Privacy Policy
Last updated: June 30, 2026
Introduction
Purpose
At ForProfit (www.forprofit.io), we value your privacy. To put that into practice, we take reasonable steps toward protecting your privacy and managing your information.
This Privacy Policy describes the information we collect, where it comes from, how it is used, and how it is stored. It also explains the choices you have and how to contact us with questions or concerns.
By using this Website, contacting us, or providing any personal information, you signify your consent to this Privacy Policy and consent to our collection and use of your personal information as described here, in all cases subject to applicable law.
Scope
This Privacy Policy applies to our website at www.forprofit.io (the "Website") and the ForProfit service. It does not apply to any third-party website or service. For your convenience, this Website may contain links to other websites; this Privacy Policy does not apply to those, and you should review their privacy policies before using them.
Updates and Changes
If we change this Privacy Policy, we will post the changes on this page at https://www.forprofit.io/privacy-policy and update the "Updated" date above. Please review this page periodically.
Questions
If you have questions or concerns about this Privacy Policy, contact us at support@forprofit.io.
What Information We Collect
ForProfit is a tool that converts uploaded bank statements into Profit & Loss reports and related financial summaries. The information we collect reflects that purpose. We aim to collect only what we need to provide the service.
Information you provide to us
Account information. When you create an account, we collect your name, email address, and business name, along with optional business details such as entity type and industry. Authentication is handled by our third-party authentication provider; we do not store your password.
Bank statement and financial data. When you use the service, you upload bank statements, and we extract and store the resulting financial data:
- The raw contents of your uploaded statements are processed in order to extract transactions. Uploaded statement files (e.g., images or PDFs) are stored only transiently during processing and are deleted promptly after a statement is processed; we do not permanently store your raw statement files.
- The extracted financial data— transactions, categorizations, account balances, and the Profit & Loss reports we generate — is saved to your accountand retained until you delete it or delete your account (see "Data Retention," below).
- We store bank/account labels only as a masked referenceshowing at most the last four digits (for example, "Checking …1234"). We do not store your full bank account number.
Payment information. Subscription payments are handled by our third-party payment processor. Payment card details are entered directly with that processor; we never receive or store your full card number. We store only payment-related metadata such as your subscription identifiers, billing status, and email.
Support and feedback. If you contact support, leave cancellation feedback, or submit other communications, we store the content of those communications.
Client information (business/bookkeeper accounts). If you use ForProfit to manage clients, you may enter information about your clients, including their name, email, phone number, business name, and notes. This is information you provide about third parties; you are responsible for having the right to provide it, and you act as the controller of that information while we process it on your behalf.
Information we collect automatically
We collect a limited amount of information automatically to operate and secure the service:
- Authentication and functional cookies / local storage. We use cookies and similar browser storage strictly for essential functions — keeping you logged in, maintaining your session, and remembering functional preferences (such as table layout or dismissed notifications). We do not use analytics, performance-tracking, advertising, or targeting cookies.
- Usage and operational data. We store limited operational information necessary to run the service, such as the number of statements you have processed, processing/usage records, and a last-active timestamp.
- Server logs. Our hosting provider maintains standard server logs (such as IP address and request metadata) as part of operating and securing the Website.
Information we do NOT collect
To be clear about our practices, ForProfit does not:
- Collect or store your full credit/debit card number or full bank account number;
- Collect your Social Security number, EIN, or any government-issued identifier;
- Collect your physical or mailing address, date of birth, username, profile photo, or biometric, voice, audio, or video data;
- Collect precise or device-based location data (we use no geolocation);
- Use third-party analytics, behavioral tracking, advertising, or marketing/retargeting tools;
- Purchase data about you from third parties, or buy or use third-party email lists;
- Sell your personal information, or share it for cross-context behavioral advertising.
Sensitive information
Because our service processes bank statements, the financial data we handle (transactions, balances, income and expense detail) may be considered sensitive. We do not collect special categories of data such as race or ethnicity, religious beliefs, sexual orientation, citizenship or immigration status, health or medical information, genetic or biometric data, or precise geolocation. We handle the financial information you provide only as needed to deliver the service and as permitted by applicable law.
How We Use Personal Information
We use personal information to:
- Operate and secure the service — run the Website, authenticate you, process your statements, generate your reports, provide support, prevent fraud, and maintain security.
- Process payments — manage subscriptions and billing through our payment processor.
- Communicate with you — respond to support requests and send service-related (transactional) messages such as account, billing, and report notifications, according to your notification preferences. We do not send marketing newsletters or promotional email campaigns.
- Improve the service — understand how the service is used at an operational level and improve our features.
- Comply with law — meet legal obligations, respond to lawful requests, enforce our terms, and protect our rights and the rights and safety of our users.
We process this information as necessary to provide the service you have requested, to perform our contract with you, to comply with law, and in furtherance of our legitimate business interests in operating ForProfit.
How We Share Personal Information
We share personal information only with the third-party service providers that help us operate, and only as needed to deliver the service. These include providers for:
- Authentication (managing your login and credentials);
- Payment processing (handling subscription payments; card data is entered directly with the processor);
- Hosting and infrastructure (running the Website);
- Database and file storage (storing your account and financial data);
- Email delivery (sending transactional messages); and
- AI-powered document processing.
Important — AI processing of your statements. To extract and categorize your transactions, the contents of your uploaded bank statements are transmitted to third-party AI service providers for processing. These providers process the data to return the extracted information and are bound by their own privacy and security terms. We share only what is necessary to deliver the service.
Each service provider has its own privacy policy governing its use of data. We use Stripe to process payments; Stripe's practices are governed by its Services Agreement, Privacy Policy, and Cookie Policy.
We do not sell your personal information, and we do not share it with advertisers, ad networks, or data brokers.
Business transfers. If we sell our assets, merge with another company, or go out of business, user information may be among the assets transferred to a successor, subject to the terms of this Privacy Policy.
Location of Personal Information
Your stored data (your account information, transactions, and reports) is held in our cloud database hosted in the United States, and our service is operated primarily on infrastructure in the United States. Some of our service providers are U.S.-based companies that may operate on global infrastructure. If you access the Service from outside the United States, your information may be processed in the United States.
Data Retention and Deletion
We retain your information for as long as your account is active or as needed to provide the service.
- While your account is active, your transactions and reports are retained so you can access and use them.
- If you cancel a paid subscription, your account is downgraded to the free tier. Your data is not automatically deleted — your transactions and reports are retained so you can resubscribe at any time and restore full access. There is no fixed deletion deadline after cancellation.
- You may permanently delete your account and all associated data at any time from your dashboard (Profile → Delete Account). This permanently removes your transactions, reports, and associated personal data. This is the action that erases your stored data, and we recommend exporting any reports you wish to keep beforehand.
- We may retain limited, anonymized business and transaction records (such as revenue records) as needed for accounting, legal, and record-keeping purposes.
How We Secure Information
We maintain reasonable physical, technical, and administrative safeguards designed to protect your information, including encryption of data in transit and at rest, access controls, and database-level security. Authentication credentials are managed by our authentication provider, and payment card data is handled by our payment processor; we do not store either.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You can help protect your account by using a strong, unique password and keeping your devices secure. If we become aware of a data breach affecting your personal information, we will notify you and any authorities as required by applicable law.
Access and Choice
You have choices about your information:
- Access and deletion. You can view your data in your dashboard and permanently delete your account and data at any time (Profile → Delete Account).
- Email preferences. You can manage your notification preferences in your account, and transactional notification emails include an option to turn off that type of notification.
- Cookies. You can disable cookies through your browser settings, though essential cookies are needed for the service to function (for example, to keep you logged in).
To make a privacy request or ask a question, contact us at support@forprofit.io or by mail at 8 The Green #STE A, Dover, DE 19901, United States.
Children's Personal Information
This Website is not intended for children. The service is intended for business users, and we do not knowingly collect personal information from children under 13. If a child or their guardian alerts us that a child has provided information, we will take reasonable steps to delete it.
Jurisdiction-Specific Provisions
The following sections reflect requirements of various U.S. state privacy laws that may apply to some users but not others. If you are not a resident of one of these states, or the law does not otherwise apply to you, that section does not apply to you. Some of these laws are new and their interpretation is not fully settled; where that is so, we will make a good-faith effort to comply.
Across all of these states: we do not "sell" personal information, we do not process personal information for targeted advertising, and we do not use it for profiling that produces legal or similarly significant effects.
US State Privacy Rights
If you are a resident of one of the US states below and the processing of personal information about you by the Website is subject to privacy laws specific to your state, you have certain rights with respect to that information, in all cases subject to state law.
COLORADO
This section applies only if you are a Colorado resident and we (1)(A) do business in Colorado or (B) produce products or services targeted to Colorado residents, and (2)(A) during a calendar year control or process personal data of at least 100,000 Colorado residents, or (B) control or process personal data of at least 25,000 Colorado residents and derive revenue or receive a financial benefit from the sale of personal data.
You have the following rights:
- Right of knowledge — you may ask that we confirm whether we are processing your personal data.
- Right of access — you may access your personal data and request a copy in a portable, readily usable format where technically feasible.
- Right of correction — you may correct inaccuracies in your personal data, taking into account its nature and the purposes of processing.
- Right of deletion — you may ask that we delete personal data provided by or obtained about you.
- Right of opt-out — you may opt out of processing for (1) targeted advertising, (2) the sale of personal data, or (3) profiling in furtherance of decisions that produce legal or similarly significant effects. You may also opt out via a universal opt-out mechanism meeting standards established by the state attorney general.
- Right to appeal — you may appeal a decision not to fulfill any of these requests.
We will respond without undue delay and within 45 days of receipt, extendable once by 45 additional days when reasonably necessary (with notice). If we decline to act, we will inform you within 45 days with our justification and appeal instructions. We provide information without charge up to once annually per user. We maintain a conspicuous appeal process; within 45 days of an appeal we will inform you in writing of any action taken, extendable by 60 days when reasonably necessary. If an appeal is denied, we will provide a mechanism to contact the state attorney general.
We do not "sell" personal information as defined by Colorado law, nor do we process your personal data for targeted advertising. Make requests under Colorado law via support@forprofit.io or 8 The Green #STE A, Dover, DE 19901, United States.
CONNECTICUT
This section applies only if you are a Connecticut resident and we (1)(A) do business in Connecticut or (B) produce products or services targeted to Connecticut residents, and (2) during the prior calendar year controlled or processed personal data of (A) at least 100,000 Connecticut residents, or (B)(i) at least 25,000 Connecticut residents and (ii) derived over 25% of gross revenue from the sale of personal data.
You have the following rights: (1) right of knowledge; (2) right of access (including a portable copy); (3) right of correction; (4) right of deletion; (5) right of opt-out of targeted advertising, sale of personal data, or profiling with legal or similarly significant effects; and (6) right to appeal.
We will respond without undue delay and within 45 days of receipt, extendable once by 45 additional days with notice. If we decline to act, we will inform you within 45 days with our justification and appeal instructions, and provide information without charge up to once annually. We maintain a conspicuous appeal process; within 60 days of an appeal we will inform you in writing of any action taken. If an appeal is denied, we will provide a mechanism to contact the state attorney general.
We do not "sell" personal information as defined by Connecticut law, nor do we process your personal data for targeted advertising. Make requests under Connecticut law via support@forprofit.io or 8 The Green #STE A, Dover, DE 19901, United States.
UTAH
This section applies only if you are a Utah resident and we (1)(A) do business in Utah or (B) produce products or services targeted to Utah residents; (2) earn at least $25 million in annual revenue; and (3) during the prior calendar year controlled or processed personal data of (A) at least 100,000 Utah residents, or (B)(i) at least 25,000 Utah residents and (ii) derived over 25% of gross revenue from the sale of personal data.
You have the following rights: (1) right of knowledge; (2) right of access (including a portable copy); (3) right of deletion of personal data provided by you; and (4) right of opt-out of targeted advertising or the sale of personal data.
We will respond without undue delay and within 45 days of receipt, extendable once by 45 additional days with notice. If we decline to act, we will inform you within 45 days with our justification and appeal instructions, and provide information without charge up to once annually.
We do not "sell" personal information as defined by Utah law, nor do we process your personal data for targeted advertising. We do not process sensitive personal information as defined by Utah law. Make requests under Utah law via support@forprofit.io or 8 The Green #STE A, Dover, DE 19901, United States.
IOWA
This section applies only if you are an Iowa resident and we (1)(A) do business in Iowa or (B) produce products or services targeted to Iowa residents; and (2) during the prior calendar year controlled or processed personal data of (A) at least 100,000 Iowa residents, or (B)(i) at least 25,000 Iowa residents and (ii) derived over 50% of gross revenue from the sale of personal data.
You have the following rights: (1) right of knowledge; (2) right of access (including a portable copy); and (3) right of opt-out of the sale of personal data.
We will respond without undue delay and within 90 days of receipt, extendable once by 45 additional days with notice. If we decline to act, we will inform you within 90 days with our justification and appeal instructions, and provide information without charge up to twice annually. We maintain a conspicuous appeal process; within 60 days of an appeal we will inform you in writing of any action taken. If an appeal is denied, we will provide a mechanism to contact the state attorney general.
We do not "sell" personal information as defined by Iowa law. We do not process sensitive personal information as defined by Iowa law, nor do we process your personal data for targeted advertising. Make requests under Iowa law via support@forprofit.io or 8 The Green #STE A, Dover, DE 19901, United States.
VIRGINIA
This section applies only if you are a Virginia resident and we (1)(A) do business in Virginia or (B) produce products or services targeted to Virginia residents, and (2)(A) during a calendar year control or process personal data of at least 100,000 Virginia residents, or (B) control or process personal data of at least 25,000 Virginia residents and derive over 50% of gross revenue from the sale of personal data.
You have the following rights: (1) right of knowledge; (2) right of access (including a portable copy); (3) right of correction; (4) right of deletion; (5) right of opt-out of targeted advertising, sale of personal data, or profiling with legal or similarly significant effects; and (6) right to appeal.
We will respond without undue delay and within 45 days of receipt, extendable once by 45 additional days with notice. If we decline to act, we will inform you within 45 days with our justification and appeal instructions, and provide information without charge up to twice annually. We maintain a conspicuous appeal process; within 60 days of an appeal we will inform you in writing of any action taken. If an appeal is denied, we will provide a mechanism to contact the state attorney general.
We do not "sell" personal information as defined by Virginia law, nor do we process your personal data for targeted advertising. Make requests under Virginia law via support@forprofit.io or 8 The Green #STE A, Dover, DE 19901, United States.
Contact
If you have any questions about this Privacy Policy or our data practices, please contact us:
ForProfit LLC · support@forprofit.io · 8 The Green #STE A, Dover, DE 19901, United States