Privacy Policy

FINHUB PORTAL — PRIVACY POLICY © 2024-2025 Pacific Financial Hub LLC. All Rights Reserved. Patent Pending — US Patent Application: Multi-Specialist Financial Advisory System FinHub Portal™ is a trademark of Pacific Financial Hub LLC Prepared by: Victoria Harrington, Esq. & Jane Chen, CPA/CFO CONFIDENTIAL DRAFT — FOR REVIEW ONLY ====================================================================== **Pacific Financial Hub LLC FinHub Portal Privacy Policy** **1. INTRODUCTION & SCOPE** This Privacy Policy ("Policy") applies to the FinHub Portal operated by Pacific Financial Hub LLC ("we," "us," or "our"), a Texas-based company with its principal place of business at [insert address]. This Policy governs how we collect, use, and disclose your personal data, including sensitive financial information. By accessing or using our services, you agree to the terms of this Policy. If you do not agree, please discontinue use of our services. **Copyright Notice** © 2024-2025 Pacific Financial Hub LLC. All Rights Reserved. This document is protected by U.S. and international copyright laws. Unauthorized reproduction or distribution is prohibited. **Patent Pending Notice** The FinHub Portal incorporates proprietary technologies that are the subject of pending patent applications. **Scope** This Policy applies to all users of our services, including individuals who access our website, mobile application, or other digital platforms (collectively, "Users"). It also applies to any third-party service providers we engage to process your data on our behalf. **Effective Date and Version Control** The most recent version of this Policy is dated [insert date]. We reserve the right to update this Policy at any time. If we make material changes, we will provide you with a minimum 30-day advance notice. **2. INFORMATION WE COLLECT** We collect various types of personal data from our Users, including: * **Personal Identifiers**: Your name, email address, phone number, physical address, and Social Security Number (last four digits). * **Financial Information**: Income, credit history, business financials, bank account information, and other sensitive financial data. * **Professional Information**: Business name, Employer Identification Number (EIN), licenses, and professional certifications. * **AI Interaction Data**: Conversations with our specialist advisory team members, including text messages, emails, and support tickets. * **Document Data**: All uploaded files and generated documents, such as invoices, receipts, and financial reports. * **Technical Data**: IP address, browser type, device information, cookies, session data, and other technical details used to provide our services. * **Communication Data**: Messages, emails, support tickets, and other forms of communication with our team. * **Behavioral Data**: Clickstream data, page views, feature usage, and other metrics that help us understand how you use our services. * **Third-Party Data**: Information shared by third-party service providers we integrate with, such as QuickBooks or Zoho. **3. HOW WE COLLECT DATA** We collect data in various ways: * **Direct Collection from Users**: We obtain data directly from you when you create an account, upload documents, or interact with our specialist advisory team members. * **Automatic Collection**: Cookies, tracking pixels, and server logs help us collect technical and behavioral data without explicit consent. * **Third-Party Integrations**: When you grant access to third-party services like QuickBooks or Zoho, we may receive associated data. * **Referral Sources**: We track the source of new users who sign up through our referral program. **4. HOW WE USE YOUR DATA** We use your data in various ways: * **Service Delivery and Improvement**: We process your data to provide you with personalized services, improve user experience, and enhance our platform. * **AI Training and Improvement**: With your consent, we may use your conversations and documents to train our advanced advisory systems. You have the right to opt-out of this practice. * **Security and Fraud Prevention**: We analyze data to detect potential security threats or fraudulent activities and take measures to prevent them. * **Legal Compliance and Regulatory Requirements**: We collect and process data as necessary to comply with laws, regulations, and industry standards. * **Marketing Communications**: With your consent, we may use your contact information for marketing purposes. You have the right to opt-out of these communications. * **Analytics and Business Intelligence**: We analyze data to understand usage patterns, improve our services, and identify business opportunities. **5. AI DATA PROCESSING — SPECIAL SECTION** Our intelligent assistant systems process conversations and documents using advanced algorithms and intelligent processing techniques: * **Local internal processing system Processing**: All data stays within our infrastructure, ensuring that we do not send any sensitive information to third-party AI APIs without your consent. * **AI Conversation Retention and Deletion Policies**: We retain advisory session records for up to two years or upon your request. After this period, we delete all related data. * **How AI Models are Trained**: Our models are trained on aggregate, anonymized data to prevent any potential biases. **6. DATA SHARING & DISCLOSURE** We share your data in the following ways: * **Service Providers**: We engage third-party service providers (like hosting, email, or analytics services) with Data Protection Agreements (DPAs) that ensure they handle your data responsibly. * **Legal Requirements**: We may disclose your data when required by law enforcement agencies, courts, or regulatory bodies to comply with legal obligations. * **Business Transfers**: In the event of a merger or acquisition, we will provide you with notice and offer you an opportunity to opt-out of any related data transfer. * **With User Consent Only for Other Sharing**: We may share your data with other third parties when you explicitly consent to this practice. **7. FINANCIAL DATA SPECIAL PROTECTIONS** We adhere to the Gramm-Leach-Bliley Act (GLBA) and its associated regulations, including: * **Financial Data Encryption Standards**: We encrypt financial information using industry-standard encryption protocols. * **Access Controls for Financial Information**: Only authorized personnel with a legitimate business need-to-know may access your sensitive financial data. * **Retention Limits for Sensitive Financial Data**: We retain sensitive financial records for seven years, as required by the IRS. **8. DATA RETENTION** We retain data in accordance with our business needs and regulatory requirements: * **Account Data**: We maintain account records for the duration of your relationship plus an additional seven years. * **Financial Records**: Sensitive financial records are retained for seven years to comply with tax laws. * **AI Conversations**: advisory session records are retained for up to two years or upon your request. * **Security Logs**: Security logs are maintained for one year as part of our security monitoring and incident response practices. **Deletion Procedures and Timelines** We will delete data in accordance with the following procedures: * Upon request, we will delete account data within 30 days. * We will retain financial records for seven years before deleting them. * advisory session records will be deleted after two years or upon your request. **9. DATA SECURITY** We implement robust security measures to protect your data: * **Encryption at Rest**: Financial information is encrypted using AES-256 encryption standards. * **Encryption in Transit**: We use TLS 1.3 for secure communication between our servers and clients. * **Access Controls and Authentication Requirements**: Only authorized personnel with a legitimate business need-to-know may access your data. * **Regular Security Audits and Penetration Testing**: We conduct regular security audits to identify vulnerabilities and strengthen our defenses. * **Employee Training and Background Checks**: Our employees undergo comprehensive training on data protection and undergo background checks. **Incident Response Procedures** In the event of a data breach, we will: * Detect and respond within 72 hours * Notify you within 72 hours after confirming a breach * Comply with regulatory notification requirements * Implement remediation steps to mitigate any potential harm **10. DATA BREACH NOTIFICATION** We will notify you in the event of a data breach: * **Detection and Response Timeline**: We aim to detect breaches promptly, respond within 72 hours, and provide updates on our investigation. * **User Notification**: We will inform you about a confirmed breach via email or other preferred communication methods. * **Regulatory Notification Requirements**: We will comply with applicable regulations regarding data breach notification. **11. YOUR PRIVACY RIGHTS** You have various rights regarding your data: * **Right to Access Your Data**: You may request access to your data within 30 days of submission. * **Right to Correct Inaccurate Data**: If you identify any errors, please notify us so we can correct the information promptly. * **Right to Delete**: Upon request, we will delete account data or advisory session records. * **Right to Data Portability**: You have the right to obtain your data in machine-readable format upon request. * **Right to Opt-Out of Marketing**: If you do not wish to receive marketing communications from us, please indicate this preference when creating an account. **12. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)** We comply with the California Consumer Privacy Act (CCPA) and its associated amendments: * **Categories of Personal Information Collected**: We collect various types of personal data as outlined in Section 2. * **Right to Know, Delete, Opt-Out, Non-Discrimination**: You have these rights under CCPA, including the right to opt-out of sales and non-discriminatory practices. * **Shine the Light Law**: You can request information about third-party sharing within the past 12 months. * **Do Not Track Signals**: We do not honor Do Not Track signals. **13. COOKIES & TRACKING TECHNOLOGIES** We use various types of cookies: * **Essential Cookies**: Required for core functionality, such as logging in or processing transactions. * **Functional Cookies**: Enhance user experience by remembering preferences, login information, and other settings. * **Analytics Cookies**: Help us understand how you use our services by tracking your behavior. **Cookie Consent and Opt-Out Options** We will inform you about the types of cookies used on our platform: * **Cookie Consent**: You may opt-out of non-essential cookies via a cookie consent banner. * **Opt-Out Instructions**: If you choose to disable cookies, please consult our help center for instructions. **14. CHILDREN'S PRIVACY (COPPA)** We comply with the Children's Online Privacy Protection Act (COPPA): * **No Collection from Under 13**: We do not collect personal data from individuals under the age of 13. * **Parental Consent Requirements for 13-18**: If you are between 13 and 18 years old, we require parental consent to collect your data. **15. INTERNATIONAL DATA TRANSFERS** We transfer data within our US-based servers and processing infrastructure: * **US-Based Servers and Processing**: We do not transfer sensitive data across borders. * **Cross-Border Transfer Protections**: If necessary, we will implement additional safeguards for cross-border data transfers as required by regulations. **16. THIRD-PARTY LINKS & INTEGRATIONS** We link to third-party services or integrate their APIs with our platform: * **QuickBooks, Zoho, Stripe Data Handling**: When you interact with these integrations, they may collect and process your data independently. * **Not Responsible for Third-Party Privacy Practices**: We are not responsible for the privacy practices of third-party services linked to or integrated within our platform. **17. CHANGES TO THIS POLICY** We will provide advance notice before making material changes: * **30-Day Advance Notice**: We will notify you about any changes that significantly impact your rights or data handling. * **Email Notification**: If a change affects you directly, we may send an email notification with details on the updated policy. **18. CONTACT INFORMATION & DATA REQUESTS** You can contact us regarding data requests: * **Privacy Officer Contact**: Please direct all inquiries to our Privacy Officer at [insert email or phone number]. * **Response Timeframes**: We will respond within 30 days of receiving your request. * **Complaint Escalation Process**: If you are not satisfied with our response, please follow the escalation process outlined in our help center. This comprehensive Privacy Policy is designed to protect your rights and ensure that we handle your data responsibly.