Privacy Policy

Last Updated: November 13, 2025
Effective Date: November 13, 2025

Change Log: No updates, original version.

---

Introduction

Second Difference Solutions, LLC (“Company”, “we”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use any of our business analytics applications and related services:

• BizAnalyzer - QuickBooks integration for business analytics and financial reporting
• EconAnalyzer - Economic trends analysis and forecasting using public data sources
• MarketAnalyzer - Stock market analysis and portfolio tracking using public market data
• Custom Apps - Bespoke business solutions and integrations
• AI Tools - Free AI-powered assistance tools (AIBot, AIAgent)

Collectively referred to as the “Services” or “Applications.”

This Privacy Policy applies to information we collect through:

• Our Applications (web-based and any future mobile apps)
• Our website at https://2diff.io
• Electronic communications related to the Services (emails, notifications)

Important: This Privacy Policy does not cover third-party services that our Applications integrate with or retrieve data from: - Intuit QuickBooks (for BizAnalyzer) - Alpha Vantage (for MarketAnalyzer data) - EIA and FRED APIs (for EconAnalyzer data) - Stripe (payment processing)

Those services are governed by their own privacy policies. We encourage you to review their policies.

Agreement to Policy: By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Applications or provide us with your information.

---

Information We Collect

We collect several types of information depending on which Application(s) you use:

Core Information (All Applications)

Account Information

When you register for any Application, we collect:

• Name (first and last name)
• Email address (required for account creation and communication)
• Password (stored encrypted using industry-standard hashing)
• Business name (optional - helps us personalize your experience)
• Phone number (optional - for account recovery and support)
• User preferences (settings, notification preferences, display options)

Payment Information

For paid subscriptions, we collect:

• Billing address (required for tax purposes and payment processing)
• Payment method details (credit card information is collected and stored by our payment processor, Stripe)
• Transaction history (receipts, invoices, payment dates, subscription changes)

Important: We do not store full credit card numbers on our systems. Payment card information is securely processed and stored by Stripe, which is PCI-DSS compliant.

Usage Data

We automatically collect information about how you access and use the Applications:

Technical Information:

• IP address (used for security and approximate location)
• Device type, model, and operating system
• Browser type and version
• Unique device identifiers
• Internet connection type and speed
• General location (city, state, country) based on IP address

Activity Information:

• Pages and screens you visit within the Applications
• Features and reports you use
• Time and date stamps of each interaction
• Duration of sessions
• Navigation paths through the Applications
• Click patterns and user flows
• Error logs and crash reports
• Performance metrics (page load times, API response times)

Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your use of our website and Applications:

Session Cookies:

• Maintain your logged-in state as you navigate
• Expire when you close your browser

Persistent Cookies:

• Remember your preferences and settings
• Remain on your device for a set period or until manually deleted

Analytics Cookies:

• Google Analytics (tracks how users interact with our Services)
• Help us understand usage patterns and improve user experience
• Can be disabled through browser settings

More information about cookies is provided in the “Cookies and Tracking Technologies” section below.

Application-Specific Data Collection

BizAnalyzer (QuickBooks Integration)

When you connect BizAnalyzer to your Intuit QuickBooks account, we access and retrieve financial and accounting data with your explicit authorization via OAuth 2.0.

Financial Data Accessed:

Company Profile: - Company name and legal entity information - Business address and contact information - Tax identification numbers (EIN/SSN) - QuickBooks Company ID

Accounting Data: - Chart of accounts (account names, types, balances) - Transaction details (dates, amounts, descriptions, categories) - Invoices (customer names, amounts, due dates, payment status) - Bills and expenses (vendor names, amounts, categories, payment status) - Bank transactions (if connected to QuickBooks) - Journal entries and adjustments

Financial Reports: - Balance sheets (assets, liabilities, equity) - Profit and loss statements (revenue, costs, net income) - Cash flow statements (operating, investing, financing activities) - Accounts receivable and payable aging reports - General ledger details

Customer and Vendor Information: - Customer names, addresses, contact information - Vendor names, addresses, contact information - Transaction history with each customer/vendor

OAuth Credentials (Encrypted):

• QuickBooks OAuth access tokens (short-lived)
• QuickBooks refresh tokens (used to obtain new access tokens)
• Token expiration dates
• QuickBooks Realm ID (company identifier)

How We Use BizAnalyzer Data:

We use your QuickBooks data solely to: 1. Generate customized financial reports and dashboards for you 2. Calculate financial ratios and key performance indicators (KPIs) 3. Identify trends in revenue, expenses, cash flow, and profitability 4. Provide business insights and recommendations 5. Create visualizations of your financial data (charts, graphs) 6. Compare your metrics to your historical performance 7. Cache data temporarily (5-minute cache) for faster performance

What We Do NOT Do:

• ❌ Sell your QuickBooks data to third parties
• ❌ Use your financial data to train AI/ML models (unless you explicitly opt-in)
• ❌ Create industry benchmarks that include your data without anonymization
• ❌ Share your data with competitors or public databases
• ❌ Store credit card numbers from QuickBooks
• ❌ Execute transactions or modify data in your QuickBooks account (read-only access)
• ❌ Access your QuickBooks data after you disconnect BizAnalyzer

EconAnalyzer (Economic Data Analysis)

EconAnalyzer retrieves publicly available economic data on your behalf from government and institutional sources. It does not access your personal financial accounts or private business data.

Public Data Retrieved:

From U.S. Energy Information Administration (EIA): - Energy production statistics (oil, gas, coal, renewables) - Energy consumption data (residential, commercial, industrial) - Energy price data and forecasts - Regional energy trends and statistics - Environmental data related to energy - Supply and demand projections

From Federal Reserve Economic Data (FRED): - GDP and economic growth indicators - Employment statistics and unemployment rates - Inflation metrics (CPI, PCE) - Interest rates (federal funds rate, treasury yields) - Monetary data (money supply, credit conditions) - Housing market data - Consumer spending and confidence indices - Regional economic data by state and metropolitan area

How We Use Economic Data:

1. Retrieve data in real-time based on your queries and analysis requests
2. Display data in charts, tables, and visualizations
3. Generate economic reports and trend analysis
4. Create forecasts using statistical models
5. Set up alerts for economic events (if you enable this feature)
6. Compare regional economic performance
7. Cache aggregated data temporarily for performance optimization

Important Notes:

• Economic data retrieved through EconAnalyzer is publicly available and not subject to confidentiality
• We do not claim ownership of public economic data
• Data usage is subject to the terms of EIA and FRED (both allow free use for analysis)
• No personal financial data is required to use EconAnalyzer (only email for account management)

MarketAnalyzer (Stock Market Analysis)

MarketAnalyzer retrieves publicly available market data from Alpha Vantage API for research and analysis purposes. It does not integrate with brokerage accounts or execute trades.

Public Market Data Retrieved:

Stock Market Data:

• Real-time and historical stock prices
• Trading volumes (daily, intraday)
• Technical indicators (moving averages, RSI, MACD, etc.)
• Company fundamentals (earnings, revenue, P/E ratios)
• Market indices (S&P 500, NASDAQ, Dow Jones)
• Sector and industry performance data

Cryptocurrency Data (if applicable):

• Cryptocurrency prices and market capitalization
• Trading volumes across exchanges
• Historical price data

Portfolio Tracking Data (Optional Feature):

If you choose to use the portfolio tracking feature, we may store: - Stock symbols in your watchlist (companies you want to monitor) - Portfolio holdings (stocks you own, share quantities - stored locally in your user profile) - Purchase prices and dates (for calculating gains/losses) - Performance calculations (based on public market prices, not actual brokerage data)

Important: MarketAnalyzer does not:

• ❌ Connect to your brokerage accounts
• ❌ Execute trades on your behalf
• ❌ Access actual account balances or transaction history from brokers
• ❌ Provide real-time order execution capabilities
• ❌ Act as a broker-dealer or investment advisor

How We Use Market Data:

• Retrieve market data on-demand for your analysis and research
• Display data in charts, graphs, and analytics dashboards
• Calculate performance metrics
• Generate technical analysis reports

Important Disclaimers:

Not Financial Advice: Market data and analysis provided by MarketAnalyzer is for informational and educational purposes only. It does not constitute financial advice, investment recommendations, or an offer to buy or sell securities.

Not Licensed Investment Advisors: We are not registered investment advisors, broker-dealers, or financial professionals. You should consult with qualified financial advisors before making investment decisions.

No Warranty: We do not guarantee the accuracy, completeness, or timeliness of market data. Market conditions change rapidly and past performance does not guarantee future results.

User Responsibility: You are solely responsible for your own investment decisions and any trading activities you undertake.

Custom Apps and AI Tools

Custom Apps:

Data collection and usage for Custom Apps varies depending on the specific solution developed for your needs. Custom Apps are typically governed by:

• This Privacy Policy (for general data handling practices)
• A specific service agreement or statement of work that defines:
  • What data will be collected
  • How it will be used
  • Retention periods
  • Access controls

If you are using a Custom App, please refer to your service agreement for details.

AI Tools (AIBot, AIAgent):

Our free AI-powered tools collect minimal information:

Conversation Data:

• Chat messages and queries you submit
• Conversation history (stored temporarily for context)
• Topics discussed and common questions
• Usage patterns (frequency, session duration)

How We Use AI Tool Data:

• Provide conversational responses to your queries
• Improve AI model responses over time
• Analyze usage patterns to enhance features
• Debug errors and improve performance

Data Retention:

• Conversation history stored for 30 days then deleted
• Anonymized usage statistics retained indefinitely for analytics
• No integration with your financial accounts or sensitive data

---

How We Use Your Information

We use the information we collect for various purposes related to operating, maintaining, and improving our Services:

Core Uses (All Applications)

Service Delivery:

• Operate and maintain the Applications
• Authenticate your identity and manage your account
• Process your subscription payments through Stripe
• Send transactional communications (account confirmations, receipts, password resets, security alerts)
• Provide customer support and respond to your inquiries
• Deliver the features and functionality you requested

Improvement and Development:

• Analyze usage patterns to understand how users interact with our Applications
• Identify and fix bugs, errors, and performance issues
• Develop new features and enhance existing functionality
• Conduct A/B testing of new features and designs
• Improve user interface and user experience
• Optimize application performance and speed

Communication:

• Send service updates, feature announcements, and maintenance notifications
• Respond to your support tickets and questions
• Send security alerts and important account information
• Send optional marketing emails about new features or services (you can opt out)
• Conduct user surveys and request feedback (optional participation)

Legal, Compliance, and Security:

• Comply with applicable laws, regulations, and legal processes
• Respond to subpoenas, court orders, or lawful government requests
• Enforce our Terms of Service and other agreements
• Detect, prevent, and respond to fraud, security threats, or illegal activities
• Protect the rights, property, and safety of our Company, users, or others
• Maintain audit logs for security and compliance purposes

Aggregated Analytics:

• Create aggregated, de-identified, or anonymized data that cannot be linked back to you
• Analyze overall trends across our user base (e.g., average usage patterns, popular features)
• Generate industry insights and benchmarks using anonymized data
• Improve our Services based on aggregated usage statistics
• Share anonymized insights in marketing materials or reports

Important: Aggregated data will never contain information that could be used to identify you personally or your company specifically.

Application-Specific Uses

BizAnalyzer Specific Uses

Your QuickBooks data is used exclusively to:

1. Financial Reporting:
   • Generate profit and loss statements
   • Create balance sheets and financial position reports
   • Produce cash flow statements and projections
   • Display accounts receivable and payable aging reports
   • Generate custom financial reports based on your preferences
2. Business Analysis:
   • Calculate key financial ratios (liquidity, profitability, efficiency)
   • Identify trends in revenue, expenses, and cash flow over time
   • Compare current period performance to prior periods
   • Highlight areas of concern or opportunity in your financials
   • Generate “what-if” scenarios for financial planning
3. Insights and Recommendations:
   • Provide actionable insights based on your financial data
   • Suggest areas for cost reduction or revenue optimization
   • Alert you to unusual transactions or patterns
   • Benchmark your performance against your historical data
   • Create visualizations to help you understand your financial position
4. Performance Optimization:
   • Cache data temporarily (5-minute cache) to speed up report generation
   • Pre-calculate commonly used metrics for faster display
   • Optimize database queries for better performance

What We Explicitly Do NOT Do with QuickBooks Data:

• ❌ No Selling: We never sell your QuickBooks data to third parties for any purpose
• ❌ No AI Training: We do not use your financial data to train machine learning models without your explicit opt-in consent
• ❌ No Public Sharing: We do not share your specific financial data publicly or with competitors
• ❌ No Benchmarking Without Consent: We do not include your data in industry benchmarks unless you explicitly opt-in and data is fully anonymized
• ❌ No Marketing to You: We do not use your QuickBooks data to target ads or market third-party services to you
• ❌ No Credit Decisions: We do not use your data for underwriting, credit scoring, or loan decisions
• ❌ No Modification: We only read data from QuickBooks; we never modify, delete, or create transactions in your QuickBooks account

EconAnalyzer Specific Uses

Economic data retrieved is used to:

1. Display current economic indicators relevant to your queries and interests
2. Generate economic forecasts and trend analysis reports
3. Create custom economic reports tailored to your industry or region
4. Set up alerts for significant economic events (unemployment reports, Fed rate decisions, etc.)
5. Compare regional economic data across states and metropolitan areas
6. Analyze correlations between different economic indicators
7. Provide context for business planning and strategy

Minimal Personal Data Required: - EconAnalyzer can be used with minimal personal information - We only need your email address to manage your subscription and send reports - No access to your financial accounts, business data, or sensitive information - All data analyzed is publicly available from government sources

MarketAnalyzer Specific Uses

Market data retrieved is used to:

1. Research and Analysis:
   • Display real-time and historical stock prices
   • Generate technical analysis charts and indicators
   • Analyze market trends and patterns
   • Compare stock performance across time periods and sectors
   • Provide market news and context (if integrated)
2. Portfolio Tracking (Optional):
   • Track performance of stocks in your watchlist
   • Calculate gains/losses based on your entered purchase prices
   • Display portfolio allocation by sector, asset class, etc.
   • Generate portfolio performance reports
   • Set up price alerts for stocks you track
3. Educational Tools:
   • Help users learn about investing and market analysis
   • Demonstrate technical indicators and their interpretations
   • Provide historical context for market movements

Important Disclaimers (Repeated for Emphasis):

Not Financial Advice: Market data and analysis provided by MarketAnalyzer is for informational and educational purposes only. It does not constitute: - Financial or investment advice - Recommendations to buy or sell any security - Offers or solicitations for any financial products - Professional financial planning services

Not Licensed Professionals: Second Difference Solutions, LLC is not: - A registered investment advisor - A broker-dealer - A financial planner - Licensed to provide investment advice

No Guarantee of Accuracy: We do not guarantee: - The accuracy or completeness of market data - The timeliness of data updates - The profitability of any investment strategies - Future market performance based on historical data

User Responsibility: You are solely responsible for: - All investment decisions you make - Conducting your own due diligence - Consulting with qualified financial professionals - Understanding the risks of investing - Compliance with securities laws and regulations

---

Cookies and Tracking Technologies

We use cookies and similar technologies to collect usage information, improve user experience, and analyze how our Services are used.

What Are Cookies?

A cookie is a small text file that a website stores on your device (computer, smartphone, tablet) to remember information about you. Cookies help us: - Keep you logged in as you navigate - Remember your preferences and settings - Understand how you use our Applications - Improve performance and user experience

Types of Cookies We Use

Authentication and Functionality Cookies (Essential)

Purpose: These cookies are necessary for the Applications to function properly.

• Session cookies: Keep you logged in as you navigate between pages
• Authentication tokens: Verify your identity securely
• CSRF tokens: Protect against cross-site request forgery attacks
• Preference cookies: Remember your settings (language, timezone, display options)

Duration: Session cookies expire when you close your browser. Authentication cookies may last up to 30 days (or until you log out).

Can you disable them? No - these are essential for the Applications to work. If you disable them, you won’t be able to log in or use the Services.

Analytics Cookies

Purpose: Help us understand how users interact with our Applications and website.

Services we use: - Google Analytics: Tracks page views, user flows, session duration, bounce rates, and other metrics - Firebase Analytics: Tracks events, user engagement, and app performance (if using mobile apps)

What they collect: - Pages and features you visit - How long you spend on each page - Navigation paths (how you move through the Applications) - Device and browser information - General location (city, state level) - Anonymous user ID (not linked to your identity)

Can you disable them? Yes: - Most browsers allow you to block third-party cookies - You can opt out of Google Analytics using the Google Analytics Opt-Out Browser Add-On - You can disable cookies in your browser settings (see below)

Marketing Cookies (Limited Use)

Purpose: We use limited tracking in our own marketing communications.

What we do: - Email open tracking (pixel in emails to know if you opened our newsletter) - Link click tracking in emails (to see which content interests you) - Website conversion tracking (to measure effectiveness of marketing campaigns)

What we DO NOT do: - ❌ We do not display third-party advertisements in our Applications - ❌ We do not sell your data to advertisers - ❌ We do not use retargeting or behavioral advertising across other websites - ❌ We do not use QuickBooks, market, or economic data for advertising

Can you disable them? Yes: - Unsubscribe from marketing emails using the link in any email - Disable cookies in your browser settings - Use email clients that block tracking pixels

How to Control Cookies

You have several options to control or limit cookies:

Browser Settings:

Most web browsers allow you to: - Block all cookies - Block third-party cookies only - Delete existing cookies - Receive notifications when cookies are set

How to manage cookies in popular browsers: - Chrome: Settings > Privacy and security > Cookies and other site data - Firefox: Settings > Privacy & Security > Cookies and Site Data - Safari: Preferences > Privacy > Manage Website Data - Edge: Settings > Cookies and site permissions > Manage and delete cookies

Important Note:

If you disable or remove cookies, some parts of our Services (especially web-based features) may not function properly. In particular: - You may not be able to stay logged in - Your preferences may not be saved - Some features may load slowly or not work at all

Do Not Track Signals

Currently, our website does not respond to “Do Not Track” (DNT) browser signals. This is because there is no industry consensus on how to respond to DNT signals.

However, we limit our use of tracking technologies to the purposes described above and do not engage in invasive tracking practices.

---

How We Share Your Information

We value your privacy and do not sell your personal information to third parties. We only share information about you in the limited circumstances described below:

Service Providers (Third-Party Processors)

We share your information with trusted third-party service providers who perform services on our behalf. These providers are contractually obligated to: - Protect your information - Use it only for the purposes of providing services to us (and by extension, to you) - Not use your data for their own purposes - Comply with applicable data protection laws

Service providers we use include:

Infrastructure and Hosting:

• Google Cloud Platform (Firebase):
  • Hosts our applications and databases
  • Provides authentication services
  • Stores user data securely
  • U.S.-based data centers

Payment Processing:

• Stripe:
  • Processes subscription payments
  • Stores payment card information securely (PCI-DSS Level 1 compliant)
  • Handles refunds and billing
  • We receive limited payment information (last 4 digits of card, payment status)

Analytics:

• Google Analytics:
  • Helps us understand how users interact with our Services
  • Collects anonymized usage data
  • Generates reports on traffic and engagement

Communication:

• Email Service Providers:
  • Send transactional emails (receipts, password resets, alerts)
  • Send marketing emails (if you opt in)
  • Examples: SendGrid, Amazon SES, or similar

Customer Support:

• Support Platforms:
  • Help us manage support tickets and inquiries
  • May have access to conversation history with you

API Data Providers (Data Sources):

These providers supply data to our Applications but do not receive your personal information: - Intuit (QuickBooks API): For BizAnalyzer - we authenticate with your OAuth tokens - Alpha Vantage: For MarketAnalyzer - we retrieve public market data on your behalf - EIA and FRED APIs: For EconAnalyzer - we retrieve public economic data

Important: We send minimal information to these providers (typically just API keys and query parameters). They do not receive your personal data or other information from our Applications.

Business Partners (Confidential Programs)

We do not publicly share your QuickBooks data, financial information, or personal data with third parties.

However, if your use of the Applications is part of a specific program or partnership that you have voluntarily enrolled in (examples: small business mentorship program, industry-specific analytics program, academic research), we might share relevant information with the program organizers under strict confidentiality agreements.

In such cases: - You will be informed in advance and must opt-in - Data shared will be limited to what is necessary for the program - Data will be protected under the terms of a private agreement - Program partners are bound by confidentiality and cannot share your data further - We will never disclose your data publicly or to competitors

Legal Compliance and Protection

We may disclose your information when we believe in good faith that such disclosure is necessary to:

Comply with Legal Obligations: - Respond to subpoenas, court orders, or lawful government requests - Comply with applicable laws, regulations, or legal processes - Cooperate with law enforcement investigations - Meet tax, accounting, or audit requirements

Protect Rights and Safety: - Enforce our Terms of Service and other agreements - Protect and defend the rights, property, or safety of our Company, our users, or others - Investigate and defend against third-party claims or allegations - Detect, prevent, or respond to fraud, security threats, or illegal activities - Prevent harm to individuals or the public

In such cases: - We will limit disclosure to the minimum necessary to fulfill the legal requirement - We will notify you if legally permitted and practical - We will verify the legitimacy of requests before disclosing information

Business Transfers

If the Company is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization: - Your information (including personal data and any QuickBooks data we have stored) may be transferred to a successor or affiliate as part of that transaction - Your information will remain subject to the protections of this Privacy Policy (unless you are notified otherwise and consent to a new policy) - We will notify you (via email or a prominent notice on our website) of any change in ownership or material changes to how your personal information will be used - You will have the opportunity to opt out or delete your account if you do not agree with the new entity’s practices

With Your Consent

We may share your personal information with others for purposes not described above if you explicitly ask or consent us to do so. Examples: - You ask us to integrate with another third-party service and authorize data sharing - You request us to send your data to your accountant, advisor, or business partner - You opt-in to a feature that involves sharing data with a specified third party

We will always obtain your affirmative consent before sharing data for new purposes not covered by this Privacy Policy.

What We Never Do

• ❌ Sell your data: We never sell your personal information, QuickBooks data, or any other data to third parties for marketing purposes or any other reason
• ❌ Share publicly: We do not publicly share your individual data, financial information, or company details
• ❌ Share with competitors: We do not share your data with competing services or businesses
• ❌ Use for unrelated purposes: We do not use your data for purposes unrelated to providing and improving our Services

---

Data Retention and Deletion

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

General Retention Policies

Active Accounts:

• Account data: Retained while your subscription is active and for 90 days after cancellation
• Usage logs: Retained for 12 months for security, debugging, and analytics
• Transaction records: Retained for 7 years to comply with U.S. tax and accounting requirements

Cancelled Accounts:

• Account data: Retained for 90 days after cancellation (in case you want to reactivate)
• After 90 days: Account data, preferences, and settings are permanently deleted
• Financial transaction records: Retained for 7 years for legal and tax compliance purposes
• Support correspondence: May be retained longer for legal protection and reference

Anonymized Data:

• We may retain anonymized, aggregated data indefinitely for analytics and research
• This data cannot be used to identify you personally

Application-Specific Retention

BizAnalyzer Data Retention

While Connected to QuickBooks: - Session data: Cached for 5 minutes during active sessions (for performance) - OAuth tokens: Stored encrypted until you disconnect or revoke access - Retrieved QuickBooks data: Cached temporarily to generate reports (typically less than 24 hours)

After Disconnecting from QuickBooks or Cancelling BizAnalyzer: 1. Immediate actions: - OAuth access tokens are revoked with Intuit (we can no longer access your QuickBooks account) - Our API access is terminated

2. Within 24 hours:
   • All cached QuickBooks financial data is deleted from our databases
   • QuickBooks refresh tokens are deleted
3. Within 90 days:
   • Generated reports and insights are deleted (you have 90 days to download any reports you want to keep)
   • Your account data is permanently deleted if you cancel subscription
4. Retained for 7 years (legal requirement):
   • Transaction records showing you paid for BizAnalyzer subscription
   • No QuickBooks financial data is retained after deletion

How to Disconnect: - You can disconnect BizAnalyzer from QuickBooks anytime through your dashboard - Click “Disconnect” button → Confirm → All access is immediately revoked

Important: When you disconnect BizAnalyzer: - We permanently lose access to your QuickBooks data - We cannot recover or restore any data after disconnect - You will need to re-authorize if you reconnect later (starting fresh)

EconAnalyzer Data Retention

Public Economic Data: - Economic data from EIA and FRED is publicly available and not subject to deletion - We may cache public data for performance (up to 24 hours) - You can request deletion of your query history and custom reports

Your Data: - Custom reports: Retained for 90 days after account cancellation, then deleted - Query history: Retained for 12 months, then anonymized (we keep only aggregated statistics) - Preferences and settings: Deleted when you cancel or 90 days after cancellation

MarketAnalyzer Data Retention

Public Market Data: - Market data from Alpha Vantage is publicly available and not subject to deletion - We may cache public data for performance (up to 1 hour for real-time data, longer for historical data)

Your Portfolio Data: - Watchlist: Stored in your profile; deleted immediately upon request or when you cancel - Portfolio holdings: Stored in your profile; deleted 90 days after cancellation - Historical portfolio calculations: - Retained for 90 days after cancellation by default - You can opt-in to keep for 7 years for tax record purposes - You can request immediate deletion anytime

Important: MarketAnalyzer does not store actual brokerage account data (we don’t have access to it). All portfolio data is information you enter into the Application.

Requesting Data Deletion

You have the right to request deletion of your personal information at any time.

How to Request Deletion:

1. Self-Service (for most data):
   • Log into your account dashboard
   • Go to Settings > Account > Delete Account
   • Confirm deletion
   • Most data is deleted immediately
2. Email Request (for full deletion or specific data):
   • Email info@2diff.io
   • Include “Data Deletion Request” in subject line
   • Provide your name and email address
   • Specify what data you want deleted
   • We will verify your identity and process within 30 days

What Happens When You Request Deletion:

• Personal data deleted: Name, email, preferences, usage history
• Application data deleted: Reports, analyses, cached data, portfolio information
• OAuth tokens revoked: We immediately lose access to any third-party accounts (QuickBooks)
• Service terminated: You will no longer be able to access the Applications
• Exceptions: We may retain certain data if required by law (transaction records for tax purposes, legal holds)

Important Notes:

• Deletion is permanent and cannot be undone
• We cannot recover data after deletion
• Copies in backup storage may persist for up to 30 days (due to backup cycles) but will not be accessible and will be purged on the next backup cycle
• If you request deletion but have an active subscription, we will cancel your subscription (no refund for remaining time)

---

Data Security

We take the security of your personal information seriously and implement reasonable and appropriate measures to protect it.

Technical Safeguards

Encryption:

• Data in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS)
• Data at Rest: Sensitive data (passwords, OAuth tokens, payment information) is encrypted in our databases using AES-256 encryption
• End-to-End: QuickBooks API communications use OAuth 2.0 with encrypted tokens

Access Controls:

• Authentication: Multi-factor authentication available for user accounts
• Authorization: Role-based access control limits data access to authorized personnel only
• Least Privilege: Employees and contractors have access only to data necessary for their job functions

Network Security:

• Firewalls: Network firewalls protect our servers from unauthorized access
• Intrusion Detection: Automated systems monitor for suspicious activity
• DDoS Protection: Distributed denial-of-service attack protection
• Secure Infrastructure: Google Cloud Platform provides enterprise-grade security

Application Security:

• Secure Coding: We follow OWASP secure coding guidelines
• Input Validation: All user inputs are validated and sanitized
• SQL Injection Prevention: Parameterized queries prevent SQL injection attacks
• XSS Protection: Output encoding prevents cross-site scripting attacks
• CSRF Protection: Tokens prevent cross-site request forgery

Administrative Safeguards

Personnel:

• Background Checks: Employees with access to sensitive data undergo background checks
• Confidentiality Agreements: All personnel sign confidentiality agreements
• Training: Regular security awareness training for all employees
• Limited Access: Only essential personnel have access to production systems

Policies and Procedures:

• Incident Response Plan: Documented procedures for handling security incidents
• Regular Audits: Periodic security audits and vulnerability assessments
• Vendor Management: Third-party vendors are vetted for security practices
• Data Minimization: We collect only data necessary for our Services

Physical Safeguards

Data Centers:

• Secure Facilities: Data hosted in Google Cloud Platform data centers with:
  • 24/7 security monitoring
  • Biometric access controls
  • Video surveillance
  • Environmental controls (fire suppression, climate control)
• Redundancy: Multiple data center locations for backup and disaster recovery
• Compliance: SOC 2, ISO 27001, and other security certifications

Limitations

Despite our efforts to protect your information, no security measure is 100% foolproof: - The transmission of information via the internet is not completely secure - We cannot guarantee absolute security against all threats - Unauthorized access, hardware failures, and other factors may compromise security

Your Responsibility: - Keep your login credentials confidential - Use a strong, unique password - Enable multi-factor authentication - Log out from shared devices - Keep your devices and software updated - Report suspicious activity immediately

Breach Notification

In the event of a data breach that affects your personal information: - We will investigate the breach immediately - We will notify you via email within 72 hours of discovering the breach (as required by applicable law) - We will notify relevant regulatory authorities as required - We will provide information about: - What data was affected - What we are doing to address the breach - Steps you can take to protect yourself - We will post a notice on our website if the breach is widespread

---

Your Rights and Choices

You have certain rights and choices with respect to your personal information. The specific rights available to you may depend on your location and applicable law.

Access and Correction

Right to Access: You have the right to access the personal information we hold about you.

How to Access: - Log into your account dashboard to view your profile information, subscription details, and usage history - Email info@2diff.io to request a copy of all personal data we have about you - We will provide the data in a commonly used electronic format (PDF, CSV, JSON)

Right to Correction: You have the right to request corrections of any inaccuracies in your personal information.

How to Correct: - Log into your account and update your profile information directly - Email info@2diff.io to request corrections for data you cannot edit yourself - We will update the information within 30 days

Deletion of Data

Right to Deletion: You may request that we delete the personal information we have collected about you.

How to Request Deletion: - See the “Data Retention and Deletion” section above for detailed instructions - Email info@2diff.io with “Data Deletion Request” in the subject line

Exceptions: We may retain certain information if: - Required by law (e.g., transaction records for tax purposes) - Necessary to complete a transaction you requested - Necessary to detect and prevent fraud or security threats - Necessary to defend legal claims - Subject to a legal hold or pending litigation

Opt-Out of Marketing Communications

Right to Opt-Out: You can opt out of receiving promotional emails or newsletters from us.

How to Opt-Out:

• Click the “unsubscribe” link at the bottom of any marketing email
• Email info@2diff.io with “Unsubscribe” in the subject line
• Log into your account and update your email preferences under Settings > Notifications

Important: Even if you opt out of marketing emails, we will still send you:

• Transactional emails (receipts, password resets, security alerts)
• Service notifications (downtime alerts, feature updates affecting your account)
• Legal notices (changes to Terms or Privacy Policy)

These messages are necessary to operate your account and cannot be opted out of.

Data Portability

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.

How to Request: - Email info@2diff.io with “Data Export Request” in the subject line - We will provide your data in JSON, CSV, or PDF format (your choice) - Delivery within 30 days

What’s Included: - Account information (name, email, preferences) - Subscription history - Generated reports and analyses - Usage history (if requested)

Not Included: - Data from third-party services (QuickBooks, market data) - request directly from those providers - Aggregated or anonymized data that doesn’t identify you - Information that would violate others’ privacy

Withdraw Consent

Right to Withdraw: In cases where we rely on your consent for processing personal information, you have the right to withdraw your consent at any time.

How to Withdraw:

• For marketing emails: Use the unsubscribe link or email info@2diff.io
• For optional features: Disable the feature in your account settings
• For data processing: Email info@2diff.io with details

Effect of Withdrawal:

• Withdrawal does not affect the legality of any processing we conducted prior to your withdrawal
• Withdrawal may impact our ability to provide certain features or services
• We will stop processing your data for that purpose going forward

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know:

• What categories of personal information we collect
• Sources from which we collect it
• Business or commercial purposes for collecting it
• Categories of third parties with whom we share it
• Specific pieces of personal information we have collected about you

Right to Delete:

• Request deletion of personal information we have collected (subject to exceptions)

Right to Correct:

• Request correction of inaccurate personal information

Right to Opt-Out:

• Opt out of the “sale” or “sharing” of personal information
• Note: We do not sell personal information, so this right does not apply

Right to Limit:

• Limit use and disclosure of sensitive personal information (we do not use sensitive information for purposes requiring this right)

Right to Non-Discrimination:

• We will not discriminate against you for exercising your CCPA rights
• We will not deny services, charge different prices, or provide different quality of service

How to Exercise CCPA Rights:

• Email info@2diff.io with your request
• Include “California Privacy Request” in the subject line
• Provide your name and email address for verification
• We will respond within 45 days (may extend to 90 days for complex requests with notice)

Authorized Agents:

• You may designate an authorized agent to make requests on your behalf
• Agent must provide proof of authorization (power of attorney or signed permission)

Verification:

• We will verify your identity before fulfilling requests
• May ask for additional information to confirm you are the person whose data is being requested

GDPR and International Data Protection Rights

If you are in the European Economic Area (EEA), United Kingdom, or a similar jurisdiction with data protection laws (GDPR), you have additional rights:

Access, Rectification, Erasure:

• Request access to your personal data
• Request correction of inaccurate data
• Request deletion (“right to be forgotten”) subject to legal exceptions

Restriction and Objection:

• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests
• Object to direct marketing (including profiling for marketing)

Data Portability:

• Receive your data in a structured, machine-readable format
• Transmit your data to another controller (where technically feasible)

Withdraw Consent:

• Withdraw consent at any time (where processing is based on consent)

Lodge a Complaint:

• File a complaint with your country’s data protection authority (supervisory authority)
• List of EU supervisory authorities: https://edpb.europa.eu/about-edpb/board/members_en

How to Exercise GDPR Rights:

• Email info@2diff.io with your request
• Include “GDPR Request” in the subject line
• We will respond within 30 days as required by GDPR

Legal Bases for Processing:

See the “Legal Bases for Processing (EEA/UK Users)” section below for details on the legal bases we rely on.

---

Legal Bases for Processing (EEA/UK Users)

For individuals in the EEA, UK, or other regions that require a legal basis for processing personal data, we process your information under the following legal bases:

Performance of a Contract

We process personal data as necessary to provide our Services to you in accordance with our contract (the Terms of Service/EULA).

Examples:

• Processing your account information to authenticate you and provide access
• Processing QuickBooks data to generate financial reports (BizAnalyzer)
• Processing payment information to manage your subscription
• Sending transactional emails related to your use of the Services

Legitimate Interests

We process certain data for our legitimate business interests, balanced against your rights and interests.

Our legitimate interests include:

• Securing and improving our Applications
• Understanding how users interact with our Services
• Developing new features and enhancing functionality
• Communicating with you about our Services
• Administering our agreements and protecting our legal rights
• Detecting and preventing fraud, security threats, and abuse

Balancing your interests:

• We assess whether processing is necessary and proportionate
• We consider your reasonable expectations based on our relationship
• We provide opt-outs and controls where appropriate
• We do not process sensitive data under legitimate interests unless necessary

Legal Obligation

In some cases, we need to process and retain data to comply with our legal obligations.

Examples:

• Keeping records of transactions for tax and accounting purposes (7 years in the U.S.)
• Responding to lawful requests from law enforcement or government agencies
• Complying with data breach notification requirements
• Retaining information subject to legal holds or court orders

Consent

Where we have obtained your consent, we will process your personal data within the scope of that consent.

Examples:

• Sending optional marketing emails (you opt-in during registration or later)
• Participating in surveys or beta programs (you opt-in when asked)
• Sharing data with specific third parties you authorize
• Using your data for purposes not covered by other legal bases (we ask for consent first)

Important: You have the right to withdraw any consent you have provided at any time. Withdrawal does not affect processing that occurred prior to withdrawal.

---

Children’s Privacy

Our Services are intended for use by businesses and adults (18 years or older) and are not directed to children or minors.

Age Restrictions:

• Users must be at least 18 years old to create an account
• We do not knowingly collect personal information from individuals under 18
• We do not knowingly collect personal information from children under 13 (or under 16 in certain jurisdictions where a higher age threshold applies under local law, such as the EU)

If We Discover We Have Collected Data from a Child:

• We will promptly delete such information from our records
• We will terminate the account
• We will take steps to prevent future use by minors

Parents and Guardians: If you believe that a minor has provided us with personal information without appropriate consent, please contact us immediately at info@2diff.io so that we can take appropriate action.

No Marketing to Children: We do not market our Services to children and do not knowingly collect information from children for marketing purposes.

---

International Data Transfers

Our Services are operated in the United States. If you are accessing our Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.

Data Transfer Mechanisms:

For EEA/UK Users:

• We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of personal data from the EEA/UK to the United States
• We implement appropriate safeguards to protect your data in accordance with GDPR requirements
• You may request a copy of the SCCs by contacting info@2diff.io.

Data Privacy Framework:

• We monitor developments in the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework
• We may implement additional safeguards as needed to ensure compliance

Your Consent:

By using our Services, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

Data Protection Standards:

• We apply the same privacy and security protections to data regardless of where it is stored
• We require our service providers to protect data in accordance with this Privacy Policy and applicable law

---

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other reasons.

How We Notify You of Changes:

For Material Changes:

• We will notify you by email at the address associated with your account
• We will post a prominent notice in the Applications or on our website
• We will update the “Last updated” date at the top of this Privacy Policy
• We will maintain a “Change Log” at the top of this document

For Non-Material Changes:

• We will update the “Last updated” date
• We will note the change in the Change Log
• Continued use of the Services constitutes acceptance

Your Options:

• You will have at least 30 days to review material changes before they take effect
• If you do not agree to the changes, you may cancel your subscription and stop using the Services before the changes take effect
• Continued use after the effective date of changes constitutes acceptance

Review Regularly: We encourage you to periodically review this page for the latest information on our privacy practices.

Previous Versions: Previous versions of this Privacy Policy are available upon request by contacting info@2diff.io.

---

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email Contacts:

• Privacy inquiries and data rights requests: info@2diff.io
• General support: info@2diff.io
• General information: info@2diff.io

For Data Rights Requests (GDPR, CCPA, etc.):

• Email: info@2diff.io
• Include “Data Rights Request” in the subject line
• Specify which right you are exercising (access, deletion, correction, etc.)
• Provide your name and email address for verification

Response Time:

• We will respond to all privacy inquiries within 30 days as required by applicable law
• For urgent security matters, we will respond within 72 hours
• For general questions, we typically respond within 3-5 business days

---

By using our Services, you acknowledge that you have read this Privacy Policy, understand it, and agree to the collection, use, and disclosure of your information as described herein.

---

Last Updated: November 13, 2025
Effective Date: November 13, 2025

Version: 2.0