Privacy Policy
Scope and Roles
This Privacy Policy explains how ForecastFix handles personal information and organization data for a hosted SaaS financial reporting and consolidation tool.
For account, billing, security, support, and website data, ForecastFix acts as a controller or business. For trial balances, charts of accounts, mappings, dimensions, financial reports, and other organization content submitted by customers, ForecastFix generally acts as a processor or service provider for the customer organization.
Information We Process
We process account identifiers, email addresses, organization names, user roles, company access permissions, authentication and security logs, billing metadata, support communications, and device or network information such as IP address and user agent.
Organization data may include trial balances, account names and codes, entity names, dimensions, mappings, FX rates, reports, formulas, generated journals, audit history, and related financial metadata uploaded or configured by users.
Accounting and Reporting Content
We process customer-submitted accounting and reporting content to provide the service features selected or configured by users, including reporting, consolidation, mapping, refresh, audit history, dashboard, and export workflows.
ForecastFix does not use that content to independently certify financial statements, determine final GAAP or IFRS compliance, provide audit opinions, provide tax or legal advice, or make professional accounting judgments for the customer organization.
How We Use Information
We use information to provide and secure the service, authenticate users, enforce tenant and company-level access, operate reporting and consolidation features, maintain audit trails, provide support, improve reliability, meet legal obligations, and protect against fraud or misuse.
GDPR Legal Bases
Where GDPR applies, we process personal data as needed to perform a contract, meet legal obligations, pursue legitimate interests such as security and service operation, and, where required, based on consent.
Individuals may have rights to access, correct, delete, restrict, object to processing, and receive a portable copy of personal data, subject to legal, security, accounting, and contractual limits.
California Privacy Rights
California residents may have rights to know, access, correct, delete, and limit certain uses of personal information, and to be free from discrimination for exercising privacy rights.
ForecastFix does not sell personal information or share personal information for cross-context behavioral advertising as those terms are commonly used in California privacy law.
Sharing and Subprocessors
We may share information with service providers that host infrastructure, store data, send email, process payments, monitor security, provide support, or perform analytics necessary to operate the service.
We may also disclose information when required by law, legal process, security investigation, corporate transaction, or to protect rights, safety, and service integrity.
Retention and Deletion
For active organizations, current operational data such as trial balances, charts of accounts, mappings, dimensions, report definitions, generated outputs, and uploaded files is retained while the organization remains active or as needed to provide the service.
Audit trails, history records, historical snapshots, and related audit payloads are retained for seven years unless a longer period is required by law, contract, security need, or dispute preservation. After that retention period, those audit and history records may be deleted or archived according to our retention controls.
Subscription cancellation does not automatically erase organization data. A cancelled or inactive subscription may restrict access to the service. If an organization remains inactive or unsubscribed for seven years after the last known service period end, the organization and its data may be permanently deleted unless it is reactivated earlier or a longer period is required by law, contract, security need, or dispute preservation.
If an authorized organization admin requests deletion, the organization enters a 14-day soft-delete grace period. If the organization is not restored, the organization is permanently deleted from active application databases and object storage after that grace period. Disaster recovery backups may persist until their normal backup lifecycle expires and are not used for ordinary processing.
Security
We use administrative, technical, and organizational safeguards designed to protect information, including tenant access controls, authentication, audit records, and operational monitoring.
No hosted system can be guaranteed completely secure. Customers should use strong passwords, appropriate roles, company access restrictions, and internal review controls.
Contact
Privacy and data protection requests can be sent to privacy@forecastfix.com, by phone at +1 (843) 418-2524, or by mail to ForecastFix LLC at 8421 Dorchester Rd Ste 109 #355, North Charleston, SC 29420, USA. We may need to verify your identity and authority before acting on a request.