FRACFAI Fractional Finance. Predictive Clarity.
Privacy Questions
Privacy • Confidentiality • Compliance

Ethical data handling is as important as forecast accuracy.

Fracfai is built for CPA firms, fractional CFOs, and finance teams who take client confidentiality seriously. Our goal is simple: use advanced analytics and AI without compromising privacy, professional ethics, or trust.

Our Privacy & Compliance Principles

We design Fracfai around a small set of simple but strict ideas. These principles guide product decisions, technical architecture, and how we work with firms and their clients.

1. Client Confidentiality First

Financial data is among the most sensitive information a business has. We treat it with the same level of care CPAs and CFOs expect from themselves.

2. Minimal Necessary Data

We only collect and process the data needed to provide forecasting and analysis — nothing more, and not for longer than necessary.

3. No Hidden Use of Client Data

We do not use client financial data to train public models, sell to third parties, or repurpose for unrelated product features.

4. Transparency & Control

Firms should always know where their data is, how it is used, and how to remove it. Our goal is to make that clear, simple, and documented.

How We Handle Your Data

Fracfai is being built with a “privacy by design” mindset. The steps below describe how we intend to handle production data when the platform is in active use. As we evolve, we will keep this page up to date and provide more formal policy documents as needed.

1. Data Ingestion

  • We ingest financial data from approved sources (e.g., accounting systems, CSV exports, or firm-provided files).
  • We encourage firms to avoid sending unnecessary PII wherever possible (e.g., bank account numbers, SSNs).
  • When direct identifiers are not needed for forecasting, they are removed or masked as part of preprocessing.

2. Preprocessing & Local Tools

  • Where possible, extraction and initial cleanup from PDFs or source files can be done locally or in firm-controlled environments.
  • Our goal is to avoid uploading raw bank statements or highly sensitive documents to generic AI endpoints.
  • We focus on structured data (transactions, GL lines, summarized metrics) for forecasting rather than full document images.

3. Use of AI & Models

  • Client data is used to generate forecasts, variance analysis, and advisory-ready summaries for that client only.
  • We do not use client financial data to re-train publicly accessible models.
  • For any AI-assisted analysis, we aim to work within infrastructure where data is not retained beyond what is necessary to serve the firm.

4. Synthetic Data for Demos & R&D

  • Demo environments and internal testing use synthetic accounting data, not real client books.
  • We maintain an open-source synthetic data generator so firms can verify that our demonstration data is fully artificial.
  • Real client data is not repurposed for marketing, sample screenshots, or public presentations.

Storage, Security & Retention

The following describes our intended approach to security and retention as the platform matures. Specific technologies (e.g., cloud provider, region, encryption standards) will be documented in more technical materials for firms that need them.

Secure Storage

  • Data at rest is stored in secure, access-controlled environments with encryption enabled.
  • We separate production data from development and testing data.
  • Keys and credentials are managed using industry-standard secret management, not hard-coded in code or scripts.

Data in Transit

  • Data in transit is protected using HTTPS/TLS.
  • We avoid transmitting sensitive files over unsecured channels (e.g., plain email) whenever we can.
  • We encourage firms to use secure portals or encrypted channels to share client data.

Retention & Deletion

  • We aim to retain client data only as long as needed to provide agreed-upon services.
  • Firms can request data deletion or anonymization, subject to any legal or regulatory requirements.
  • Backups will respect the same retention policies, with documented timelines for purge where applicable.

Access, Third Parties & Shared Responsibilities

Privacy and compliance are shared responsibilities. We commit to doing our part and being clear about where firms maintain control and oversight.

Access Control

  • Access to client data within Fracfai is limited to what is needed to support the platform and client firm.
  • We aim to implement role-based access controls (RBAC) as usage grows.
  • Administrative access is monitored and restricted to necessary personnel.

Third-Party Services

  • Where we rely on third-party infrastructure (e.g., cloud hosting), we select providers with strong security reputations.
  • We review their data handling commitments and aim to align them with our own standards.
  • We avoid sharing identifiable financial data with third parties except as necessary to operate the platform and as agreed with the firm.

Firm-Level Responsibilities

  • Firms remain responsible for their own professional obligations, including engagement letters, regulatory requirements, and client communication.
  • We encourage firms to avoid uploading unnecessary PII or documents not needed for forecasting.
  • We are happy to discuss and document custom data-handling expectations where required.

Incident Response

  • If we become aware of any unauthorized access or data incident, our intent is to notify affected firms promptly and cooperate fully.
  • We will document incidents, remediation steps, and future prevention measures.
  • As we grow, we plan to formalize our incident response and notification procedures in more detail.

What We Will Not Do With Your Data

Some boundaries are non-negotiable. To keep expectations clear, here are commitments we do not intend to cross.

  • We will not sell client financial data to third parties.
  • We will not use client financial data to train public, generalized AI models.
  • We will not use live client books in demo screenshots or marketing materials.
  • We will not quietly expand the scope of data use without updating documentation and obtaining appropriate agreements.
  • We will not knowingly work with infrastructure providers who lack basic security standards.
  • We will not ignore privacy concerns raised by firms or their clients.

Note: This page is a high-level description of our intended practices and may evolve as the product matures and as regulatory expectations change. For firms with specific compliance requirements, we are open to more formal agreements and documentation.

Questions About Privacy or Compliance?

If you are a CPA, FCFO, or finance leader and would like to understand our data handling in more detail, or if your firm has specific requirements (e.g., SOC, ISO, or regulatory standards), please reach out. We prefer direct, honest conversations about risk, obligations, and expectations.

Email: Privacy & Compliance Call: 480-670-7576

Living Document

This page is intended as a clear, non-legal summary of how we think about privacy and data handling. As Fracfai evolves, we will refine and expand these commitments and provide more formal policy documents where needed.