Aidfine Privacy Policy

This Privacy Policy explains how Aidfine LLC ("Aidfine," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal data in connection with the Aidfine websites, applications, workspaces, reconciliation tools, reporting tools, support channels, billing processes, and related business operations (collectively, the "Services"). This Policy is intended to provide transparent information to users, customer personnel, website visitors, and other individuals who interact with Aidfine in a business context.

Aidfine LLC is a Delaware limited liability company.

This Policy applies to individuals who visit our websites, create or use an Aidfine account, use the Services on behalf of a customer or prospective customer, receive workspace invitations, contact us for support or commercial inquiries, participate in billing or subscription workflows, or otherwise interact with Aidfine in a business or professional capacity.

This Policy does not replace a customer's own internal privacy notice, employee notice, or data governance obligations. Where Aidfine processes Customer Data on behalf of a business customer, that customer may have separate obligations to provide notice to the relevant individuals.

Aidfine processes different categories of personal data in different roles.

When a customer or its authorized users upload files, submit records, generate reports, or otherwise provide business content through the Services ("Customer Data"), Aidfine generally processes that Customer Data on the customer's behalf and under the customer's instructions. In that context, the customer typically acts as the relevant controller or business, and Aidfine typically acts as the processor or service provider.

By contrast, Aidfine generally acts as the controller or business for personal data related to account creation, login and authentication, billing and payment administration, security monitoring, fraud prevention, website operation, support communications, legal compliance, and direct business relationship management.

Aidfine can make a Data Processing Addendum available upon request where appropriate for the customer relationship.

For business customers acting as controllers, Aidfine provides a Data Processing Addendum governing Aidfine's processing of Customer Personal Data on their behalf.

Depending on how you interact with Aidfine, we may collect the following categories of personal data:

We collect personal data directly from users and other individuals when they create accounts, accept workspace invitations, log in, configure profile or workspace settings, upload files, enter or edit records, request reports, use support channels, submit bug reports, contact us through the website, engage in subscription or billing workflows, or otherwise communicate with Aidfine.

In a customer environment, users may also submit personal data about other individuals as part of Customer Data, for example in uploaded spreadsheets, transaction descriptions, references, reports, or internal finance workflow records.

When you access or use the Services, we and our service providers may automatically collect certain technical and usage information. This may include IP address, timestamps, request and response metadata, browser type, operating system, device characteristics, user-agent string, pages or features used, authentication events, error logs, and security-relevant event data.

Aidfine may use cookies and similar technologies to maintain session continuity, support authentication and refresh flows, remember language or theme preferences, preserve certain UI state, and support diagnostics and performance measurement.

Public-facing anti-abuse or security-verification features may also involve automated collection of technical or fraud-prevention signals.

We may receive personal data from third parties and other sources, including:

We may also receive updated business contact or relationship information from customers or counterparties during contract, support, renewal, or implementation activity.

Aidfine uses personal data for the following purposes, as applicable:

For individuals in the EEA, United Kingdom, or Switzerland, Aidfine generally relies on one or more of the following legal bases, depending on the context.

We process personal data where necessary to perform a contract or take steps requested before entering into a contract, including to create accounts, provide the Services, manage subscriptions, provide support, and process billing-related activity.

We process personal data where necessary to comply with legal obligations, including obligations relating to taxation, accounting, sanctions, dispute handling, legal process, and regulatory or law-enforcement requests.

We process personal data where necessary for our legitimate interests, provided those interests are not overridden by the rights and freedoms of the individual. These interests may include operating and improving the Services, maintaining security, preventing fraud and abuse, preserving system integrity, supporting customer relationships, documenting business operations, and defending legal claims.

Where required by law, we rely on consent, for example for certain optional communications or certain technologies. Where processing is based on consent, consent may be withdrawn at any time, although this does not affect the lawfulness of processing that occurred before withdrawal.

Aidfine may share personal data in the following circumstances:

Aidfine personnel and providers may access Customer Data on a need-to-know basis for support, troubleshooting, security, maintenance, legal compliance, or as otherwise authorized by the customer relationship.

Aidfine uses third-party providers to support the operation of the Services and related business functions. Depending on deployment and commercial setup, these providers may include infrastructure and hosting providers, object-storage providers, email delivery providers, anti-abuse or CAPTCHA providers, payment processors, customer communication tools, and operational support tools.

Where Aidfine processes Customer Data on behalf of a customer, these providers may act as subprocessors or service providers to Aidfine. Aidfine seeks to place appropriate confidentiality and data-protection obligations on such providers consistent with the role they perform.

Aidfine may make additional information about relevant subprocessors or provider categories available through contract documentation or upon request. A DPA is available upon request where appropriate.

Aidfine may use third-party payment and billing providers, including Stripe, to process subscription charges, manage hosted checkout pages, administer customer billing portals, issue invoices, process renewals, and support related payment workflows.

Payment card details are generally collected and processed by the payment provider, not directly by Aidfine's application interface. Aidfine may nevertheless receive and retain limited billing-related information such as customer and subscription identifiers, payment status, plan details, invoice references, billing history, payment-method brand, and last four digits, together with related records needed for accounting, support, fraud prevention, and contract administration.

Your use of a hosted checkout, billing portal, or payment page may also be subject to the relevant payment provider's privacy practices and terms.

Aidfine may offer technology-assisted, automated, or machine-supported features in connection with reconciliation, matching, classification, summarization, search, workflow assistance, or contextual support. Where such features are enabled, they may process text, metadata, questions, and other content submitted by users or contained in Customer Data to provide the requested functionality.

Aidfine may retain limited inputs, outputs, and operational metadata related to these features where reasonably necessary to operate the feature, troubleshoot issues, evaluate reliability, maintain security, and improve system performance.

Outputs produced by technology-assisted features may be probabilistic, incomplete, or incorrect and should be reviewed by appropriately authorized users. Aidfine's Services are intended to support business workflows and not to replace legal, tax, accounting, audit, or other professional judgment.

Aidfine uses personal data as reasonably necessary to measure system reliability, diagnose technical problems, investigate incidents, enforce service rules, and prevent abuse. This may include audit logs, job and queue metadata, authentication records, failed-login patterns, security-event records, request metadata, browser or device signals, and limited performance telemetry where configured.

Aidfine may also use anti-abuse and human-verification tools on certain public forms or high-risk interactions.

We may aggregate or de-identify operational data for analytics, capacity planning, benchmarking, service improvement, and business reporting where appropriate.

Aidfine is a U.S.-based company. Personal data may be processed in the United States and in other countries where Aidfine or its service providers operate. This may include processing for hosting, storage, support, communications, billing, fraud prevention, and security operations.

Where applicable data protection law requires transfer safeguards, Aidfine will take steps intended to provide an appropriate level of protection for transferred personal data, which may include contractual, technical, or organizational measures recognized under applicable law.

Aidfine retains personal data for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain business and security records, comply with legal obligations, resolve disputes, enforce agreements, and protect against fraud or misuse.

Account and relationship data are typically retained for the duration of the relevant relationship and for a reasonable period afterward for legitimate business, legal, security, and support purposes.

Customer Data is generally retained according to the customer relationship, applicable product settings, contractual commitments, operational practices, and legal requirements. Following termination or expiration, Aidfine may provide a limited post-termination retrieval or export period where applicable under the customer contract, after which Customer Data may be deleted, anonymized, or rendered inaccessible, subject to legal retention requirements, backup rotation, business continuity, security, and dispute-related needs.

Billing, payment, tax, audit, security, and compliance records may be retained longer where necessary under law or legitimate operational requirements.

Because retention periods can vary by data type and context, Aidfine may use retention criteria rather than a single universal deletion period.

Aidfine uses technical and organizational measures designed to protect personal data against unauthorized access, use, alteration, loss, or disclosure. Depending on context, these measures may include authentication controls, role-based permissions, session-management controls, logging, audit trails, anti-abuse protections, security-event monitoring, and vendor-managed security features.

However, no method of transmission, storage, or processing is completely secure, and Aidfine does not guarantee absolute security.

Individuals may have rights regarding their personal data under applicable law, depending on where they are located and the nature of Aidfine's role in relation to the data.

If Aidfine acts as the controller or business for your data, you may contact us to request access, correction, deletion, restriction, objection, portability, or other rights as applicable under law. We may need to verify your identity and may limit or deny requests where permitted by law.

If your personal data is contained in Customer Data that Aidfine processes on behalf of a business customer, the relevant customer is generally responsible for handling your request. In that case, you should direct your request to that customer first. Aidfine may assist the customer as required by law and contract.

You may also be able to update certain account information directly through your account settings or by contacting your workspace administrator.

If you are located in the EEA, UK, or Switzerland, and Aidfine acts as controller for your personal data, you may have the right to request access to your personal data, request correction of inaccurate data, request deletion in certain circumstances, request restriction of processing, object to certain processing, and request portability where applicable.

Where processing is based on legitimate interests, you may object to that processing based on your particular situation. Where processing is based on consent, you may withdraw consent at any time.

You may also have the right to lodge a complaint with your local data protection authority or supervisory authority.

Aidfine does not currently describe any use of personal data in this Policy as involving solely automated decision-making producing legal or similarly significant effects on individuals. If that changes, we will provide additional information as required by law.

To the extent California privacy law applies to Aidfine's processing of your personal information, California residents may have rights to request information about the categories and specific pieces of personal information collected about them, the categories of sources from which that information was collected, the purposes for which it is used, the categories of recipients to whom it is disclosed, correction of inaccurate information, deletion of certain information, and non-discrimination for exercising applicable rights, subject to verification and legal exceptions.

If Aidfine engages in processing that triggers additional California-specific notice or opt-out obligations, including obligations relating to certain "sale," "sharing," or sensitive-personal-information uses as defined under California law, Aidfine will provide the notices and mechanisms required by law.

Authorized agents may submit requests on behalf of California residents where permitted by law and subject to appropriate verification.

Aidfine's Services are intended for business and professional use only. Aidfine does not knowingly offer the Services to, or knowingly collect personal data directly from, anyone under eighteen (18) years of age. If we become aware that we have collected personal data directly from a person under 18 in a manner inconsistent with this Policy, we will take appropriate steps to delete it or otherwise address the issue as required by law.

The Services may contain links to third-party websites, hosted payment pages, portals, or integrations that are not controlled by Aidfine. This Privacy Policy does not apply to the privacy practices of those third parties. We encourage you to review the privacy policies and terms of any third-party services you access through or in connection with Aidfine.

Aidfine may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, operational practices, or business arrangements. When we do, we will post the updated version and revise the "Last Updated" date. Where required by law, we will provide additional notice or obtain consent.

If you have questions about this Privacy Policy, wish to exercise applicable privacy rights, or would like to request a DPA where appropriate, please contact: