Privacy Policy

Information Collected

To provide the Services, the Company may collect, use, process, and under certain conditions disclose information you provide through the Site, including Business Data, Client Personal Information, and Incidental Personal Information, as defined in these Terms.

Rights and Duties

The rights and duties of the Client and the Company with respect to the Services, Business Data, and Personal Information may be governed by applicable laws and regulations of the United States and the state where a Client is incorporated, organized, registered, has its principal place of business, or makes use of the Services (collectively, the "Data Protection Laws"). At a minimum, the Company maintains policies and controls consistent with the Virginia Consumer Data Protection Act, the District of Columbia Consumer Protection Procedures Act, the District of Columbia Consumer Personal Information Security Breach Notification Act, and Section 5 of the Federal Trade Commission Act.

Information Use

The Services use proprietary analytics and artificial intelligence ("AI") tools to analyze sales, inventory, supply chain, and related operational data ("Business Data") provided by Client to generate insights and recommendations designed to improve revenue, operational efficiency, and profit margins.

The Company will make commercially reasonable efforts to promptly remove any Personal Information of Client's customers incidentally provided to the Company within Client's Business Data ("Incidental Personal Information") before applying the Company's proprietary data analytics and AI tools to the Business Data.

The Company will collect, use, and process Personal Information pertaining directly to the Client ("Client Personal Information") in the registration process and in the course of providing the Services. The Company will never disclose any data or information except as provided in this Privacy Policy or as may be required by law.

Types of Information

Specific data the Company may request or otherwise obtain includes but is not limited to: Client contact information; inventory management, POS and e-commerce reports; login information; other account information; customer service information; user preferences; device information; website navigation information; cookies; and non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources including selected partners and companies that specialize in providing enterprise data, analytics, and software as a service.

Legal Bases

We do not collect data to build marketing profiles of Clients. We collect specific Personal Information and financial artifacts solely to execute the Services and related activities including general communication; product support and improvement; security; research and development; and billing and payments.

Legal bases for our collection and use of data include without limitation: (i) our performance and exercise of contractual rights and duties; (ii) our compliance with laws, lawful requests, court orders, and legal processes; and (iii) our legitimate interest in conducting the Company's business.

Artificial Intelligence, Infrastructure, and Data Aggregation

The Company may use enterprise-grade analytics and AI service providers to classify inventory, generate reports, support product workflows, and respond to user requests. We configure subprocessors to limit retention and secondary use where those controls are available.

Your data may be processed by service providers used to operate the Services, including hosting, database, authentication, email delivery, payment, analytics, AI, and commerce-integration providers. These providers are permitted to process data only for the Services and related operational purposes.

Anonymized Data

The Company reserves the irrevocable right to create and use de-identified, aggregated data sets assembled to include Client's Business Data ("Anonymized Data") (for example, "average apparel margins in the Southeast" or "sector-wide dead stock trends"). We create Anonymized Data by removing or modifying data points that could be used to associate Business Data or Personal Information to a Client or individual, and by applying technical and organizational safeguards designed to prevent the data from being re-associated with any Client or individual. The Company owns all rights to such Anonymized Data in perpetuity.

We do not sell Business Data or Personal Information. We may use Anonymized Data to operate, secure, improve, and benchmark the Services, and any disclosure of Anonymized Data is governed by this Privacy Policy.

When we disclose Anonymized Data to third-party service providers or AI platforms, we will make commercially reasonable efforts to ensure, and where required by law will contractually require, that such providers or AI platforms: (i) not attempt to re-identify the data; (ii) not combine the data with other information to identify a Client or individual; and (iii) use the data only for the purposes we specify.

Change of Ownership

We may disclose your Business Data and Personal Information in connection with the re-organization or merger of the Company with another entity or a sale of all or a substantial portion of our assets or ownership, including any due diligence carried out in relation to the same, provided that the information disclosed continues to be used in accordance with these Terms by the entity acquiring the information.

Data Retention

The Company will make commercially reasonable efforts to promptly remove Incidental Personal Information received within Business Data provided by the Client before applying the Company's proprietary data analytics and AI tools to the Business Data. We retain your Business Data only for as long as necessary to fulfill the purposes for which it was collected or as required by Data Protection Laws.

Raw CSV uploads are processed in memory and are not intentionally written to disk. Reports, classifier output, action plans, account records, billing metadata, audit events, and security logs may be retained while needed to provide the Services, maintain the account, meet legal obligations, resolve disputes, and protect the Services.

You may request account deletion or export by emailing privacy@CashMarginPartners.com. We respond to access and privacy inquiries as described below, and deletion timing depends on account state, legal obligations, backup retention, and whether the Company is acting as a Data Controller or Data Processor.

Children's Privacy

The Services are only intended for use by business users. Accordingly, we do not intentionally gather Personal Information from persons who are under the age of 18. If we learn that any Personal Information is the information of a person under the age of 18, we will use reasonable efforts to delete the information in a timely manner.

Client Access and Inquiries

You own your business. If you want to know what data we have in our systems, or if you want us to promptly delete your Business Data and/or Client Personal Information, please email privacy@CashMarginPartners.com.

When the Company is acting as a Data Controller, we will process your request in accordance with this Privacy Policy and respond within two (2) business days. If the Company is acting as a Data Processor, we will direct you to the relevant Data Controller that can process your request.

If you believe that your Business Data or Client Personal Information is being used in a way that violates or infringes upon Data Protection Laws, you may be entitled to lodge a complaint with relevant authorities.

Disclosure

Subject to legal obligations and narrowly-defined, legitimate business reasons described in this Privacy Policy, we will never disclose your Business Data or Client Confidential Information.

From time to time, we may engage third-party service providers. Such providers may have limited access to Business Data and Client Personal Information for the sole purpose of helping manage or improve the Site and Services, subject to contractual restrictions on their access to and use of such data no less restrictive than our obligations under this Privacy Policy and Data Protection Laws.

Cross-border Processing

Business Data and Client Personal Information may be collected, transferred to, stored and processed by us and/or third parties described above in the United States or countries outside the United States. We will take all necessary steps to ensure that such recipients of such data adhere to commercially reasonable data security practices and comply with all relevant Data Protection Laws.

Law Enforcement; Subpoenas

If the law requires us to, we may need to collect and/or process Business Data or Personal Information to comply with the valid order or request of a court, regulator, or law enforcement agency. Furthermore, we may disclose such information at our sole discretion where we deem it necessary to protect the safety of any individual or the public, or to prevent violation of rights of the Company or any third party.