ServicesHow it worksPricingResultsToolsAboutInsights

Legal

Privacy Policy

Effective date: June 18, 2026

CipherCFO ("we," "us," or "our") provides fractional CFO services to small and mid-market businesses. This policy explains what personal information we collect, how we use it, and your rights over it. We keep this document short and plain because you are a business owner, not a lawyer — and neither are we.

Questions? Email advisory@ciphercfo.com.

1. What we collect

We collect only what we need to do the work.

From you directly

  • Name and email — when you book a call, fill out our contact form, download a lead magnet, or sign up for the newsletter.
  • Company name and revenue band — from the intake funnel, to scope the engagement.
  • Billing contact and payment method — processed by Stripe; we never see or store your full card number.

From your accounting system (clients only)

  • Financial statements — income statement, balance sheet, and cash flow data pulled via read-only OAuth from QuickBooks, Xero, NetSuite, or Sage.
  • We access only the data required to produce the deliverables. We do not access payroll details, employee records, or customer/vendor personally identifiable information unless it appears in a line item you have named in your chart of accounts.

Automatically

  • Google Analytics (GA4) — we use Google Analytics to understand how people find and use this website. GA4 collects anonymous usage data (pages visited, session duration, general location at the country/region level). No financial data is sent to Google. You can opt out using the Google Analytics Opt-out Browser Add-on.
  • Server logs — standard request logs (IP address, timestamp, URL, HTTP status code) retained for up to 30 days for security and debugging.

2. How we use your information

  • To deliver CFO services — generating reports, running analysis, and communicating with you about your engagement.
  • To send you resources you requested — lead magnets, templates, and the monthly insights newsletter (you can unsubscribe anytime).
  • To process billing — invoicing, subscription management, and payment processing through Stripe.
  • To improve the service — anonymous analytics help us understand what is useful.

We do not sell your personal information. We do not share your financial data with any third party except the subprocessors listed on our Security page, who process it on our behalf under data processing agreements.

3. Legal basis for processing

  • Contract performance — processing your financial data is necessary to deliver the CFO services you have engaged us for.
  • Legitimate interest — analytics, security logging, and lead-management are in our legitimate interest to operate the business.
  • Consent — newsletter sign-ups and resource downloads are based on your consent, which you can withdraw at any time.

4. Your rights

Regardless of where you are located, you can contact us to:

  • Access — request a copy of the personal information we hold about you.
  • Correct — ask us to fix inaccurate or incomplete information.
  • Delete — request deletion of your data (subject to legal retention requirements). See the full deletion process on our Security page.
  • Data portability — request your data in a machine-readable format.
  • Unsubscribe — from any marketing emails using the link at the bottom of any email we send.

To exercise any of these rights, email advisory@ciphercfo.com. We will respond within 30 days.

5. Cookies

We use minimal cookies:

  • Google Analytics — sets first-party cookies (_ga, _gid) to distinguish sessions. These do not contain personal financial information.
  • Session cookies — required for the client portal login. These expire when you close your browser.

We do not use advertising cookies, retargeting pixels, or behavioral tracking beyond Google Analytics.

6. Data retention

We retain personal information for as long as your engagement is active, plus 90 days after it ends. Financial data is deleted after that period. Server logs are retained for up to 30 days. Billing records are retained for 7 years as required by tax law.

Newsletter and resource contacts are retained until you unsubscribe or request deletion.

7. Governing law

This policy is governed by the laws of the State of Utah, United States. Any disputes arising from this policy will be resolved in the courts of Utah.

8. Changes to this policy

If we make material changes to this policy, we will update the effective date at the top and notify active clients by email. Continued use of the service after that date constitutes acceptance of the updated policy.

9. Contact

Privacy questions, requests, or concerns: advisory@ciphercfo.com

Security·Terms of Service