crystallavino Logo

Privacy Policy

Last Updated: January 15, 2025

At crystallavino, we take your privacy seriously. This comprehensive privacy policy explains how we collect, use, store, and protect your personal information when you use our financial statement analysis platform.

Information We Collect

We collect various types of information to provide and improve our financial analysis services:

Personal Information

  • Name, email address, and contact details when you create an account
  • Professional information such as job title, company name, and industry
  • Payment information including billing address and payment method details
  • Communication preferences and marketing consent
  • Identity verification documents when required for compliance

Financial Data

  • Financial statements and documents you upload for analysis
  • Transaction data and financial metrics you input
  • Analysis results and custom reports you generate
  • Saved templates and financial models you create
  • Historical data from your previous analyses

Technical Information

  • IP address, browser type, and device information
  • Usage patterns and feature interactions within our platform
  • Log files and error reports for system maintenance
  • Cookies and similar tracking technologies
  • Session duration and frequency of platform usage

We only collect information that's necessary to provide our services and improve your experience on our platform.

Data Type Collection Method Purpose Retention Period
Account Information Direct input during registration Account management and service delivery Duration of account + 7 years
Financial Documents User uploads and integrations Analysis and reporting services Duration of subscription + 3 years
Usage Analytics Automated tracking systems Platform improvement and support 24 months from collection
Communication Data Email and chat interactions Customer support and service quality 5 years from last interaction

How We Use Your Information

Your information helps us deliver exceptional financial analysis services. Here's how we use different types of data:

Service Delivery

We use your personal and financial information to provide core platform functionality including financial statement analysis, custom report generation, and data visualization tools. Your uploaded financial documents are processed through our analysis algorithms to generate insights and recommendations tailored to your specific business needs.

Account Management

Personal information helps us manage your account, process payments, and provide customer support. We use this data to verify your identity, manage subscription billing, and ensure secure access to your financial data and analysis results.

Platform Improvement

Technical usage data helps us understand how users interact with our platform, identify areas for improvement, and develop new features. This includes analyzing which tools are most valuable, where users encounter difficulties, and how we can enhance the overall user experience.

Communication and Support

We use your contact information to send important service updates, security notifications, and respond to support inquiries. Marketing communications are only sent with your explicit consent and can be opted out of at any time.

We never sell your personal information to third parties or use your financial data for purposes other than providing our services.

Legal and Compliance

In certain circumstances, we may use your information to comply with legal obligations, respond to lawful requests from authorities, or protect our rights and the rights of other users. This includes fraud prevention, security monitoring, and compliance with financial regulations applicable to our services.

Data Processing Legal Basis

We process your data based on several legal grounds including contract performance (to deliver services you've subscribed to), legitimate interests (platform improvement and security), legal compliance (regulatory requirements), and consent (marketing communications and optional features).

Data Sharing and Third Parties

We maintain strict controls over data sharing and only work with trusted partners who meet our security standards:

Service Providers

We work with carefully selected third-party service providers who help us deliver our platform. These include cloud hosting providers for data storage, payment processors for billing, and analytics tools for platform improvement. All service providers are bound by strict confidentiality agreements and data processing terms.

Integration Partners

With your explicit consent, we may share necessary data with accounting software providers, banking platforms, or other financial tools you choose to integrate with our platform. These integrations are designed to enhance your workflow and are only activated with your specific authorization.

Legal Requirements

We may disclose your information when required by law, such as in response to court orders, government investigations, or regulatory inquiries. We carefully review all such requests and only share information that's legally required and necessary to comply with the specific request.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We would notify you in advance of any such transfer and ensure that your data continues to be protected under the same or stronger privacy standards.

We never share your financial data with marketing companies, advertisers, or other third parties for their own commercial purposes.

Data Processing Agreements

All third parties who process your data on our behalf are required to sign comprehensive data processing agreements that specify how data must be handled, secured, and deleted. These agreements ensure that your privacy rights are maintained even when data is processed by external partners.

Your Privacy Rights

You have comprehensive rights regarding your personal information. We've made it easy to exercise these rights through our platform and support channels:

Access Your Data

You can request a complete copy of all personal information we hold about you. This includes your account details, uploaded documents, analysis history, and any other data associated with your account.

Update Information

You can modify your personal information, communication preferences, and account settings at any time through your account dashboard or by contacting our support team.

Delete Your Data

You can request deletion of your personal information, subject to any legal or regulatory requirements that may require us to retain certain data for specific periods.

Data Portability

You can export your data in standard formats to transfer to other services. This includes your financial analysis results, custom reports, and any other data you've created on our platform.

Restrict Processing

You can limit how we process your data in certain circumstances, such as when you're disputing the accuracy of information or questioning the lawfulness of processing.

Object to Processing

You can object to processing of your data for direct marketing purposes or when processing is based on legitimate interests rather than contract performance or legal compliance.

How to Exercise Your Rights

To exercise any of these rights, follow these steps:

  1. Log into your crystallavino account and navigate to Privacy Settings
  2. Select the specific right you want to exercise from the available options
  3. Complete the verification process to confirm your identity
  4. Provide any additional details required for your specific request
  5. Submit your request and receive a confirmation email with tracking information
  6. We'll process your request within 30 days and notify you of completion

For complex requests or if you prefer direct assistance, you can contact our Privacy Team at privacy@crystallavino.com or call +61452205213. We're committed to responding to all privacy requests promptly and thoroughly.

Security and Data Protection

Protecting your financial information is our top priority. We implement multiple layers of security to safeguard your data:

Technical Security Measures

Our platform uses industry-standard encryption protocols including TLS 1.3 for data in transit and AES-256 encryption for data at rest. All sensitive financial information is stored in encrypted databases with restricted access controls and regular security audits.

Access Controls

We implement strict access controls ensuring that only authorized personnel can access your data, and only to the extent necessary for their job functions. All access is logged and monitored, with regular reviews of access permissions and immediate revocation when no longer needed.

Infrastructure Security

Our servers are hosted in secure, certified data centers with 24/7 monitoring, redundant power supplies, and comprehensive physical security measures. We use cloud infrastructure providers that maintain SOC 2 Type II compliance and other relevant security certifications.

Regular Security Assessments

We conduct regular vulnerability assessments, penetration testing, and security audits to identify and address potential security risks. Our security team continuously monitors for threats and implements updates to protect against emerging security challenges.

We use bank-level security measures to protect your financial data, including the same encryption standards used by major financial institutions.

Employee Security Training

All crystallavino employees receive comprehensive security training covering data protection, privacy rights, and incident response procedures. Access to customer data is strictly limited to employees who require it for their job functions, and all access is monitored and audited.

Incident Response

In the unlikely event of a security incident, we have established procedures to quickly identify, contain, and resolve any issues. We'll notify affected users within 72 hours of discovering any incident that may impact their personal information, along with steps we're taking to address the situation.

Data Retention and Deletion

We retain your information only as long as necessary to provide our services and comply with legal requirements:

Retention Periods

Account information and financial data are retained for the duration of your active subscription plus seven years to comply with financial record-keeping requirements. Usage analytics and technical logs are retained for 24 months to help us improve our platform and provide technical support.

Automatic Deletion

We automatically delete data that's no longer needed according to our retention schedule. This includes temporary files, session data, and analytics information that's older than our specified retention periods. You'll receive notifications before any significant data deletion occurs.

Account Closure

When you close your account, we'll delete most of your personal information within 30 days. However, some information may be retained longer to comply with legal obligations, resolve disputes, or prevent fraud. You can request expedited deletion of specific data types through our privacy controls.

Legal Hold Requirements

In certain circumstances, we may need to retain data longer than our standard retention periods due to legal holds, ongoing investigations, or regulatory requirements. We'll notify you if your data is subject to extended retention and provide updates on when normal deletion schedules will resume.

You can request immediate deletion of your data at any time, subject to legal and regulatory requirements that may require longer retention periods.

International Data Transfers

As a global financial analysis platform, we may transfer your data internationally while maintaining strong privacy protections:

Transfer Safeguards

When transferring data outside Australia, we ensure adequate protection through various mechanisms including adequacy decisions, standard contractual clauses, and certification schemes that provide equivalent privacy protections to Australian law.

Service Provider Locations

Our primary data processing occurs within Australia, but some service providers may be located in other countries including the United States, European Union, and Singapore. All international service providers are carefully vetted and must comply with strict data protection requirements.

Data Localization Options

For enterprise customers with specific data localization requirements, we offer options to keep data within Australia or other specified jurisdictions. Contact our sales team to discuss data residency options that meet your organization's compliance needs.

Cross-Border Request Handling

We have procedures in place to handle cross-border data requests from law enforcement and regulatory authorities. We carefully review all such requests and only comply when legally required, while protecting your privacy rights to the fullest extent possible.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our platform:

Essential Cookies

These cookies are necessary for our platform to function properly and cannot be disabled. They include session management, security authentication, and load balancing cookies that ensure you can access and use our services securely.

Performance Cookies

With your consent, we use performance cookies to understand how you interact with our platform. This helps us identify areas for improvement and optimize the user experience. These cookies collect anonymized usage statistics and don't identify individual users.

Functional Cookies

These cookies remember your preferences and settings to provide a personalized experience. They store information like your preferred language, dashboard layout, and notification preferences to make your subsequent visits more efficient.

Cookie Management

You can manage your cookie preferences through our Cookie Settings panel, accessible from your account dashboard. You can disable non-essential cookies while maintaining full access to our core financial analysis features.

We don't use advertising cookies or share cookie data with third-party advertisers. Our tracking is focused solely on improving your experience with our platform.

Updates to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, legal requirements, or service offerings:

Notification of Changes

We'll notify you of any material changes to this privacy policy at least 30 days before they take effect. Notifications will be sent via email and displayed prominently on our platform. For significant changes that affect your rights, we may request your explicit consent to continue using our services.

Minor Updates

For minor changes such as clarifications, formatting improvements, or contact information updates, we'll update the "Last Updated" date at the top of this policy. We recommend reviewing this policy periodically to stay informed about how we protect your privacy.

Version History

We maintain a history of previous versions of this privacy policy, which you can access through your account settings. This allows you to review changes over time and understand how our privacy practices have evolved.

Your Options

If you disagree with changes to our privacy policy, you can modify your account settings to limit data collection, export your data, or close your account. Our support team is available to help you understand your options and exercise your privacy rights.

Privacy Questions and Contact Information

If you have questions about this privacy policy or how we handle your personal information, we're here to help. Our Privacy Team is available to assist with any privacy-related inquiries, rights requests, or concerns about your data.

Privacy Officer
crystallavino Financial Analysis Platform
119 High St, East Launceston TAS 7250, Australia

Email: privacy@crystallavino.com
Phone: +61452205213
General Inquiries: info@crystallavino.com

We're committed to responding to all privacy inquiries within 5 business days and resolving any concerns as quickly as possible. For urgent privacy matters, please call our support line and request to speak with our Privacy Team.