Privacy Policy

Last Updated: October 20, 2025

1. Introduction

This Privacy Policy explains how CapitalSnapshot ("we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you use our financial modeling platform and services (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Controller

For the purposes of GDPR, the data controller is:

CapitalSnapshot
Email: [email protected]
Legal inquiries: [email protected]

3. Information We Collect

3.1 Personal Information You Provide

When you register for and use the Service, we collect:

• Account Information: Name, email address, username, password
• Profile Information: Company name, job title, business information
• Payment Information: Billing address, payment method details (processed securely through our payment processor)
• Communication Data: Information you provide when contacting support or communicating with us

3.2 Business and Financial Data

To provide our financial modeling services, you may input:

• Financial projections and scenarios
• Business metrics and KPIs
• Revenue and expense data
• Company descriptions and business plans
• Fundraising information

3.3 Automatically Collected Information

When you use the Service, we automatically collect:

• Usage Data: Features used, pages visited, time spent, interactions with the Service
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, error logs, performance data
• Cookies and Tracking: As described in our Cookie Policy below

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Provision

• Creating and managing your account
• Providing access to financial modeling tools
• Generating financial statements and reports
• Processing your business data and scenarios
• Enabling export and download functionality

4.2 Service Improvement

• Analyzing usage patterns to improve features
• Developing new tools and functionality
• Troubleshooting technical issues
• Conducting research and analytics

4.3 Communication

• Sending service updates and notifications
• Responding to your inquiries and support requests
• Providing important account information
• Sending marketing communications (with your consent)

4.4 Legal and Security

• Complying with legal obligations
• Protecting against fraud and abuse
• Enforcing our Terms of Service
• Ensuring platform security

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you've requested
• Legitimate Interests: Improving our Service, security, and business operations
• Consent: Marketing communications and optional features (you may withdraw consent at any time)
• Legal Obligation: Compliance with applicable laws and regulations

6. Data Sharing and Disclosure

6.1 Service Providers

We may share your data with trusted third-party service providers who assist us in operating the Service:

• Cloud hosting providers (data storage and processing)
• Payment processors (secure payment handling)
• Email service providers (communications)
• Analytics providers (usage analysis)

These providers are contractually obligated to protect your data and use it only for the specified purposes.

6.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6.4 No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Privacy Shield certification (where applicable)

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and monitoring
• Employee training on data protection
• Incident response procedures

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained while your account is active and for a reasonable period after account closure
• Financial Data: Retained as long as necessary to provide services and comply with legal obligations
• Communication Records: Retained for customer service and legal compliance purposes

You may request deletion of your data at any time, subject to legal retention requirements.

10. Your Rights Under GDPR

As an EU data subject, you have the following rights:

10.1 Right to Access

You have the right to request a copy of your personal data we hold.

10.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure

You can request deletion of your personal data in certain circumstances.

10.4 Right to Restrict Processing

You can request that we limit how we use your personal data.

10.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

10.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

10.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

To exercise your rights, contact us at: [email protected]

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information.

11.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used to deliver relevant advertisements (with your consent)

11.2 Managing Cookies

You can control and manage cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.

12. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

13. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Data Protection Officer: [email protected]
• Support: [email protected]

16. Supervisory Authority

If you are located in the EEA and have concerns about our data practices that we have not addressed, you have the right to lodge a complaint with your local data protection supervisory authority.

---