Privacy Policy

1. Introduction

Eagle Rock CFO Services LLC, a Pennsylvania limited liability company doing business as Eagle Rock CFO ("Company," "we," "us," or "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services.

By creating an account, connecting an accounting platform, or otherwise accessing or using our services, you agree to this Privacy Policy. If you do not agree, please do not access our services.

2. Information We Collect

Information You Provide

We collect information you voluntarily provide when you create an account, connect an accounting platform, or communicate with us:

• Name and contact information (email address, phone number)
• Company name, title, and business information
• Account credentials
• Financial data you authorize us to access through connected accounting platforms (e.g., QuickBooks Online), including revenue, expenses, accounts receivable, accounts payable, payroll, and other transactional records
• Communications and correspondence with us

Information Collected Automatically

When you visit our website or use our platform, we automatically collect:

• IP address, browser type, operating system, and device information
• Referring URLs and pages visited
• Usage data (features used, dashboards viewed, session duration)
• Information collected through cookies and similar tracking technologies (see Section 6)

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

• Provide, maintain, and improve our platform and services
• Generate dashboards, reports, and insights based on your financial data
• Process transactions and manage your subscription
• Respond to your comments, questions, and support requests
• Send technical notices, updates, and administrative messages

Analytics and Improvement

• Monitor and analyze platform usage trends and activities
• Improve our algorithms, benchmarks, and service offerings
• Generate aggregated, anonymized industry benchmarks and market insights across our user base

Business Development

• Use aggregated, de-identified data to conduct market research and identify industry trends, business segments, and strategic opportunities
• Contact you regarding our services, plan upgrades, or advisory offerings we believe may be relevant to your business
• Communicate with you about our services, offers, and events

Security and Compliance

• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations

4. Financial Data Usage

When you connect an accounting platform (such as QuickBooks Online) to Eagle Rock CFO, we access financial data including revenue, expenses, accounts receivable, accounts payable, and other transactional records. This section describes how we use that financial data beyond core service delivery.

We may use your financial data to:

• Build aggregated, anonymized industry benchmarks and market research datasets
• Analyze aggregated, de-identified financial patterns to identify market trends, industry segments, and business profiles that may represent strategic opportunities, including potential partnerships, investment opportunities, or acquisition opportunities
• Contact you regarding our services, plan upgrades, or advisory offerings we believe may be relevant to your business

We will not use your identifiable financial data to evaluate your specific business as an acquisition or investment target. Any strategic market analysis is conducted using aggregated and de-identified data only.

We will not sell or share your identifiable financial data with third parties for their independent commercial use. Any outreach related to business opportunities will come directly from Eagle Rock CFO.

You may opt out of business development communications at any time by emailing nick+website@eaglerockai.com with the subject line "Opt Out Business Development." Opting out of business development communications does not affect your access to the platform or our core service-related communications.

5. Information Sharing and Disclosure

We do not sell your personal information as defined under applicable law. We may share your information in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf (e.g., cloud hosting via Google Firebase, payment processing via Stripe, analytics via Google Analytics). These providers are contractually obligated to use your information only as necessary to provide services to us.
• Legal Requirements: When required by law, subpoena, court order, or other legal process
• Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users and others
• Business Transfers: In connection with any merger, acquisition, sale of assets, or bankruptcy, in which case your information may be transferred to the acquiring entity
• With Your Consent: When you have given us explicit consent to share your information

6. Cookies and Tracking Technologies

We use the following tracking technologies:

• Essential Cookies: Required for platform functionality, including authentication and session management
• Google Analytics (GA4): We use Google Analytics to collect anonymized usage data about how visitors interact with our website. Google Analytics uses cookies to track page views, session duration, and traffic sources. Google may process this data on servers in the United States. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Most web browsers allow you to control cookies through their settings. Note that disabling essential cookies may impair platform functionality.

7. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls limiting employee access to personal and financial data
• Secure authentication via Firebase Authentication
• Regular security reviews of our infrastructure

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using commercially reasonable measures.

8. Data Retention

We retain your information as follows:

• Account Information: Retained for as long as your account is active, plus 90 days after account deletion
• Financial Data: Retained for as long as your accounting platform is connected, plus 90 days after disconnection or account termination
• Aggregated/De-identified Data: May be retained indefinitely, as it cannot be used to identify you
• Usage and Analytics Data: Retained for up to 26 months (Google Analytics default retention period)
• Legal Hold: We may retain data longer if required for legal, tax, or compliance purposes

9. Your Privacy Rights

Rights for All Users

Regardless of your location, you may:

• Access and request a copy of the personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your account and associated data
• Opt out of business development communications
• Disconnect your accounting platform at any time

Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA"):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions (e.g., legal compliance, completing transactions).
• Right to Opt Out of Sale/Sharing: We do not sell your personal information as defined under CCPA. We share limited information with Google Analytics for website analytics purposes, which may constitute "sharing" under CCPA. You may opt out by using the Google Analytics Opt-out Browser Add-on.
• Right to Limit Use of Sensitive Personal Information: Financial data may be considered "sensitive personal information" under CCPA. We use financial data only for the purposes disclosed in this Privacy Policy (Sections 3 and 4). You may request that we limit our use of your sensitive personal information to service delivery only by contacting us.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. Exercising your rights will not affect your access to the platform or pricing.

CCPA Disclosures

In the preceding 12 months, we have collected the following categories of personal information:

Sale of Personal Information: We have not sold personal information in the preceding 12 months.

Sharing of Personal Information: We share Internet/Network Activity data with Google (via Google Analytics) for analytics purposes. This may constitute "sharing" under CCPA.

10. Exercising Your Rights

To exercise any of the rights described above, you may:

• Email us at nick+website@eaglerockai.com with the subject line "Privacy Rights Request"
• Disconnect your accounting platform from within the platform settings
• Delete your account from within the platform settings

We will verify your identity before processing any request by confirming your email address and, for sensitive requests, additional account information. We will respond to verifiable requests within 45 days. If we need more time, we will notify you of the extension and the reason.

You may designate an authorized agent to make a request on your behalf by providing written authorization to the agent and verifying your identity with us.

11. Data Breach Notification

In the event of a data breach involving your personal information, we will notify affected users in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach. Notification will be made via email to the address associated with your account, and where required by law, to the applicable state attorney general.

12. Third-Party Services

Our services integrate with third-party platforms. Their privacy practices are governed by their own policies:

• QuickBooks Online (Intuit): Financial data integration. Intuit Privacy Policy
• Google Analytics: Website analytics. Google Privacy Policy
• Stripe: Payment processing. Stripe Privacy Policy
• Firebase (Google Cloud): Authentication and data storage. Firebase Privacy and Security

13. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

14. Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Pennsylvania, without regard to its conflict of law provisions. Any disputes related to this Privacy Policy are subject to the dispute resolution provisions in our Terms of Service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the updated policy on this page and updating the "Last updated" date. For material changes that adversely affect your rights, we will make reasonable efforts to notify you via email. Your continued use of our services after such modifications constitutes your acceptance of the revised policy. If you do not agree, you must stop using our services.

16. Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us at:

Eagle Rock CFO Services LLC
Email: nick+website@eaglerockai.com