Privacy Policy

Last updated: March 21, 2026

1. Introduction

burnless, Inc. ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use burnless ("the Service"). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, and authentication credentials (via Google, GitHub, or email/password).
  • Financial data: expenses, revenue, funding rounds, and other financial information you enter or import.
  • Payment information: billing details processed securely through Stripe. We do not store your full card number.
  • Communications: any messages you send us via email or support channels.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, actions taken, and timestamps.
  • Device information: browser type, operating system, device type, and screen resolution.
  • Cookies and similar technologies: see Section 7 for our cookie policy.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service.
  • Process your financial data and generate AI-powered insights, forecasts, and categorizations.
  • Process payments and manage your subscription.
  • Send transactional emails (account verification, billing receipts, security alerts).
  • Improve the Service through analytics and usage patterns (aggregated and anonymized).
  • Respond to your inquiries and provide customer support.
  • Comply with legal obligations and enforce our Terms of Service.

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Service providers: trusted third parties that help us operate the Service (hosting, payment processing, analytics, AI model providers). These providers are bound by data processing agreements.
  • AI processing: financial data you enter may be processed by third-party AI models to generate insights. This data is not used to train AI models and is processed under strict data processing agreements.
  • Legal requirements: when required by law, regulation, or legal process.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate notice.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. You may delete your account and data at any time through your account settings. After deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g., billing records).

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, access controls, regular security audits, and secure infrastructure. No method of transmission or storage is 100% secure, but we strive to use commercially acceptable means to protect your data.

7. Cookies and Tracking Technologies

We use the following types of cookies:

7.1 Essential Cookies

Required for the Service to function. These cannot be disabled.

CookiePurposeDuration
next-auth.session-tokenMaintains your authenticated session30 days
next-auth.csrf-tokenProtects against cross-site request forgerySession
next-auth.callback-urlStores redirect URL after authenticationSession
burnless-cookie-consentRemembers your cookie preferences1 year

7.2 Analytics Cookies

Help us understand how users interact with the Service. Only set with your explicit consent.

CookiePurposeDuration
_gaDistinguishes unique users for Google Analytics2 years
_ga_*Maintains session state for Google Analytics2 years

7.3 Marketing Cookies

Used to deliver relevant content and measure campaign effectiveness. Only set with your explicit consent.

CookiePurposeDuration
_fbpIdentifies browsers for Facebook ad delivery3 months
_gcl_auStores ad click info for Google Ads conversion tracking3 months

You can manage your cookie preferences at any time through the cookie consent banner or your browser settings.

8. Your Rights

8.1 GDPR Rights (EU/EEA Users)

If you are in the EU/EEA, you have the right to:

  • Access, correct, or delete your personal data.
  • Restrict or object to processing.
  • Data portability (export your data in a structured format).
  • Withdraw consent at any time.
  • Lodge a complaint with your local data protection authority.

8.2 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information is collected and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale of personal information (we do not sell your data).
  • Non-discrimination for exercising your rights.

To exercise any of these rights, contact us at privacy@burnless.com.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, when transferring data internationally.

10. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

burnless, Inc.

Email: privacy@burnless.com