Privacy Policy

Last updated: February 15, 2026

CashLayer ("we," "us," or "our") provides AI-powered finance operations services for small and mid-sized businesses. This Privacy Policy describes how we collect, use, store, and protect information when you use our services, including data accessed through integrations with third-party accounting platforms such as QuickBooks Online, Xero, and others.

1. Information We Collect

When you use CashLayer, we may collect the following types of information:

• Account Information: Your name, email address, company name, and billing details provided during signup.
• Financial Data: Invoices, bills, transactions, chart of accounts, customer records, vendor records, and other accounting data accessed through your connected accounting platform (e.g., QuickBooks Online, Xero) via authorized OAuth connections.
• Usage Data: How you interact with our services, including feature usage, report views, and alert engagement.
• Communication Data: Emails, messages, and support requests you send to us.

2. How We Use Your Information

We use the information we collect to:

• Generate daily cash position reports, transaction classifications, cash forecasts, and close management workflows.
• Detect anomalies, flag overdue receivables, and provide concentration risk alerts.
• Process your financial data through AI models (e.g., OpenAI) to produce analysis and recommendations. Only aggregated and summarized data is sent to AI providers — raw transaction-level records are processed locally before AI analysis.
• Improve the accuracy and quality of our services over time.
• Communicate with you regarding your account, reports, and service updates.
• Comply with legal obligations.

3. How We Share Your Information

We do not sell, rent, or trade your personal or financial information. We may share limited data with:

• AI Processing Providers: Summarized (not raw) financial data is sent to AI language model providers (currently OpenAI) for analysis. These providers process data according to their own data handling policies and do not retain input data for model training when accessed via API.
• Cloud Infrastructure: Your data is stored on encrypted cloud infrastructure (currently AWS) with access restricted to authorized CashLayer personnel only.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.

We do not share your financial data with any other third parties, partners, advertisers, or data brokers.

4. Accounting Platform Integrations

CashLayer connects to your accounting platform (QuickBooks Online, Xero, etc.) using industry-standard OAuth 2.0 authorization. This means:

• We never see or store your accounting platform password.
• You grant specific, limited permissions (read access to invoices, bills, transactions, and reports).
• You can revoke CashLayer's access at any time from your accounting platform's settings.
• We access only the data necessary to provide our services.

For QuickBooks Online users: Our use and transfer of information received from Intuit APIs adheres to the Intuit Developer Terms of Service.

5. Data Security

We take the security of your financial data seriously and implement the following measures:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• OAuth 2.0 tokens are stored in encrypted credential stores, never in plaintext.
• Access to production systems is restricted to authorized personnel with multi-factor authentication.
• We conduct regular security reviews of our infrastructure and processes.

6. Data Retention

We retain your financial data only for as long as necessary to provide our services:

• Active accounts: Data is retained for the duration of your subscription and refreshed with each sync cycle.
• Cancelled accounts: Financial data is deleted within 30 days of account termination. Aggregated analytics (non-identifiable) may be retained for service improvement.
• You may request immediate deletion of your data at any time by contacting us.

7. Your Rights

You have the right to:

• Access: Request a copy of the data we hold about you and your business.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your data at any time.
• Revocation: Disconnect CashLayer from your accounting platform at any time, immediately stopping data access.
• Portability: Request your data in a standard machine-readable format.

8. Cookies and Tracking

Our website uses minimal, essential cookies for authentication and session management. We do not use third-party advertising trackers. We may use privacy-respecting analytics (such as Plausible or Fathom) to understand site usage in aggregate.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active clients of material changes via email. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your data rights, please contact us at:

CashLayer
Email: hello@cashlayer.ai
Website: cashlayer.ai