Privacy Policy

Last updated: April 12, 2026

This policy is provided as a reasonable starting point for a financial-SaaS platform in Texas with international customers. It has not been reviewed by counsel. Consult a licensed attorney before publication.

1. Who we are

MA Finance Hub is operated by MA Intelligent Systems LLC ("we", "us", "our"), a Texas limited liability company based in Odessa, Texas. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the choices you have.

2. Information we collect

Account and profile data

Email, name, password (stored as a bcrypt hash), company name, role, preferences.

Customer Data

Financial records you upload or generate: invoices, expenses, bills, bank transactions, payroll entries, contacts, tax configurations, and reports.

Usage and technical data

IP address, browser and device identifiers, pages visited, features used, API endpoints accessed, error logs, and approximate geolocation derived from IP.

Payment data

Billing information for subscriptions is processed by Stripe. We do not store full credit-card numbers on our servers — only a Stripe customer identifier and the last four digits / brand as provided by Stripe for display.

3. How we use information

  • Operate, maintain, and secure the Service;
  • Authenticate users and enforce tenant isolation;
  • Provide customer support;
  • Process payments for subscriptions;
  • Send transactional emails (invitations, password resets, invoices, service notices);
  • Improve the Service — always on aggregated or anonymized data unless you have given consent;
  • Comply with legal obligations and respond to lawful requests.

4. Sub-processors we rely on

The following providers process personal data on our behalf:

  • Stripe — payment processing for subscriptions.
  • Plaid — bank-account linking and transaction retrieval, when the feature is used by a Tenant.
  • Sentry — error and performance monitoring (scrubbed of personal identifiers where feasible).
  • Cloudflare — TLS termination, DDoS protection, edge caching.
  • Zoho Mail (SMTP) — transactional email delivery.
  • Hosting provider — cloud infrastructure (current region: United States).

A current sub-processor list is available on request.

5. Data retention

  • Active account data is retained while your Tenant remains active.
  • On cancellation, data is retained for up to 90 days to allow for export and reactivation, then deleted from production systems.
  • Encrypted backups are retained for up to 30 days (remote) and 7 days (local). Once a backup expires, it is purged.
  • Audit logs and security-relevant records may be retained for up to 2 years for fraud and incident-response purposes.

6. Your rights

Depending on where you reside, you may have the right to access, correct, delete, or export your personal data, restrict or object to processing, withdraw consent, and lodge a complaint with a supervisory authority.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

7. Security

  • TLS 1.2+ in transit (enforced at the Cloudflare edge).
  • Row-level security in the database, per-tenant isolation.
  • Password hashes with bcrypt; MFA secrets encrypted at rest with AES-256-GCM.
  • Role-based access with mandatory MFA for privileged roles in production.
  • Audit logging of financial mutations.
  • Daily encrypted backups with offsite retention.

No method of transmission or storage is fully secure. If a breach affecting your personal data occurs, we will notify you consistent with applicable law.

8. Cookies and similar technologies

We use first-party session cookies to keep you signed in. We do not use third-party advertising cookies. Analytics, where enabled, is self-hosted or aggregated only.

9. International transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the U.S. Where required (e.g., GDPR), we will enter into Standard Contractual Clauses before processing EEA/UK personal data.

10. Children

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy. Material changes will be announced by email to Tenant Owners at least 30 days before they take effect.

12. Contact

MA Intelligent Systems LLC
Odessa, Texas, USA
[email protected]

© 2026 MA Intelligent Systems LLC. All rights reserved.