Privacy Policy
Español →This policy describes what data Mywacc SpA ("MyWacc") collects, how it uses that data, and what rights users have over their data.
1. Data we collect
1.1 Account data
- Email and name at registration.
- Company or organization the user belongs to.
- Role within the platform (CFO, accountant, investor, etc.).
1.2 Financial data uploaded or connected by the user
- Financial statements (income statement, balance sheet, cash flow) in CSV/Excel/PDF.
- Operating drivers and projection assumptions (margins, capex, etc.).
- Data synced from authorized ERPs (accounts, invoices, balances, partners).
1.3 Technical data
- IP address, browser, operating system (standard server logs).
- Platform usage events for product analytics.
2. How we use the data
- To operate the Service: compute valuations, render reports, sync with authorized ERPs.
- To improve the platform: aggregated and anonymous statistics about feature usage.
- For support: respond to inquiries and resolve reported issues.
- To comply with legal obligations: when applicable law requires it.
We do not sell user data. We do not use one client's financial data to benefit another.
3. Where data is stored
User data is stored on Amazon Web Services infrastructure, region US East (Virginia). This includes:
- PostgreSQL database (RDS) — transactional and user data.
- S3 — uploaded files (PDFs, Excels).
- EC2 — compute servers.
OAuth tokens for connected ERPs are stored encrypted.
4. Processing by third parties
MyWacc uses the following third-party services as sub-processors to operate the platform:
| Service | Purpose | Data shared |
|---|---|---|
| Amazon Web Services | Hosting, database, storage | All user data, on their infrastructure |
| Amazon Cognito | User authentication | Email, password hash |
| QuickBooks Online (Intuit) | ERP sync authorized by user | Only if the user connects their account |
| Yahoo Finance (free) | Public market data | Public tickers queried, no client data |
| FRED API (Federal Reserve) | Reference rates | No client data |
| Mistral AI · Anthropic Claude | Advanced analysis opt-in ("Expert mode" of chat) | Summary of the active valuation when the user enables expert mode. Only if the user enables it explicitly. |
The chat's "Expert mode" is opt-in and processes a structured summary of the valuation (not original client documents) on external providers. If this is not acceptable for your organization, leave expert mode disabled — the default chat uses our self-hosted LLM.
5. Retention
- Account data: while the account is active and up to 90 days after closure.
- Uploaded financial data: under user control; deleted when the analysis is deleted or the account closed.
- OAuth tokens: until the user revokes them or they expire.
- Technical logs: 30 days.
6. User rights
You may at any time:
- Access the data associated with your account.
- Request the correction of inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Export your data in structured format.
- Revoke access to connected systems.
To exercise any of these rights, write to contacto@mywacc.com.
7. Security
- Communications encrypted in transit (HTTPS / TLS 1.2+).
- Sensitive data encrypted at rest (AWS KMS).
- Access to production infrastructure restricted by IAM and MFA.
- ERP tokens encrypted before storage.
No system is perfectly secure. If we detect a security incident affecting your data, we will notify you without undue delay.
8. Cookies
We use strictly technical cookies (user session, language preference). We do not use ad-tracking cookies.
9. Minors
The Service is not directed at minors under 18. If we detect a minor's account, we close it.
10. Changes to this policy
We will notify users by email of material changes at least 30 days in advance.
11. Contact
For any inquiry about this policy: contacto@mywacc.com