes your acceptance of the revised Policy.