Privacy Policy

Effective Date: January 1, 2025

1. Introduction

Summit Digital Innovations ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our accounting and bookkeeping platform ("Service").

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, phone number, company name, and business information
• Financial Data: Banking information, transaction records, invoices, bills, and other accounting data you input into the Service
• Communication Data: Messages, support requests, and feedback you send to us
• Authentication Data: Passwords (encrypted), multi-factor authentication preferences, and security settings

2.2 Information We Collect Automatically

When you use our Service, we automatically collect:

• Usage Information: Pages viewed, features used, time spent, and interaction patterns
• Device Information: IP address, browser type, operating system, and device identifiers
• Log Data: Access times, error logs, and system activity (see our Audit Log Retention Policy)

2.3 Information from Third Parties

We may receive information from:

• Bank Feed Integrations: Transaction data from financial institutions via Plaid or similar services
• Payment Processors: Payment confirmation and processing details from Stripe
• Authentication Services: Verification data from Twilio for SMS-based multi-factor authentication

3. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Authenticate users and prevent fraud
• Send administrative messages, updates, and security alerts
• Respond to support requests and provide customer service
• Monitor and analyze usage patterns to improve user experience
• Comply with legal obligations and enforce our terms
• Maintain audit trails for financial and security purposes (see our Audit Log Retention Policy)

4. How We Share Your Information

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

• Cloud Infrastructure: Heroku (Salesforce) for hosting
• Database Services: PostgreSQL for secure data storage
• Payment Processing: Stripe for payment and subscription management
• Communication Services: Twilio for SMS authentication, SendGrid for email delivery
• Bank Connectivity: Plaid for secure bank feed integrations
• File Storage: AWS S3 for document attachments

All service providers are contractually obligated to maintain the confidentiality and security of your information.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or if necessary to:

• Comply with legal processes or obligations
• Protect our rights, property, or safety
• Investigate fraud or security issues
• Enforce our Terms of Service

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

5. Data Security

We implement robust security measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access control (RBAC) with least-privilege principles
• Authentication: Multi-factor authentication (MFA) required for sensitive operations
• Monitoring: Continuous security monitoring and audit logging
• Incident Response: Documented procedures for security incidents (see our Security Policy)
• Backups: Regular encrypted backups (see our Backup Retention Policy)

For more details, see our Information Security & Incident Response Policy.

6. Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

• Active Accounts: Data retained while your account is active
• Financial Records: Retained for 7 years per IRS and tax requirements
• Audit Logs: Retained for 1 year (see our Audit Log Retention Policy)
• Backups: Retained for 90 days (see our Backup Retention Policy)

See our Data Retention & Deletion Policy for complete details.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access your personal information and request a copy in a portable format. Contact us at support@summit-di.com to request your data.

7.2 Correction and Updates

You can update your account information directly through the Service settings. Contact support for assistance with corrections.

7.3 Deletion

You may request deletion of your account and associated data by contacting us. Please note:

• Financial records may be retained for legal compliance (7 years)
• Backups are purged according to our Backup Retention Policy (90 days)
• Audit logs are retained for 1 year per our Audit Log Retention Policy

7.4 Opt-Out of Communications

You can opt out of promotional emails by clicking "unsubscribe" in any marketing email. You cannot opt out of service-related or security notifications.

7.5 Do Not Track

We do not track users across third-party websites and do not respond to Do Not Track (DNT) signals, as we do not engage in cross-site tracking.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Authentication: Session management and login persistence
• Preferences: Remembering your settings and choices
• Security: Detecting and preventing fraudulent activity
• Analytics: Understanding usage patterns to improve the Service

You can control cookies through your browser settings, but disabling cookies may limit functionality.

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new effective date
• Sending an email notification to your registered email address
• Displaying an in-app notice upon your next login

Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us:

Summit Digital Innovations
Email: privacy@summit-di.com
Support: support@summit-di.com
Website: www.summit-di.com

13. Compliance

We are committed to compliance with applicable data protection laws, including:

• General Data Protection Regulation (GDPR) for EU users
• California Consumer Privacy Act (CCPA) for California residents
• Gramm-Leach-Bliley Act (GLBA) for financial data protection
• IRS regulations for financial recordkeeping

Related Policies:

• Data Retention & Deletion Policy
• Audit Log Retention Policy
• Backup Retention Policy
• Information Security & Incident Response Policy
• All Policies