Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Full name and email address
• Organization/company name
• Authentication credentials (passwords are hashed and never stored in plaintext)
• Profile information and team role

1.2 Financial and Portfolio Data

To provide portfolio management services, we process data you enter or import, including:

• Merchant information (names, business details, EINs, contact information)
• MCA deal terms (funding amounts, factor rates, payback amounts, payment frequencies)
• Transaction and payment records (ACH payments, NSFs, returns, balances)
• Bank account data retrieved through third-party providers (e.g., Plaid), including account numbers, routing numbers, balances, and transaction histories
• Underwriting documents and supporting materials you upload
• ISO and broker relationship information

1.3 Usage Data

We automatically collect information about how you interact with the Service, including:

• IP address and browser type
• Device information and operating system
• Pages viewed, features used, and actions taken
• Timestamps and session duration
• Referring URLs

1.4 Cookies

We use cookies and similar technologies for authentication, session management, and preference storage. We use:

• Essential cookies for authentication and session management
• Preference cookies to remember your settings and display preferences
• Analytics cookies to understand how the Service is used and improve performance

2. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service, including portfolio tracking, transaction reconciliation, and reporting
• Process and display your MCA portfolio data, merchant information, and payment records
• Generate risk scores, payment projections, and portfolio analytics
• Facilitate ACH payment processing and bank account connections through third-party providers
• Send alerts and notifications (e.g., NSF alerts, payment status updates, risk changes)
• Provide customer support
• Improve and optimize the Service based on usage patterns
• Comply with legal obligations and enforce our Terms of Service

3. How We Share Your Information

We do not sell your personal information or portfolio data. We may share information only in the following circumstances:

3.1 Service Providers

We share data with third-party service providers who assist in operating the Service, including:

• Supabase — Database hosting and authentication
• Plaid — Bank account connections and financial data retrieval
• ACH processors — Payment processing
• Vercel — Application hosting
• Resend — Transactional email delivery

These providers are contractually obligated to use your data only to perform services on our behalf and in accordance with this Privacy Policy.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in good faith belief that such action is necessary to:

• Comply with a legal obligation or court order;
• Protect and defend the rights or property of Abacus Labs Inc.;
• Prevent fraud or investigate potential violations of our Terms;
• Protect the personal safety of users or the public.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Row-level security (RLS) to ensure strict data isolation between organizations
• Regular security audits and monitoring
• Role-based access controls within your organization
• Secure authentication with optional MFA

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account termination, we retain data for up to 30 days to allow for data export requests, after which it may be permanently deleted.

We may retain certain data longer if required by law or necessary for legitimate business purposes such as resolving disputes or enforcing our agreements.

Usage data and anonymized analytics may be retained indefinitely to improve the Service.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Export: Request a portable copy of your data in a structured, machine-readable format
• Opt-out: Opt out of marketing communications at any time

To exercise these rights, contact us at support@abacuslabs.co. We will respond within 30 days.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• The right to know what personal information we collect and how it is used
• The right to delete personal information
• The right to opt out of the sale of personal information (we do not sell your data)
• The right to non-discrimination for exercising your privacy rights

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification prior to the change becoming effective. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at:

Abacus Labs Inc.
support@abacuslabs.co