Privacy Policy

Thank you for choosing Futureproof Ops, Inc. ("Futureproof," "we," "us," or "our"). Your privacy is important to us. This Privacy Policy explains how we collect, use, share, and protect your information when you use our AI-powered financial operations platform and related services (collectively, the "Services").

By using our Services, you agree to the practices described in this Privacy Policy. If you don't agree, please don't use our Services.

For information about how we handle your use of the Services, please see our Terms of Service.

Contact Us:

• Email: privacy@runfutureproof.com
• Address: 644 Holly Springs Rd, STE 80, Holly Springs, NC 27540, USA

‍

TABLE OF CONTENTS

1. Information We Collect
2. How we Use Your Information
3. AI Training and Product Improvement
4. How WE Share Your Information
5. Bank Connections and Financial Data
6. Data Room and Document Sharing
7. Third-Party Access
8. Cookies and Tracking Technologies
9. Data Security
10. Data Retention and Deletion
11. Your Privacy Rights
12. International Data Transfers
13. Children's Privacy
14. Changes to This Policy
15. Contact Us

1. Information We Collect

Information you provide

Account Information:

• Name, email address, company name
• Password and authentication credential
• Billing information (credit card details, billing address)
• Phone number (if provided)

Financial Data:

• Transaction data from connected bank accounts and credit cards
• Manually entered transactions and adjustments
• Transaction categorizations and notes
• Financial forecasts and projections
• Cap table information and equity data
• Documents uploaded to the data room
• Budget data and departmental allocations

Communications:

• Messages you send to our support team
• Feedback and survey responses
• Information you provide when participating in beta programs

‍

Information We Collect Automatically

Usage Information:

• Pages visited, features used, and time spent on the Services
• Device information (type, operating system, browser)
• IP address and general location (city/state level)
• Login times and access patterns

Cookies and Similar Technologies: We use cookies, pixels, and similar technologies to collect usage data and improve the Services. See Section 8 for details.

‍

Information from Third Parties

Bank Connection Services: When you connect a bank account through services like Plaid, we receive transaction data, account balances, and account details from your financial institution.

CRM and HRIS Integrations: If you connect customer relationship management (CRM) or human resources information systems (HRIS) through our Services, we may receive:

• Contact and customer data from your CRM (e.g., Salesforce, HubSpot)
• Employee and payroll data from your HRIS (e.g., BambooHR, Gusto)
• Sales pipeline and data information
• Headcount and compensation data
• Related metadata and usage information

These integrations are facilitated through Unified.to, our API integration partner. The data we access depends on the permissions you grant and the integrations you enable.

Other Sources: We may receive information from service providers who help us operate the Services (e.g., payment processors, analytics providers).

‍

2. How We Use Your Information

We use your information to:

Provide the Services:

• Process and categorize your transactions
• Generate financial forecasts and reports
• Manage your cap table and equity
• Facilitate data room document sharing
• Sync data from your connected bank accounts, CRM, and HRIS systems
• Enhance forecasting with sales pipeline and hiring plan data
• Provide customer support

‍

Improve the Services:

• Train and improve our AI models (see Section 3)
• Develop new features and enhance existing ones
• Analyze usage patterns to improve user experience
• Conduct internal research and analytics

‍

Communicate with You:

• Send account-related notifications and updates
• Respond to your inquiries and requests
• Send service announcements and feature updates
• Request feedback or participation in research

‍

Business Operations

• Process payments and prevent fraud
• Comply with legal obligations
• Enforce our Terms of Service
• Protect our rights and the security of our Services

‍

Marketing (with your consent):

• Send promotional emails about new features
• Share relevant content and resources

You can opt-out of marketing communications at any time by clicking "unsubscribe" in any email or contacting privacy@runfutureproof.com.

3. AI TRAINING AND PRODUCT IMPROVEMENT

During your active subscription

We use your financial data (in de-identified, anonymized, and aggregated form) to train our artificial intelligence models and improve the Services for all users.

What This Means

• When you categorize transactions, confirm forecasts, or make corrections, our AI learns from these patterns
• This helps us make categorization and forecasting more accurate for everyone
• Your specific financial details and identifying information are never shared with other customers

Example: When you categorize a "Stripe" transaction as "Payment Processing," our AI learns this pattern to suggest the same for other SaaS companies. We never share your actual amounts, company name, or other identifying details.

After You Cancel Your Subscription

When you cancel, you have 30 days to export your data. After that:

What We Retain:

• De-identified, anonymized transaction patterns to continue improving our AI models
• Aggregated usage data combined with hundreds of other customers

‍

What We Delete Immediately:

• Data room documents
• Cap table details
• Access credentials

‍

What "Anonymized" Means:

• All personally identifiable information removed (company name, specific vendor names you added, account numbers)
• Data aggregated with data from many other customers
• Cannot reasonably be used to re-identify you or your company

‍

Your Options:

1. Opt-Out of AI Training: Email privacy@runfutureproof.com with subject "Opt-Out of AI Training" to exclude your data from future AI model training
2. Request Complete Deletion: Email privacy@runfutureproof.com with subject "Data Deletion Request" to have your data deleted (typically within 90 days, except data required by law)

‍

Automatic Deletion Timeline:

• After approximately 1 year: Identifiable data deleted (only anonymized patterns remain)
• After approximately 7 years: All data deleted except as required by law

Actual deletion timing may vary based on system processes and backup retention schedules.

For complete details, see Section 10.

‍

‍4. HOW WE SHARE YOUR INFORMATION

We never sell your personal information. We share your information only in the following circumstances:

Service Providers

We share data with third-party companies that help us operate the Services:

• Plaid Technologies, Inc. - Bank connection services for importing transaction data
• Unified.to - API integration platform for connecting CRM and HRIS systems (e.g., Salesforce, HubSpot, BambooHR, Gusto)
• Cloud hosting providers - Data storage and infrastructure
• Payment processors - Subscription billing (we don't store your full credit card number)
• Email providers - Account communications and support
• Analytics providers - Usage analytics and product improvement

These providers are contractually required to protect your data and use it only for specified purposes.

‍

Your Direction

Data Room: When you share documents through our data room, they're accessible to the investors, advisors, or other recipients you designate. We don't monitor or review shared content.

Third-Party Users: When you grant access to accountants, bookkeepers, or other professionals, they can view and use your data according to the permissions you set.

Connected Systems: When you connect CRM or HRIS systems, we access data from those systems according to the permissions you grant. Your use of those systems is governed by their respective privacy policies.

‍

Business Transfers

If Futureproof is involved in a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We'll notify you before your data is transferred and becomes subject to a different privacy policy.

‍

Legal Requirements

We may disclose your information to:

• Comply with legal obligations (subpoenas, court orders)
• Protect our rights, property, and safety
• Prevent fraud or security threats
• Enforce our Terms of Service

‍

With Your Consent

We may share your information in other contexts with your explicit consent.

‍

‍5. BANK CONNECTIONS AND FINANCIAL DATA

How Bank Connections Work

Our Services allow you to connect bank accounts and credit cards through third-party financial data aggregation services (primarily Plaid Technologies, Inc.).

When you connect an account:

• You authorize us and our service providers to access your transaction data
• We receive transaction details, account balances, and account information
• We do not store your banking login credentials - these are handled securely by our third-party providers
• Your connection is governed by both our Privacy Policy and the third-party provider's privacy policy

‍

‍Third-Party Privacy Policies:

• Plaid: https://plaid.com/legal
• Unified.to: https://unified.to/privacy
• Review their policies to understand how they handle your credentials and data

‍

When You Disconnect a Bank Account

What Stops:

• Automatic import of new transactions from that account
• Access to your account through the third-party service

‍

What Remains:

• Historical transaction data previously imported
• Your categorizations and modifications
• Financial records and reports that include data from that account

‍

Why We Retain Historical Data:

• Accurate bookkeeping requires complete historical records
• Tax reporting may require prior period transaction data
• Financial statements need historical comparisons
• Legal and regulatory requirements may mandate retention

‍

Deleting Historical Bank Data

To delete historical transaction data from a disconnected account, email privacy@runfutureproof.com with a deletion request. We'll inform you of the implications (gaps in financial records, potential tax compliance issues) before processing.

Important: Deletion is permanent and cannot be undone.

‍

‍

6. DATA ROOM AND DOCUMENT SHARING

How the Data Room Works

Our data room feature allows you to securely share pitch decks, financial statements, and other documents with investors, advisors, and stakeholders.

‍

You Control Access:

• You decide what to share and with whom
• You set permissions for each recipient
• You can revoke access at any time

‍

Our Role:

• We provide the technical infrastructure and security
• We don't monitor, review, or access your shared documents
• We may provide analytics on views and engagement

‍

When You Delete or Revoke Access:

• Documents are removed from our platform
• Recipients who previously downloaded documents may still have copies
• We're not responsible for how recipients use or retain documents they've accessed

‍

‍

7. THIRD-PARTY ACCESS

You may grant access to your Account to accountants, bookkeepers, tax preparers, or other financial professionals.

When you grant access:

• Third-Party Users can view and use your data according to the permissions you set
• They must comply with our Terms of Service
• You're responsible for managing their access and permissions

‍

We don't:

• Have direct relationships with Third-Party Users
• Verify their credentials or qualifications
• Monitor their use of your data

‍

You should:

• Only grant access to trusted professionals
• Revoke access when no longer needed
• Review permissions regularly

‍

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies, pixels, web beacons, and similar technologies to:

• Remember your preferences and settings
• Understand how you use the Services
• Improve performance and user experience
• Provide security features
• Analyze usage patterns

Types of Cookies We Use

Essential Cookies: Required for the Services to function (e.g., authentication, security)

Analytics Cookies: Help us understand how users interact with the Services (e.g., Google Analytics)

Preference Cookies: Remember your settings and choices

Your Choices

Browser Settings: Most browsers allow you to control cookies through settings. Note that blocking essential cookies may prevent you from using some features.

Opt-Out Tools:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• Industry opt-out tools: http://optout.aboutads.info and http://optout.networkadvertising.org

Do Not Track: We don't currently respond to "Do Not Track" browser signals, but you can use the opt-out tools above.

‍

9. DATA SECURITY

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Limited employee access based on role and need
• Authentication: Secure login with optional two-factor authentication
• Monitoring: Regular security audits and vulnerability assessments
• Secure Infrastructure: Data hosted in SOC 2 compliant data centers

However, no system is completely secure. We cannot guarantee absolute security and are not liable for unauthorized access or security incidents beyond our reasonable control.

Your Responsibility:

• Use strong, unique passwords
• Enable two-factor authentication when available
• Keep login credentials confidential
• Notify us immediately of suspected security incidents

‍

10. DATA RETENTION AND DELETION

During Active Use

We retain your data for as long as your Account is active and as necessary to provide the Services.

After Disconnecting Bank Accounts

When you disconnect a bank account, we retain historical transaction data as part of your bookkeeping records unless you request deletion.

After Disconnecting CRM or HRIS Systems

When you disconnect CRM or HRIS integrations, we stop importing new data but retain historical data previously imported for forecasting and reporting purposes unless you request deletion.

After Account Cancellation

First 30 Days:

• You can log in and export your data (CSV, Excel, PDF)
• Full access to all features for data retrieval

‍

Immediately Upon Cancellation:

• Data room documents deleted
• Cap table details deleted
• Access credentials deleted

‍

After 30 Days:

• You lose access to your data through our platform
• De-identified, anonymized transaction patterns retained for AI training (unless you opt-out)
• Specific financial details and identifying information not retained

‍

After Approximately 1 Year:

• Identifiable transaction data deleted
• Only anonymized, aggregated patterns remain (if you haven't opted out)

‍

After Approximately 7 Years:

• All remaining data deleted except as required by law

Note on Timing: Actual deletion timing may vary based on system processes, backup rotation schedules, and technical constraints. Data in disaster recovery backups is typically deleted within 180 days but may persist longer due to backup retention schedules.

Legal and Regulatory Retention

We may retain certain data longer as required by:

• Tax laws and regulations (typically 3-7 years for financial records)
• Anti-money laundering and fraud prevention laws
• Legal process (subpoenas, court orders, pending litigation)
• Legitimate business interests (enforcing our Terms, protecting our rights)

Beta Features

Data created using Beta Features may be lost, corrupted, or deleted if features are modified or discontinued. You're responsible for backing up important data from Beta Features.

Our Commitment

While we strive to meet the timelines outlined above, actual deletion may vary based on technical and operational constraints, backup procedures, and system architecture. We will always comply with applicable legal retention requirements and data protection regulations.

‍

11. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

Access and Portability

• Request a copy of your personal data
• Export your financial data in common formats (available directly in the Services)

‍

Correction

• Request correction of inaccurate data
• Update account information directly in your settings

‍

Deletion

• Request deletion of your data (subject to legal retention requirements)
• See Section 10 for deletion timelines and processes

‍

Restriction and Objection

• Object to certain data processing activities
• Restrict how we process your data in certain circumstances

‍

Opt-Out of AI Training

• After cancellation, opt-out of having your anonymized data used for AI training
• Email privacy@runfutureproof.com with subject "Opt-Out of AI Training"

‍

Withdraw Consent

• Withdraw consent for marketing communications or other optional data uses

‍

How to Exercise Your Rights

Email privacy@runfutureproof.com with your request. Include:

• Your name and Account email
• Specific right you're exercising
• Any relevant details

We'll typically respond within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests. Response times may vary based on the complexity of the request and volume of requests received.

California Residents (CCPA)

Under the California Consumer Privacy Act, you have additional rights:

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We don't "sell" personal information for monetary consideration, but you can opt-out of AI training after cancellation
• Right to Non-Discrimination: We won't discriminate against you for exercising your privacy rights

‍

European Residents (GDPR)

If you're in the European Economic Area, UK, or Switzerland, you have additional rights under GDPR:

• Legal Basis: We process your data based on contract performance, legitimate interests, legal obligations, or consent
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority
• Data Protection Officer: Contact privacy@runfutureproof.com for data protection inquiries

‍

12. INTERNATIONAL DATA TRANSFERS

Futureproof is based in the United States. If you're located outside the U.S., your information will be transferred to and processed in the United States.

Data Protection: We take appropriate safeguards to protect your information when transferred internationally, including:

• Standard Contractual Clauses (SCCs) where applicable
• Ensuring service providers maintain adequate data protection
• Compliance with applicable data transfer regulations

By using our Services, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

‍

13. CHILDREN'S PRIVACY

Our Services are not intended for individuals under 18 years old. We don't knowingly collect personal information from minors under 18.

If we become aware that we've collected data from a person under 18, we'll take steps to delete it promptly. If you believe we've collected information from a minor, please contact us at privacy@runfutureproof.com.

‍

14. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

When We Make Changes:

• We'll update the "Last Updated" date at the top
• For material changes, we'll make reasonable efforts to notify you by email or prominent notice on the Services
• Changes become effective when posted unless we specify otherwise

‍

Your Continued Use: Your continued use of the Services after changes become effective means you accept the updated Privacy Policy.

Review Regularly: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

‍

15. CONTACT US

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:

Futureproof Ops, Inc. 644 Holly Springs Rd, STE 80 Holly Springs, NC 27540 USA

Email: privacy@runfutureproof.com