Privacy Policy

How we collect, use, and protect your information.

Effective Date: March 1, 2026  |  Last Updated: March 1, 2026

1. Overview

The Tributum Group ("Tributum," "we," "us," or "our") operates a financial management platform for small businesses. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

By using our platform, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information You Provide Directly

  • Account information: name, email address, phone number, business name, industry, business size, years in business
  • Address information: street address, city, state, and ZIP code
  • Financial context: annual revenue range, business challenges, current advisor status
  • Preferences: contact preferences, urgency level, pricing package selection
  • Documents: files you upload during onboarding (e.g., tax returns, financial statements)
  • Payment information: billing name, billing address, card details (processed and stored by Stripe — we do not store raw card numbers)
  • Communications: messages you send to us via the contact form or support email

Information from Third-Party Integrations

When you connect third-party accounts, we receive data from those services:

  • Plaid: bank account balances, transaction history, institution name (we access this data on your behalf — we never receive or store your banking login credentials)
  • QuickBooks: accounting data including income, expenses, invoices, and financial reports
  • POS Systems (Square, Shopify, Clover, Toast): sales transactions, product data, and daily revenue figures

Information Collected Automatically

  • Session data: authentication tokens stored in your browser's localStorage to keep you logged in
  • Usage data: pages visited, features used, and actions taken within the platform (used to improve the Service)
  • Technical data: browser type, operating system, IP address, and device information

3. How We Use Your Information

  • To provide, operate, and improve the Service
  • To create and manage your account
  • To process payments and manage your subscription
  • To generate personalized financial dashboards, reports, and insights from your connected data
  • To send transactional emails (account approval, welcome emails, password resets, billing notifications)
  • To respond to support requests and inquiries
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations
  • To send product updates and service announcements (you may opt out)

We do not sell your personal information to third parties. We do not use your financial data for advertising purposes.

4. Data Processors and Third Parties

We share data with the following third-party service providers solely to operate the Service. Each is bound by their own privacy policy and data processing terms:

Provider Purpose Data Shared
Supabase Database and authentication infrastructure All account data, financial data, session tokens
Plaid Bank account connectivity Bank connection credentials (encrypted); Tributum receives transaction data
Stripe Payment processing and subscription management Billing name, email, payment method details
Resend Transactional email delivery Name, email address, email content
QuickBooks (Intuit) Accounting data integration (when connected) OAuth access token; QuickBooks sends accounting data to Tributum
Vercel Platform hosting and serverless infrastructure Request logs, IP addresses
Google Fonts Typography IP address (standard web request)
Note: Additional processors may be added as the platform evolves. This table will be updated when new processors are onboarded. Registered users will be notified of material additions.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data:

  • All data is transmitted over HTTPS (TLS encryption)
  • Database access is controlled by row-level security policies — your data is only accessible to you and authorized Tributum staff
  • OAuth tokens and API credentials are encrypted at rest and never exposed to the frontend
  • Authentication is handled by Supabase Auth with secure session management
  • We do not store raw bank credentials — Plaid handles credential management directly
  • We do not store raw card numbers — Stripe handles all payment credential storage
  • Access to production systems is restricted to authorized personnel

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that is likely to result in risk to your rights or freedoms, we will notify affected users without undue delay, and no later than 72 hours after becoming aware of the breach, to the extent required by applicable law. Notifications will be sent to the email address on file.

6. Data Retention

  • Active accounts: data is retained for as long as your account is active
  • Cancelled/terminated accounts: data is retained for 90 days following cancellation to allow for data export, then permanently deleted
  • Financial data from disconnected integrations: retained until account deletion or explicit deletion request
  • Support communications: retained for 2 years
  • Payment records: retained as required by applicable law (typically 7 years for tax purposes)

7. Cookies and Local Storage

Our platform uses browser localStorage (not traditional cookies) to store your authentication session. This allows you to remain logged in between visits. localStorage data is stored on your device and is not transmitted to third parties except as part of authenticated API requests to our servers.

We may also use session cookies for security purposes. These expire when you close your browser.

Third-party services embedded in our platform (Google Fonts) may set their own cookies or make web requests that involve your IP address. You can control cookie preferences through your browser settings.

A cookie consent preference is stored in your browser so we remember your choice. Accepting cookies does not affect your ability to use the platform.

8. Your Rights

You have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request deletion of your account and associated data (subject to legal retention requirements)
  • Export: export your financial data from within the platform at any time
  • Opt-out: unsubscribe from marketing emails at any time using the link in any email we send
  • Disconnect integrations: disconnect any third-party integration from within your dashboard at any time

To exercise any of these rights, email us at support@thetributumgroup.com. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes by email at least 14 days before changes take effect. The updated policy will always be available at thetributumgroup.com/privacy.

11. Contact

Questions or concerns about this Privacy Policy?

The Tributum Group
Email: support@thetributumgroup.com
Incorporated in the State of Delaware, United States