Last updated: April 2026
CFO Pal is a financial analysis platform operated in the United Kingdom. Our registered contact email is hello@cfopal.co.uk. When we say “we”, “us”, or “CFO Pal” in this policy, we mean the operator of the CFO Pal service at cfopal.co.uk.
Account information: When you register, we collect your name, email address, business name, business type, and notification preferences. If you invite team members, we collect their name and email.
Financial data: When you connect your accounting software (Xero, QuickBooks, or Sage), we retrieve your profit and loss data, balance sheet data, invoices, bills, and bank account balances via read-only API access. We cannot create, modify, or delete any data in your accounting software.
Payment information: Payments are processed by Stripe. We do not store your card details. Stripe handles all payment data directly. We store your Stripe subscription ID and status.
Usage data: We collect basic usage data including pages visited, features used, and notification delivery status to improve the service.
We use your data to provide the CFO Pal service, including generating financial reports, cashflow forecasts, budget comparisons, AI-generated insights, and proactive alerts delivered via email, SMS, or WhatsApp according to your preferences.
Your financial data is processed by our AI provider (Anthropic) to generate plain-English insights and summaries. Anthropic does not use your data to train their AI models. it is processed and discarded.
We do not sell, rent, or share your financial data with any third party for marketing purposes.
We process your data on the following legal bases under UK GDPR: performance of our contract with you (providing the service), your consent (for optional notifications via SMS and WhatsApp), and our legitimate interest in improving the service and preventing fraud.
Your data is stored in the European Union (London, UK) on Supabase infrastructure. Data is encrypted in transit using TLS and encrypted at rest. Row-level security ensures that each user can only access their own data. no other user or business can see your financial information.
We use the following third-party services to operate CFO Pal:
Each provider processes data in accordance with their own privacy policies and data processing agreements.
We retain your financial data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days to allow for reactivation, after which it is permanently deleted. You can request immediate deletion at any time by contacting us.
When you disconnect your accounting software, we retain the previously synced data but stop pulling new data. You can request deletion of all synced data at any time.
Under UK GDPR, you have the right to: access the personal data we hold about you, rectify any inaccurate data, erase your data (“right to be forgotten”), restrict or object to processing, receive your data in a portable format, and withdraw consent at any time for optional processing such as SMS notifications.
To exercise any of these rights, email hello@cfopal.co.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
CFO Pal uses only essential cookies required for the service to function. specifically authentication session cookies that keep you logged in. We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent is required for essential cookies under UK regulations, but we provide transparency about their use.
CFO Pal is a business financial tool and is not directed at individuals under 18. We do not knowingly collect data from minors.
We may update this policy from time to time. If we make material changes, we will notify you by email. The “last updated” date at the top of this page reflects the most recent revision.
For any questions about this privacy policy or your data, contact us at hello@cfopal.co.uk.