Legal

Privacy Policy

Effective: [EFFECTIVE_DATE]

This Privacy Policy describes how [LEGAL_NAME] ("Forecastle", "we", "us") collects, uses, and protects information when you use the Forecastle platform at forecastle.app, the marketing website at getforecastle.com, and any associated APIs, integrations, add-ins, and add-ons (collectively, the "Service").

If you have any question about this policy, email privacy@forecastle.app.

1. Who we are

Forecastle is operated by [LEGAL_NAME], a corporation registered in [GOVERNING_PROVINCE], Canada. Our registered office is [CORPORATE_ADDRESS]. For the purposes of GDPR and similar regulations, Forecastle acts as a Data Processor for customer-uploaded financial data and as a Data Controller for account, billing, and support information described below.

2. Information we collect

2.1 Account and authentication data

When you create an account we collect:

• Email address
• Name
• Company name
• Hashed password (we store the bcrypt hash, never the password itself)
• Session tokens (managed by us, expired automatically)
• Optional: profile photo, phone number, time zone

2.2 Customer financial data

Through your authorized connections to general-ledger services (Xero, QuickBooks Online, and others), Forecastle ingests:

• Chart of accounts
• Dimensional metadata (departments, locations, classes, tracking categories, custom dimensions)
• Monthly actuals (P&L and Balance Sheet)
• Budgets, forecasts, scenarios, headcount plans that you load or create within the Service
• Comments, notes, and workflow checklist data you add inside the product

Forecastle is the Processor of this data; you remain the Controller.

2.3 Integration credentials

When you connect a third-party service via OAuth, we store the refresh token issued by that service. Refresh tokens are encrypted at rest with a key stored separately from the database connection string.

2.4 Billing data

Plan, billing contact, invoice records, and tax registration details. Payment card numbers, CVCs, and bank account details are never stored on Forecastle servers — they are tokenised by Stripe.

2.5 Operational data

• Request logs (URLs, response codes, timestamps, IP addresses, user-agent strings), retained 30 days
• Audit log of every mutating action you take inside the Service, retained for the life of the tenant
• Error traces and performance traces shipped to Sentry, PII scrubbed at the SDK boundary before transmission, retained 90 days

2.6 Marketing-site analytics

Aggregate, anonymous traffic statistics on getforecastle.com via a privacy-respecting analytics provider. We do not place advertising cookies or fingerprint visitors.

3. How we use information

We use the information described above to:

• Deliver and maintain the Service you subscribed to
• Authenticate you and protect your account
• Sync data from connected services and serve queries against it
• Send transactional emails (workflow reminders, password resets, receipts, security alerts) — never marketing
• Respond to your support requests
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and enforce our Terms of Service
• Improve the Service through aggregate, de-identified analysis

We do not use customer financial data to train any AI model. Our agreement with our model provider includes a zero-retention clause: prompts and completions are not stored or used for training.

4. How we share information

We do not sell your data. We do not share it for advertising purposes. We share information only with:

4.1 Subprocessors

Service providers acting on our behalf to deliver the Service. The live list is published at getforecastle.com/security/subprocessors. As of [EFFECTIVE_DATE], that list includes: Render (hosting + database), Cloudflare (CDN), Stripe (payments), Resend (transactional email), Anthropic (AI model provider, zero-retention), Sentry (error tracking), Vercel (marketing-site hosting), GitHub (source code, no customer data).

Each subprocessor is bound by a data-processing agreement that restricts their use of your data to the purpose of delivering the service to us.

4.2 Connected services you authorize

When you connect Xero, QuickBooks Online, Microsoft 365 (Excel add-in), or Google Workspace (Sheets add-on), we exchange data with those services on your instruction. You hold the OAuth token and may revoke access at any time from inside the connected service.

4.3 Legal compliance

We may disclose information when required by applicable law, subpoena, court order, or to enforce our Terms of Service. Where permitted, we will notify you of the request before disclosing.

4.4 Business transfer

If Forecastle is involved in a merger, acquisition, or asset sale, your information may transfer as part of that transaction. You will be notified by email and on the Service before any transfer occurs. This Privacy Policy will continue to govern your data unless the acquiring entity offers an equal or stronger policy.

5. International transfers

Forecastle is operated from Canada and primary infrastructure is in the United States (Render, us-east region). EU-region hosting is available on the Advanced plan and above for customers with data-residency requirements.

For EU and UK customers, transfers outside the EEA / UK are governed by Standard Contractual Clauses included in our Data Processing Agreement. A signed copy is available on request to privacy@forecastle.app.

6. Data retention

• Account data: held while your subscription is active and for 30 days after cancellation (in case you reactivate), then purged.
• Customer financial data: same as account data. Backups containing customer data age out within 90 days of purge.
• Audit log: retained for the life of the tenant; you can export it at any time.
• Billing records: retained for 7 years as required by Canadian tax law.
• Marketing-site analytics: 12 months.
• Request logs: 30 days.
• Error traces: 90 days.

Written confirmation of deletion is available on request after cancellation. Email privacy@forecastle.app.

7. Your rights

Depending on your jurisdiction you have some or all of the following rights:

• Access: a copy of the personal information we hold about you
• Rectification: correction of inaccurate information
• Erasure ("right to be forgotten"): deletion of your information
• Restriction: temporarily limit our processing
• Portability: receive your data in a structured, machine-readable format
• Objection: object to specific processing
• Withdrawal of consent: where processing is based on consent
• Lodge a complaint with your local data-protection authority

For most personal information we hold about you, you can exercise these rights directly inside the Service. For requests we cannot fulfil through the product, email privacy@forecastle.app. We respond within 30 days.

7.1 California residents (CCPA / CPRA)

In addition to the rights above, California residents may request disclosure of the categories of personal information we collect and the purpose of collection. We do not sell personal information as defined under the CCPA.

7.2 Canadian residents (PIPEDA / Quebec Law 25)

You may direct requests under PIPEDA or Quebec Law 25 to privacy@forecastle.app. Our Privacy Officer is [LEGAL_NAME]'s director, reachable at the same address.

8. Security

We protect your information with administrative, technical, and physical safeguards described in detail in our Security Whitepaper at getforecastle.com/security/whitepaper.pdf. In summary:

• Schema-per-tenant isolation at the database layer
• TLS 1.2+ on every connection
• AES-256 encryption at rest for the database and backups
• Encrypted OAuth tokens with a key separate from the database
• bcrypt password hashing
• Full audit trail on every mutation
• Annual third-party penetration test

We commit to notifying affected customers within 24 hours of confirmed security incident.

9. Children

Forecastle is a B2B financial-planning product and is not directed at children. We do not knowingly collect information from anyone under the age of 16.

10. Cookies and similar technologies

Forecastle uses strictly-necessary cookies to authenticate sessions and remember user preferences inside the product. The marketing site at getforecastle.com uses cookieless, privacy-respecting analytics. We do not use cross-site advertising trackers.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email to the workspace owner and posted on the Service at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

The version history of this policy is available on request.

12. Contact

Postal: [LEGAL_NAME], [CORPORATE_ADDRESS]