Privacy Policy

1. Data We Collect

CarteFi collects only the data necessary to provide our accounting software service.

Account information

• Name and email address (required for account creation)
• Company name and business information
• Password (stored as a secure hash -- we never see your actual password)

Financial data

• Chart of accounts, journal entries, invoices, bills, and transaction records you create or import
• Bank transactions imported via Plaid or CSV upload
• Contact records (customers, vendors) including names, emails, and addresses

Usage data

• Pages visited, features used, and actions taken (anonymized for product improvement)
• Device type, browser, and operating system
• IP address (for security and rate limiting)

2. How We Use Your Data

• Providing the service: Your financial data is used to operate the accounting features you use -- generating reports, processing transactions, and managing your books.
• Account management: Your email address is used for login, password resets, billing notifications, and important service announcements.
• Product improvement: Anonymized usage data helps us understand which features are most useful and where we can improve.
• Security: IP addresses and login activity are used to detect and prevent unauthorized access.
• Support: When you contact us, we may access your account data to diagnose and resolve issues.

3. Who We Share Data With

We do not sell your data. We share data only with the following service providers, who are contractually bound to protect it:

• Auth0 (Okta): Handles authentication and login. Receives your email address and login credentials.
• Stripe: Processes subscription payments and customer invoice payments. Receives payment card details -- CarteFi never stores card numbers.
• Plaid: Connects your bank accounts for automatic transaction import. Receives tokenized bank access credentials -- CarteFi never sees your bank login.
• Cloud infrastructure provider: Hosts our application and database. Data is encrypted at rest and in transit.
• Email service (Resend): Delivers transactional emails (invoices, password resets, notifications). Receives recipient email addresses and message content.

We may also disclose data if required by law, court order, or to protect the safety of our users.

4. Data Retention

• Active accounts: Your data is retained for as long as your account is active.
• After cancellation: Your data remains accessible and exportable for 90 days after your subscription ends.
• After retention period: Data is permanently deleted from our production systems. Encrypted backups may persist for up to 30 additional days before being rotated out.
• Audit logs: Audit trail data is retained for the lifetime of the account for compliance purposes.

5. Your Rights

• Access: You can access all your data through the CarteFi application at any time.
• Export: You can export your complete data set in CSV, JSON, or QuickBooks-compatible format at any time. This feature is free on every plan.
• Deletion: You can request deletion of your account and all associated data by contacting us. We will process deletion requests within 30 days.
• Correction: You can update your account information and financial data at any time through the application.
• Portability: Data export provides your data in standard, machine-readable formats.

6. Cookies

CarteFi uses a minimal set of cookies:

• Authentication cookies: Required for login sessions. These are essential and cannot be disabled.
• Preference cookies: Remember your settings like theme preference. Optional.
• Analytics cookies: Help us understand how the application is used. Anonymized and optional.

We do not use advertising cookies or tracking pixels. We do not participate in ad networks.

7. Contact

For privacy-related questions, data access requests, or deletion requests:

8. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date and notify you by email at least 30 days before material changes take effect. Your continued use of CarteFi after the changes take effect constitutes acceptance of the updated policy.