Effective Date: January 2026 | Last Updated: March 2026
Issued by Vectis Group LLC.
We collect the following categories of personal information: identifiers (name, email, phone); commercial information (service usage, transaction history); internet/electronic network activity (app and website events, device data); financial information (bank account data, transaction data accessed via Stripe Financial Connections, Plaid, or Wise with your consent); and professional/employment information (business name, entity details, role). We do not sell or share personal information for cross-context behavioral advertising. California residents may exercise rights described in Addendum A. To submit a request, email privacy@prolify.co with subject line "California Privacy Request."
This Privacy Policy is issued by Vectis Group, LLC. ("Vectis," "Company," "we," "us," or "our"), the data controller responsible for the personal information described in this policy.
This Privacy Policy applies to all personal information we collect, use, store, and share when you:
This policy does not apply to third-party websites, applications, or services that we link to or integrate with, even if accessed through our Services.
If you choose to connect a bank account through one of our supported providers, we access and process financial account data with your explicit consent. Supported providers include Stripe Financial Connections, Plaid, and Wise.
Important: We never receive, store, or have access to your bank login credentials. All authentication occurs directly through the provider's secure connection flow. You may withdraw consent at any time by disconnecting the linked account in your account settings.
Creating and managing accounts, processing LLC formations, enabling AI bookkeeping features, processing payments via Stripe, and generating financial views such as cash flow summaries and profit and loss statements.
Analyzing usage patterns via PostHog, troubleshooting technical issues, preventing fraud, detecting unauthorized access, and conducting internal research and development using de-identified and aggregated data only.
Sending transactional communications, responding to support requests, and sending marketing communications (only with your consent where required by law).
Complying with applicable laws, establishing or defending legal claims, fulfilling tax reporting obligations, and responding to lawful requests from regulatory authorities and law enforcement.
Our Services use automated systems, including machine learning and AI, to provide core bookkeeping and financial analysis features.
Categorizes transactions, matches receipts and invoices to transactions, detects duplicates and anomalies, generates financial summaries and reports, and suggests chart-of-accounts mappings.
All AI-generated outputs are presented to you for review. You can modify, correct, or override any AI-generated categorization at any time.
We do not use your individually identifiable connected bank transaction data or uploaded financial documents to train general-purpose or third-party AI models. We may use de-identified and aggregated data to improve our product's AI performance.
Important: AI-generated bookkeeping data, transaction categorizations, financial reports, and insights are provided for informational purposes and may contain errors. Users should independently verify the accuracy of all AI-generated outputs before relying on them for tax filings or financial reporting. Prolify is not a licensed accounting firm and our AI-generated outputs do not constitute professional accounting, tax, or financial advice.
We share your personal information only as described below. We never sell your personal information.
We engage vetted third-party service providers for cloud hosting, product analytics (PostHog), payment processing (Stripe, Plaid, Wise), email delivery, customer support, and security. All providers are contractually prohibited from using your data for their own purposes.
When you link a financial account, Stripe, Plaid, and/or Wise process your financial data under their respective privacy policies. We maintain Data Processing Agreements with each partner.
We may disclose personal information to comply with applicable laws, enforce our Terms of Service, detect or prevent fraud, or protect the rights and safety of Prolify, our users, or the public.
If Prolify is involved in a merger, acquisition, or asset sale, your personal information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.
Prolify is based in the United States. If you access our Services from outside the US—including from the EEA, UK, or Switzerland—your personal information will be transferred to and processed in the United States.
We rely on the following lawful transfer mechanisms: EU-US Data Privacy Framework (DPF), UK-US Data Bridge (UK Extension to the DPF), and Standard Contractual Clauses (SCCs). We conduct Transfer Impact Assessments and implement supplementary measures where necessary.
We retain personal information only as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.
| Data Category | Retention Period |
|---|---|
| Account and profile data | Duration of active account + 90 days post-termination |
| Business formation documents | Duration of account + 7 years from the relevant tax year |
| Financial/bookkeeping data | Duration of account + 7 years from the relevant tax year |
| Payment/billing records | 7 years from date of transaction |
| Communications | 3 years from last interaction or account closure |
| Device and usage data | 24 months from collection |
| Analytics data (PostHog) | Duration of account or until you opt out |
| Security and access logs | 12 months from creation |
We implement administrative, technical, and organizational security measures including:
If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at security@prolify.co.
Email privacy@prolify.co with subject line "Privacy Rights Request" and include your full name, account email, the specific right(s) you wish to exercise, and your jurisdiction. We will respond to verified requests within 45 days.
We honor the Global Privacy Control (GPC) signal. If your browser or device transmits a GPC signal, we will treat it as a valid opt-out of sale and sharing of personal information.
We use cookies and similar technologies to operate and improve the Services.
For users in the EEA and UK, we display a cookie consent banner before setting non-essential cookies.
In the event of a personal data breach affecting your personal information, we will notify you and the relevant supervisory authorities in accordance with applicable data protection laws, including GDPR Articles 33 and 34, GLBA Safeguards Rule breach notification requirements, and the breach notification laws of all applicable US states.
Our Services are intended for use by adults and business entities. We do not direct our Services to individuals under 18 years of age, and we do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us at privacy@prolify.co.
Prolify is not a consumer reporting agency as defined by the Fair Credit Reporting Act. Our Services do not constitute consumer reports and the financial data generated by our AI bookkeeping features should not be used to determine any individual's eligibility for credit, insurance, or employment.
The Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to any third-party sites or services. We encourage you to read the privacy policy of any website you visit.
We may update this Privacy Policy from time to time. If we make material changes, we will provide prominent notice through the Services, by email, or by other means prior to the changes taking effect. Material changes include: changes to categories of personal information collected, new purposes of processing, changes to data sharing practices, or modifications to your rights.
This Privacy Policy and any disputes arising out of or relating to it shall be governed by the laws of the United States, without regard to conflict of laws principles.
For users located in the United States: Any dispute that cannot be resolved through informal negotiation within 30 days shall be resolved exclusively through binding individual arbitration administered by the American Arbitration Association. There shall be no right or authority for claims to be arbitrated on a class, collective, or representative basis. You may opt out of this arbitration provision by sending written notice to privacy@prolify.co within 30 days of first accepting this Privacy Policy.
The arbitration provision in Section 17.2 does not apply to users located in the EEA, UK, or Switzerland. Nothing in this Privacy Policy limits your right to bring proceedings before the courts of the EU Member State or UK jurisdiction in which you reside, or your right to lodge a complaint with a supervisory authority.
This addendum supplements the main Privacy Policy for California residents pursuant to the CCPA/CPRA.
We have collected in the preceding 12 months: Identifiers (name, email, phone, IP address), Financial information (bank account data, transaction data), Commercial information (services purchased, usage history), Internet/electronic activity (browsing, app usage), Professional/employment information (business name, role), Geolocation (inferred from IP), and Inferences (AI-generated transaction categories). None of this information has been sold or shared for cross-context behavioral advertising.
To submit a request, email privacy@prolify.co with subject "California Privacy Request."
We process your personal data on the following lawful bases: contract performance (account creation, LLC formation, AI bookkeeping, payment processing), legal obligation (tax compliance, AML/KYC obligations), legitimate interest (product analytics, fraud prevention, security monitoring), and consent (marketing emails, non-essential cookies, financial account linking).
You may request a copy of our Legitimate Interest Assessments or Standard Contractual Clauses by contacting privacy@prolify.co.
Our UK Representative is: Mark Damsell, damsell@prolify.co. We rely on the UK-US Data Bridge (the UK Extension to the EU-US Data Privacy Framework) and the UK International Data Transfer Agreement for transfers from the United Kingdom to the United States.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk, Telephone: +44 (0)303 123 1113.
The mandatory arbitration provision in Section 17.2 does not apply to UK residents. Nothing in this policy restricts your rights under UK GDPR or the Data Protection Act 2018.
© 2026 Vectis Group, LLC. All rights reserved.
This document is for informational purposes and does not constitute legal advice. Prolify recommends consultation with qualified legal counsel for compliance verification.