Privacy Policy

Last Updated: November 20, 2025

Effective Date: November 20, 2025

1. Introduction

Infinite Grow Ventures LLC ("TrestleFinance", "we", "our", or "us") operates the website https://trestlefinance.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

• Email address
• Name
• Payment information (processed securely through Stripe)
• Account credentials (password is hashed and encrypted)

2.2 Financial Data

When you upload CSV files for processing:

• Stripe Balance Transaction data
• Stripe Payout Reconciliation data
• PayPal Activity Download data

Important: Your CSV files are processed in-memory and stored encrypted for 30 days to enable re-download. Files are automatically deleted after 30 days. You can manually delete files at any time from your account settings.

2.3 Usage Data

We automatically collect:

• IP address
• Browser type and version
• Pages visited and time spent
• Upload and export activity
• Error logs and performance metrics

2.4 Cookies and Tracking

We use:

• Authentication Cookies: To keep you logged in (Firebase Auth)
• Analytics Cookies: Google Analytics 4 to understand site usage
• Session Cookies: To maintain your session across pages

3. How We Use Your Information

We use collected information to:

• Provide and maintain the Service
• Process your payment transactions
• Convert your CSV files to QuickBooks-ready formats
• Send transactional emails (export confirmations, receipts, account notifications)
• Improve our Service through analytics
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Data Storage and Security

4.1 Where We Store Data

• User accounts: Firebase Firestore (Google Cloud, US)
• CSV files: Firebase Storage (encrypted at rest, US)
• Payment data: Stripe (PCI DSS Level 1 certified)

4.2 Security Measures

• TLS/SSL encryption for all data in transit
• AES-256 encryption for files at rest
• Passwords hashed with industry-standard algorithms (Firebase Auth)
• Regular security audits and monitoring
• SOC 2 Type II compliance (TODO: VERIFY STATUS)

4.3 Data Retention

• CSV files: 30 days, then automatically deleted
• Account data: Until you delete your account
• Transaction history: 7 years (required for tax/accounting purposes)
• Analytics data: 26 months (Google Analytics default)

5. Data Sharing and Disclosure

5.1 We Share Data With:

• Stripe: Payment processing (see Stripe Privacy Policy)
• Firebase/Google Cloud: Hosting and data storage (see Firebase Privacy Policy)
• SendGrid: Transactional emails (see SendGrid Privacy Policy)
• Sentry: Error tracking and monitoring (see Sentry Privacy Policy)

5.2 We Do NOT:

• Sell your personal information to third parties
• Share your CSV data with anyone (except as required by law)
• Use your financial data for marketing purposes
• Send unsolicited marketing emails (unless you opt in)

5.3 Legal Disclosure

We may disclose your information if required by:

• Court order or subpoena
• Legal process or law enforcement request
• Protection of our rights, safety, or property
• Investigation of fraud or abuse

6. Your Rights

6.1 Access and Portability

You have the right to:

• Access your personal data
• Export your data in a machine-readable format
• Request a copy of your uploaded CSV files (within 30-day retention period)

6.2 Correction and Deletion

You can:

• Update your account information in Settings
• Delete uploaded CSV files anytime
• Delete your entire account (Settings → Delete Account)

6.3 Opt-Out

You can opt out of:

• Marketing emails: Click "Unsubscribe" in any marketing email
• Analytics tracking: Use browser Do Not Track or ad blockers

Note: You cannot opt out of transactional emails (receipts, export confirmations, security alerts) required for the Service.

7. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it's used
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell data)
• Non-discrimination for exercising your privacy rights

To exercise these rights, email support@infinitegrowventures.com.

8. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have rights under GDPR:

• Legal basis: Legitimate interest (providing the Service) and consent
• Data controller: Infinite Grow Ventures LLC
• Data transfers: Your data may be transferred to the US (Firebase, Stripe)
• Right to lodge a complaint: Contact your local data protection authority

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email.

11. Contact Us

For privacy-related questions or requests:

• Email: support@infinitegrowventures.com
• Company: Infinite Grow Ventures LLC
• Website: https://trestlefinance.com