Privacy Policy

1. Who we are

The Services are operated by Cashytics ("we", "us"). Publish contact details for your legal entity on this site before you onboard regulated customers.

2. Data roles

When you submit financial telemetry on behalf of your customers, you act as a data controller and we act as a processor for the limited purpose of executing the API request. Ephemeral analytics are designed so that payloads are not stored as a ledger of record after the response completes.

3. Categories of data

• Account metadata such as email addresses used for authentication.
• Workspace identifiers, API key fingerprints, and aggregated usage counters.
• Financial payloads submitted to the API for the duration required to generate a response.

4. Subprocessors

Depending on how Cashytics is deployed for you, subprocessors may include managed database, authentication, hosting, and transactional email vendors. Maintain an up-to-date subprocessor list for contracts and security reviews — your counsel should map this paragraph to the actual vendors in your production environment.

5. Retention

Authentication records persist according to your deployment configuration. API usage counters roll up monthly. Unless otherwise required by law, you may delete workspace data by revoking keys and using the administrative tools your deployment provides.

6. Security

API secrets are stored as one-way hashes. Transport uses TLS. Keep infrastructure credentials on the server side — never embed them in client applications.

7. Your rights

Depending on jurisdiction, individuals may have rights to access, rectify, delete, or port personal data. Because financial payloads should not contain direct identifiers, most requests will be fulfilled by the customer (you) as controller.