Privacy Policy

Last updated: 25 March 2026

1. Who We Are

CFO Pal is operated by Mo Romanowicz. Our contact email is hello@cfopal.co.uk. We act as the data controller for personal and business data processed through the CFO Pal platform.

2. What Data We Collect

We collect the following categories of data:

  • Account data: Your name, email address, mobile number, business name, business type, and industry sector — provided during registration and onboarding.
  • Financial data: Profit and loss figures, invoices, bank balances, expenses, and budget information — synced automatically from connected accounting platforms (Xero, QuickBooks, Sage) or entered manually.
  • Usage data: Pages visited, features used, and interaction with AI-generated insights — collected to improve the service.
  • Payment data: Subscription and billing information is processed by Stripe. We do not store your card details.

3. How We Use Your Data

We use your data to: provide and operate the CFO Pal service; generate AI-powered financial insights, reports, and alerts; send weekly financial summaries and urgent notifications via your chosen channels (email, SMS, WhatsApp); process subscription payments; improve and develop the platform; and comply with legal obligations.

4. Legal Basis for Processing (GDPR)

We process your data on the following legal bases: performance of our contract with you (providing the service); your consent (for optional communications); and our legitimate interests (improving the platform and preventing fraud).

5. Data Storage and Security

All data is stored on servers located in the EU (London, UK) via Supabase. Data is encrypted in transit (TLS) and at rest. Access to your financial data is protected by row-level security policies, meaning no other user can access your data. OAuth tokens for connected accounting platforms are stored securely and refreshed automatically.

6. Third-Party Services

We use the following third-party services to operate CFO Pal:

  • Supabase (EU London) — Database and authentication
  • Vercel — Application hosting
  • Anthropic (Claude) — AI-powered financial analysis
  • Stripe — Payment processing
  • Resend — Transactional email delivery
  • Twilio — SMS and WhatsApp notifications
  • Xero, QuickBooks, Sage — Accounting data sync (at your direction)
  • Google Analytics — Anonymous usage analytics

We only share data with these providers as necessary to deliver the service. We do not sell your data to any third party.

7. AI Processing

CFO Pal uses AI (Claude by Anthropic) to generate financial insights and summaries. Your financial data is sent to the AI provider for processing in real time but is not stored by the AI provider or used to train AI models. AI-generated outputs are advisory and should not be treated as professional accounting advice.

8. Team Access and Shared Data

Account holders may invite team members to access their financial data through the CFO Pal Team Access feature. When you invite a team member, they will be able to view your businesss financial data according to their assigned role (Read Only or Admin). As the account holder, you are responsible for ensuring that sharing financial data with team members complies with your obligations to employees, partners, and any applicable confidentiality agreements.

Team members have their own accounts with separate login credentials, notification preferences, and two-factor authentication settings. Their personal data (name, email, phone) is stored independently. When a team member is removed, their access is revoked immediately and their account data is deleted if they have no other active team memberships.

9. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, data is retained for 30 days before permanent deletion. You may request earlier deletion by contacting hello@cfopal.co.uk.

10. Your Rights

Under UK GDPR, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; receive your data in a portable format; and withdraw consent at any time where consent is the basis for processing.

To exercise any of these rights, contact us at hello@cfopal.co.uk. We will respond within 30 days.

11. Cookies

CFO Pal uses essential cookies for authentication and session management. We also use Google Analytics cookies for anonymous usage statistics. You can manage cookie preferences through your browser settings. A cookie consent banner is displayed on first visit.

12. Children

CFO Pal is not intended for individuals under the age of 18. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use after changes constitutes acceptance.

14. Contact and Complaints

For privacy-related enquiries, contact us at hello@cfopal.co.uk. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.