Legal
Privacy policy
This policy explains what data Top Practice CFO collects, who processes it, how we secure it, and how you control it, including your right to export and delete your data.
What data do we collect?
For account holders, we store your name, email, and role. For prospects and clients, we store the contact details you provide and, with your permission, read-only financial data used to produce your analysis. We do not sell personal data.
Who are our sub-processors?
We use a small set of trusted providers to run the service. Each processes only the data needed for its function.
| Sub-processor | Purpose | Region |
|---|---|---|
| Google Cloud (Firebase, Cloud Run) | Database, authentication, file storage, hosting | United States |
| Cloudflare | DNS and content delivery | Global edge |
| Resend | Transactional and outbound email | United States |
| Anthropic | AI used to draft and explain, never to compute your numbers | United States |
How do I export or delete my data?
Signed-in account holders can export a machine-readable copy of their data and permanently delete their account and personal data from the Account page at any time. To request export or deletion of contact or client data, email us and we will complete it within 30 days.
Self-service export and deletion are built in, not a special request.
How do we secure your data?
Access is authorized on the server for every request, financial access is read-only, sensitive actions are logged to a tamper-evident audit trail, and data is encrypted in transit. We follow a written information security program.
How do I contact you about privacy?
Email support@toppracticecfo.com with any privacy question or data request and we will respond promptly.