Privacy Policy
Effective July 19, 2026
This Privacy Policy explains how CashLinx ("CashLinx", "we", "us") collects, uses, and protects information when a bookkeeping or accounting practice and its clients use the CashLinx platform (the "Service"). CashLinx is a service-delivery platform that connects a practice to its small-business clients, and is not itself an accounting system or system of record.
Who controls your data
CashLinx is a multi-tenant platform. For a given client's financial information, the practice that serves that client is generally the controller of the data, and CashLinx acts as a processor on the practice's behalf. For account and platform data, CashLinx is the controller. If you are a client business, direct data requests to your practice first.
Information we collect
- Account information: name, email, role, and authentication data for practice staff and client-portal users.
- Client and financial data: business details and, once connected, a mirror of accounting information from your accounting system (chart of accounts, transactions, balances) and, where enabled, banking data used for reconciliation.
- Work product: AR, AP, reconciliation, review, and time records created in the Service.
- Usage and device data: log data, IP address, and basic device information used to operate and secure the Service.
- Cookies: essential cookies described in our Cookie Policy.
How we use information
- To provide, secure, and support the Service.
- To connect to a client's accounting and, where enabled, banking systems and to render live financials and workflow.
- To run the client and CPA review loop and to bill for services.
- To detect, prevent, and respond to fraud, abuse, and security issues.
- To comply with legal obligations.
We do not sell personal information, and we do not use your financial data for advertising.
How information is shared
- Within your tenant: practice staff see their practice's data; a client-portal user sees only their own company's data. Access is enforced by row level security.
- Service providers: infrastructure and processing vendors that help us run the Service (for example, cloud hosting and database providers, our accounting-system connectors, and, where enabled, banking connectivity providers), under contractual confidentiality and security obligations.
- Legal: where required by law or to protect rights, safety, and the integrity of the Service.
Security
We apply a security-first posture for financial and banking data, including default-deny row level security that isolates each tenant and client, least-privilege access, encryption in transit, encrypted connection secrets, and audit logging of sensitive actions. No system is perfectly secure, but we work to protect your information and to respond promptly to incidents.
Data retention
We retain information for as long as an account is active and as needed to provide the Service, meet legal and recordkeeping obligations, resolve disputes, and enforce agreements. Records are generally disabled or archived rather than hard-deleted, so an audit trail is preserved.
Your rights
Depending on your location, you may have rights to access, correct, export, or delete personal information, and to object to or restrict certain processing. Practice and portal users can update their own profile and password in account settings. For other requests, contact us or your practice.
International transfers
The Service is operated using infrastructure that may process data in the United States and other locations. Where required, we use appropriate safeguards for cross-border transfers.
Children
The Service is for business use and is not directed to children, and we do not knowingly collect personal information from children.
Changes
We may update this Policy. Material changes will be reflected by updating the effective date above and, where appropriate, by additional notice.
Contact
Questions about this Policy or your data: privacy@mycashlinx.com.