1. Who We Are

CashFlowSmart is operated by Green Banana Enterprise, an Indiana-based technology company. Our registered address is Indianapolis, IN. References to "CashFlowSmart," "we," "us," or "our" in this policy refer to Green Banana Enterprise and its CashFlowSmart product.

Contact: privacy@cashflowsmart.io

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, business name, and business type. This information is used to create and manage your account.

2.2 Financial Transaction Data

CashFlowSmart processes bank transaction data that you upload directly (CSV or PDF bank statements). This data includes transaction dates, amounts, descriptions, and running balances. We do not connect directly to your bank account — all financial data enters the system through files you explicitly upload.

2.3 Job and Project Data

You may enter project names, client names, addresses, contract amounts, and related notes. This information is stored in your account and used to generate job-level financial reports.

2.4 Usage Data

We collect standard server logs including IP addresses, browser type, pages visited, and session duration. This data is used for security monitoring and product improvement. We do not use this data for advertising.

2.5 AI Interaction Data

When you use the AI Financial Advisor feature, your questions and the financial context sent to the AI are processed by our LLM provider (see Section 5). We retain a log of AI interactions within your account for your reference. We do not use your AI conversations to train AI models.

3. How We Use Your Information

• To provide and operate the CashFlowSmart service
• To calculate your Safe-to-Spend, gross margins, and cash flow projections
• To generate AI-powered financial insights based on your transaction data
• To send transactional emails (account confirmation, password reset, billing receipts)
• To detect and prevent fraud and unauthorized access
• To improve the product based on aggregate, anonymized usage patterns

We do not use your financial data for advertising, profiling, or sale to third parties.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal bases for processing personal data are:

• Contract performance — processing necessary to deliver the CashFlowSmart service you have subscribed to
• Legitimate interests — security monitoring, fraud prevention, and product improvement
• Legal obligation — compliance with applicable financial regulations and law enforcement requests
• Consent — for optional communications such as product newsletters (you may withdraw consent at any time)

5. Third-Party Processors

We share data with the following categories of third-party processors, each bound by data processing agreements:

• Cloud infrastructure — your data is stored on servers operated by major cloud providers (AWS, Google Cloud, or equivalent) in the United States. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
• AI/LLM provider — when you use the AI Advisor, your financial context and question are sent to an LLM API provider. We use a zero-data-retention API configuration where permitted, meaning the provider does not store your data after returning a response.
• Payment processor — subscription billing is handled by Stripe, Inc. We do not store credit card numbers. Stripe's privacy policy applies to payment data.
• Email delivery — transactional emails are sent via a third-party email service provider. Only your email address and the content of the specific email are shared.

We do not share your financial transaction data with any third party except as described above or as required by law.

6. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, we retain your data for 90 days to allow for account reactivation, after which it is permanently deleted from our production systems. Backup copies may persist for up to an additional 30 days before being purged from backup storage.

Aggregate, anonymized analytics data (with no personally identifiable information) may be retained indefinitely for product improvement purposes.

7. Your Rights

7.1 GDPR Rights (EEA Users)

If you are located in the European Economic Area, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your personal data ("right to be forgotten")
• Restrict or object to processing of your personal data
• Receive your data in a portable format
• Lodge a complaint with your national data protection authority

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell
• Request deletion of your personal information
• Opt out of the sale of your personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at privacy@cashflowsmart.io. We will respond within 30 days.

8. Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.2+ encryption in transit, role-based access controls, and regular security audits. We are pursuing SOC 2 Type II certification. For a detailed description of our security practices, see our Security page.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using commercially reasonable means.

9. Cookies

CashFlowSmart uses a single session cookie to maintain your authenticated session. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not use cookies for cross-site tracking.

10. Children's Privacy

CashFlowSmart is a business financial tool intended for adults operating general contracting businesses. We do not knowingly collect personal information from individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to your registered address at least 14 days before taking effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, data access requests, or deletion requests:

• Email: privacy@cashflowsmart.io
• Mail: Green Banana Enterprise, Indianapolis, IN