Futureproof
Legal

Privacy Policy

Last Updated: October 1, 2025

Futureproof Ops, Inc. (“Futureproof,” “we,” “us,” or “our”) operates the Futureproof platform. This Privacy Policy explains how we collect, use, share, and protect your information when you use our services.

Contact: privacy@runfutureproof.com | 644 Holly Springs Rd, STE 80, Holly Springs, NC 27540, USA

1. Information We Collect

Information You Provide

Account Information:

  • Name, email address, company name
  • Password and authentication credentials
  • Billing information (credit card details, billing address)
  • Phone number (if provided)

Financial Data:

  • Transaction data from connected bank accounts and credit cards
  • Manually entered transactions and adjustments
  • Transaction categorizations and notes
  • Financial forecasts and projections
  • Cap table information and equity data
  • Documents uploaded to the data room
  • Budget data and departmental allocations

Communications:

  • Messages sent to our support team
  • Feedback and survey responses
  • Information provided when participating in beta programs

Information We Collect Automatically

Usage Information:

  • Pages visited, features used, and time spent on the Services
  • Device information (type, operating system, browser)
  • IP address and general location (city/state level)
  • Login times and access patterns

Cookies and Similar Technologies: We use cookies, pixels, and similar technologies to collect usage data and improve the Services. See Section 8 for details.

Information from Third Parties

Bank Connection Services: When you connect bank accounts through Plaid, we receive transaction data, account balances, and account details from your financial institutions.

CRM and HRIS Integrations: If you connect CRM or HRIS systems through the Services, we may receive:

  • Contact and customer data from CRM systems (e.g., Salesforce, HubSpot)
  • Employee and payroll data from HRIS systems (e.g., BambooHR, Gusto)
  • Sales pipeline and revenue data
  • Headcount and compensation data
  • Related metadata and usage information

These integrations are facilitated through Unified.to, our API integration partner. The data we access depends on the permissions you grant and the integrations you enable.

Other Sources: We may receive information from service providers who help us operate the Services (e.g., payment processors, analytics providers).

2. How We Use Your Information

Provide the Services:

  • Process and categorize transactions
  • Generate financial forecasts and reports
  • Manage cap table and equity information
  • Facilitate data room document sharing
  • Sync data from connected bank accounts, CRM, and HRIS systems
  • Enhance forecasting with sales pipeline and hiring plan data
  • Provide customer support

Improve the Services:

  • Train and improve AI models (see Section 3)
  • Develop new features and enhance existing ones
  • Analyze usage patterns to improve user experience
  • Conduct internal research and analytics

Communicate with You:

  • Send account-related notifications and updates
  • Respond to your inquiries and requests
  • Send service announcements and feature updates
  • Request feedback or participation in research

Business Operations:

  • Process payments and prevent fraud
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect our rights and the security of our Services

Marketing (with your consent):

  • Send promotional emails about new features
  • Share relevant content and resources

You can opt-out of marketing communications by clicking “unsubscribe” in any email or contacting privacy@runfutureproof.com.

3. AI Training and Product Improvement

During Your Active Subscription

We use your financial data (in de-identified, anonymized, and aggregated form) to train our AI models and improve the Services for all users.

What This Means:

  • When you categorize transactions, confirm forecasts, or make corrections, our AI learns from these patterns
  • This helps make categorization and forecasting more accurate for everyone
  • Your specific financial details and identifying information are never shared with other customers

Example: When you categorize a “Stripe” transaction as “Payment Processing,” our AI learns this pattern to suggest the same for other SaaS companies. We never share your actual amounts, company name, or other identifying details.

After You Cancel Your Subscription

When you cancel, you have 30 days to export your data. After that:

What We Retain:

  • De-identified, anonymized transaction patterns to continue improving AI models
  • Aggregated usage data combined with hundreds of other customers

What We Delete Immediately:

  • Data room documents
  • Cap table details
  • Access credentials

What “Anonymized” Means:

  • All personally identifiable information removed (company name, specific vendor names you added, account numbers)
  • Data aggregated with data from many other customers
  • Cannot reasonably be used to re-identify you or your company

Your Options:

  1. Opt-Out of AI Training: Email privacy@runfutureproof.com with subject “Opt-Out of AI Training” to exclude your data from future AI model training
  2. Request Complete Deletion: Email privacy@runfutureproof.com with subject “Data Deletion Request” to have your data deleted (typically within 90 days, except data required by law)

Automatic Deletion Timeline:

  • After approximately 1 year: Identifiable data deleted (only anonymized patterns remain)
  • After approximately 7 years: All data deleted except as required by law

Actual deletion timing may vary based on system processes and backup retention schedules.

For complete details, see Section 10.

4. How We Share Information

We never sell your personal information.

We share information only in the following circumstances:

Service Providers

We share data with third-party companies that help us operate the Services:

  • Plaid Technologies, Inc. — Bank connection services for importing transaction data
  • Unified.to — API integration platform for connecting CRM and HRIS systems (e.g., Salesforce, HubSpot, BambooHR, Gusto)
  • Cloud hosting providers — Data storage and infrastructure
  • Payment processors — Subscription billing (we don't store your full credit card number)
  • Email providers — Account communications and support
  • Analytics providers — Usage analytics and product improvement

These providers are contractually required to protect your data and use it only for the purposes we specify.

Your Direction

Data Room: When you share documents through the data room, they're accessible to the investors, advisors, or other recipients you designate. We don't monitor or review shared content.

Third-Party Users: When you grant access to accountants, bookkeepers, or other professionals, they can view and use your data according to the permissions you set.

Connected Systems: When you connect CRM or HRIS systems, we access data from those systems according to the permissions you grant. Your use of those systems is governed by their respective privacy policies.

Business Transfers

If Futureproof is involved in a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

Legal Requirements

We may disclose information to:

  • Comply with legal obligations (subpoenas, court orders)
  • Protect our rights, property, and safety
  • Prevent fraud or security threats
  • Enforce our Terms of Service

With Your Consent

We may share information in other contexts with your explicit consent.

5. Bank Connections and Financial Data

How Bank Connections Work

The Services allow you to connect bank accounts and credit cards through third-party financial data aggregation services (primarily Plaid Technologies, Inc.).

When you connect an account:

  • You authorize us and our service providers to access your transaction data
  • We receive transaction details, account balances, and account information
  • We do not store your banking login credentials—these are handled securely by third-party providers
  • The connection is governed by both our Privacy Policy and the third-party provider's privacy policy

Third-Party Privacy Policies:

Please review the privacy policies of Plaid and Unified.to to understand how your credentials and data are handled.

When You Disconnect a Bank Account

What Stops:

  • Automatic import of new transactions from that account
  • Access to the account through the third-party service

What Remains:

  • Historical transaction data previously imported
  • Your categorizations and modifications
  • Financial records and reports that include data from that account

Why We Retain Historical Data:

  • Accurate bookkeeping requires complete historical records
  • Tax reporting may require prior period transaction data
  • Financial statements need historical comparisons
  • Legal and regulatory requirements may mandate retention

Deleting Historical Bank Data

To delete historical transaction data from a disconnected account, email privacy@runfutureproof.com with a deletion request. We will inform you of the implications—including gaps in financial records and potential tax compliance issues—before processing.

Important: Deletion is permanent and cannot be undone.

6. Data Room and Document Sharing

How the Data Room Works

The data room feature allows you to securely share pitch decks, financial statements, and other documents with investors, advisors, and stakeholders.

You Control Access:

  • You decide what to share and with whom
  • You set permissions for each recipient
  • You can revoke access at any time

Our Role:

  • We provide the technical infrastructure and security
  • We don't monitor, review, or access shared documents
  • We may provide analytics on document views and engagement

When You Delete or Revoke Access:

  • Documents are removed from our platform
  • Recipients who previously downloaded documents may still have copies
  • We are not responsible for how recipients use or retain documents they've accessed

7. Third-Party Access

You may grant access to your Account to accountants, bookkeepers, tax preparers, or other financial professionals.

When you grant access:

  • Third-Party Users can view and use data according to the permissions you set
  • They must comply with our Terms of Service
  • You are responsible for managing their access and permissions

We don't:

  • Have direct relationships with Third-Party Users
  • Verify their credentials or qualifications
  • Monitor their use of your data

You should:

  • Only grant access to trusted professionals
  • Revoke access when no longer needed
  • Review permissions regularly

8. Cookies and Tracking Technologies

We use cookies, pixels, web beacons, and similar technologies to:

  • Remember your preferences and settings
  • Understand how you use our Services
  • Improve performance and user experience
  • Provide security features
  • Analyze usage patterns

Types of Cookies We Use:

  • Essential Cookies: Required for the Services to function (e.g., authentication, security).
  • Analytics Cookies: Help us understand how you interact with our Services (e.g., Google Analytics).
  • Preference Cookies: Remember your settings and choices.

Your Choices:

Browser Settings: Most browsers allow you to control cookies through settings. Note that blocking essential cookies may prevent use of some features.

Opt-Out Tools:

Do Not Track: We don't currently respond to “Do Not Track” browser signals, but you can use the opt-out tools above.

9. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest.
  • Access Controls: Limited employee access based on role and need.
  • Authentication: Secure login with optional two-factor authentication.
  • Monitoring: Regular security audits and vulnerability assessments.
  • Secure Infrastructure: Data hosted in SOC 2 compliant data centers.

However, no system is completely secure. We cannot guarantee absolute security and are not liable for unauthorized access or security incidents beyond our reasonable control.

Your Responsibility:

  • Use strong, unique passwords
  • Enable two-factor authentication when available
  • Keep login credentials confidential
  • Notify us immediately of suspected security incidents

10. Data Retention and Deletion

During Active Use

We retain your data for as long as your Account is active and as necessary to provide the Services.

After Disconnecting Bank Accounts

When you disconnect a bank account, we retain historical transaction data as part of your bookkeeping records unless you request deletion.

After Disconnecting CRM or HRIS Systems

When you disconnect CRM or HRIS integrations, we stop importing new data but retain historical data previously imported for forecasting and reporting purposes unless you request deletion.

After Account Cancellation

First 30 Days:

  • You can log in and export your data (CSV, Excel, PDF)
  • Full access to all features for data retrieval

Immediately Upon Cancellation:

  • Data room documents deleted
  • Cap table details deleted
  • Access credentials deleted

After 30 Days:

  • You lose access to your data through our platform
  • De-identified, anonymized transaction patterns retained for AI training (unless you opt-out)
  • Specific financial details and identifying information not retained

After Approximately 1 Year:

  • Identifiable transaction data deleted
  • Only anonymized, aggregated patterns remain (if you haven't opted out)

After Approximately 7 Years:

  • All remaining data deleted except as required by law

Note on Timing: Actual deletion timing may vary based on system processes, backup rotation schedules, and technical constraints. Data in disaster recovery backups is typically deleted within 180 days but may persist longer due to backup retention schedules.

Legal and Regulatory Retention

We may retain certain data longer as required by:

  • Tax laws and regulations (typically 3–7 years for financial records)
  • Anti-money laundering and fraud prevention laws
  • Legal process (subpoenas, court orders, pending litigation)
  • Legitimate business interests (enforcing our Terms, protecting our rights)

Beta Features

Data created using Beta Features may be lost, corrupted, or deleted if features are modified or discontinued. You are responsible for backing up important data from Beta Features.

Our Commitment

While we strive to meet the timelines outlined above, actual deletion may vary based on technical and operational constraints, backup procedures, and system architecture. We will always comply with applicable legal retention requirements and data protection regulations.

11. Your Privacy Rights

Depending on your location, you may have the following rights:

Access and Portability:

  • Request a copy of your personal data
  • Export financial data in common formats (available directly in the Services)

Correction:

  • Request correction of inaccurate data
  • Update account information directly in settings

Deletion:

  • Request deletion of your data (subject to legal retention requirements)
  • See Section 10 for deletion timelines and processes

Restriction and Objection:

  • Object to certain data processing activities
  • Restrict how we process your data in certain circumstances

Opt-Out of AI Training:

  • After cancellation, opt-out of having anonymized data used for AI training
  • Email privacy@runfutureproof.com with subject “Opt-Out of AI Training”

Withdraw Consent:

  • Withdraw consent for marketing communications or other optional data uses

How to Exercise Your Rights

Email privacy@runfutureproof.com with your request. Include:

  • Your name and Account email
  • The specific right you're exercising
  • Any relevant details

We will typically respond within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests. Response times may vary based on the complexity of the request and volume of requests received.

California Residents (CCPA)

Under the California Consumer Privacy Act, you have additional rights:

  • Right to Know: What personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We don't “sell” personal information for monetary consideration, but you can opt-out of AI training after cancellation
  • Right to Non-Discrimination: We won't discriminate against you for exercising your privacy rights

European Residents (GDPR)

If you are in the European Economic Area, UK, or Switzerland, you have additional rights under GDPR:

  • Legal Basis: We process your data based on contract performance, legitimate interests, legal obligations, or consent
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority
  • Data Protection Officer: Contact privacy@runfutureproof.com for data protection inquiries

12. International Data Transfers

Futureproof is based in the United States. If you are located outside the U.S., your information will be transferred to and processed in the United States.

Data Protection: We take appropriate safeguards to protect your information when transferred internationally, including:

  • Standard Contractual Clauses (SCCs) where applicable
  • Ensuring service providers maintain adequate data protection
  • Compliance with applicable data transfer regulations

By using our Services, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

13. Children's Privacy

Our Services are not intended for individuals under 18 years old. We do not knowingly collect personal information from minors under 18.

If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly. If you believe we have collected information from a minor, please contact privacy@runfutureproof.com.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

When We Make Changes:

  • We will update the “Last Updated” date at the top
  • For material changes, we will make reasonable efforts to notify you by email or prominent notice on the Services
  • Changes become effective when posted unless otherwise specified

Your Continued Use: Your continued use of the Services after changes become effective means you accept the updated Privacy Policy.

Review Regularly: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us:

Futureproof Ops, Inc.
644 Holly Springs Rd, STE 80
Holly Springs, NC 27540, USA

Email: privacy@runfutureproof.com