Privacy Policy

Last updated: May 2, 2026

This Privacy Policy describes how Tigrate Technology L.L.C. (“we”, “us”, or “our”) collects, uses, and discloses information in connection with finstackcloud.com (the “Site”) and the tools and services we provide (the “Service”).

The short version

We try to collect as little information about you as possible. Specifically:

• Files you upload to our parsers and validators are processed entirely in your browser. They never reach our servers, and we have no way to see their contents.
• We collect basic, anonymous analytics about how the Site is used (page views, browser type, approximate region) — but we do not use cookies for tracking, and we do not build advertising profiles.
• If you give us your email address (for example, via a “Notify me” form), we use it only for the specific purpose you provided it for.
• We do not sell your data. Ever.

The longer version follows.

1. Information we collect

Files you upload to our tools

Most tools on the Site — including our NACHA Parser, NACHA Validator, and similar tools for other payment file formats — process files entirely within your web browser using JavaScript. The file contents are read and analyzed locally on your device.

Because of this architecture:

• The contents of your files are not transmitted to our servers
• We do not store your files
• We do not log or analyze the data inside your files
• We have no technical ability to see what was in your files

You can verify this by opening your browser’s network inspector (DevTools) while using the tools — you’ll see no file content being uploaded.

In the future, we may offer optional features that involve server-side processing (for example, AI-powered error explanations or PDF report generation). Any such features will be clearly labeled, will only run when you explicitly invoke them, and will be governed by additional disclosures at the time you use them.

Information you provide directly

We collect information you choose to provide to us, such as:

• Email address, if you submit a “Notify me” form on a Coming Soon page or otherwise sign up for product updates
• Messages you send us, when you contact us by email or other channels
• Feedback or bug reports, if you submit them through the Site or related channels

Information collected automatically

When you visit the Site, we (or our service providers) may automatically collect:

• Pages visited and links clicked
• Approximate geographic region (typically country and U.S. state, never precise location)
• Browser type and version, operating system, and device type
• Referring website (if any)
• Approximate visit duration

We collect this information using Cloudflare Web Analytics, which is privacy-preserving by design and does not use cookies or fingerprinting.

We may also use PostHog (or a similar product analytics tool) to understand how features are used in aggregate. Where used, we configure these tools to collect only anonymized event data and to not place tracking cookies on your device.

Cookies

The core Site does not use cookies for tracking. Where cookies are used at all, they are limited to:

• Strictly necessary cookies (for example, to remember a theme preference or whether you’ve dismissed a banner)
• In the future, authentication cookies if and when we add user accounts

We do not use third-party advertising or behavioral tracking cookies.

2. How we use information

We use the information we collect for the following purposes:

• To operate and improve the Service — understanding which tools are used, where users encounter difficulty, and which content is most useful
• To respond to your requests — for example, sending you the product update emails you signed up for, or replying to your support emails
• To prevent abuse — for example, identifying patterns consistent with attacks against the Site
• To comply with legal obligations — when required by applicable law
• To enforce our Terms of Service

We do not use your information to:

• Build advertising profiles about you
• Sell or rent to third parties
• Train machine learning models on the contents of your files (and we couldn’t even if we wanted to, because we don’t see your files)

3. How we share information

We do not sell your personal information. We share information only in the following limited circumstances:

Service providers

We use a small number of third-party service providers to operate the Service. These providers process information only on our behalf and according to our instructions:

• Cloudflare — hosting, content delivery, DDoS protection, analytics
• PostHog (or equivalent) — product analytics, where used
• Email service provider (e.g., Resend, AWS SES) — to send the emails you signed up for
• Stripe — payment processing, when paid features become available

Each of these providers maintains its own privacy practices, which apply to information they process.

Legal requirements

We may disclose information if required to do so by law, by lawful subpoena, or by court order, or if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public

Business transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will provide notice on the Site of any such change in ownership or control.

4. Data retention

We retain information only as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Email addresses submitted via signup forms are retained until you unsubscribe or request deletion
• Anonymized analytics data is retained for up to 6 months in identifiable form, after which it may be retained in aggregate
• Support correspondence is retained for up to 2 years after the last interaction
• Legal and accounting records are retained for as long as required by applicable law

5. Your rights

Depending on where you live, you may have certain rights regarding your personal information:

All users

• Right to access — You may request a copy of personal information we hold about you
• Right to correct — You may ask us to correct inaccurate information
• Right to delete — You may ask us to delete your information, subject to legal exceptions
• Right to unsubscribe — You may unsubscribe from any marketing emails at any time using the unsubscribe link in those emails, or by emailing us

California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including:

• The right to know what personal information we have collected about you
• The right to delete personal information we have collected (with certain exceptions)
• The right to opt out of the sale or sharing of personal information (we do not sell or share for behavioral advertising in the first place)
• The right to non-discrimination for exercising your privacy rights

European Economic Area / UK residents (GDPR / UK GDPR)

If you are in the EEA or UK, you have rights under the General Data Protection Regulation, including the rights listed above plus:

• The right to data portability
• The right to object to certain processing
• The right to lodge a complaint with your local data protection authority

Our legal basis for processing personal information depends on the type of information and the context:

• Consent — for sending you product update emails you signed up for
• Legitimate interests — for operating and improving the Service, preventing abuse, and similar purposes
• Legal obligation — where required by law

To exercise any of these rights, contact us at privacy@finstackcloud.com. We will respond within the timeframe required by applicable law.

6. International data transfers

We are based in the United States. If you are accessing the Service from outside the United States, please be aware that information about you may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

When we transfer personal information out of the EEA or UK, we use legal mechanisms such as the EU-US Data Privacy Framework or Standard Contractual Clauses to ensure your information is protected.

7. Security

We use industry-standard technical and organizational measures to protect information we collect and store. These include:

• HTTPS encryption for all traffic to and from the Site
• Restricted access to systems holding personal information
• Use of reputable, security-conscious infrastructure providers (e.g., Cloudflare)
• The browser-based architecture of our parsing tools, which keeps the most sensitive data — your file contents — off our infrastructure entirely

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Children’s privacy

The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us so we can delete it.

9. Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. Because there is no industry consensus on how to interpret DNT signals, we do not currently respond to them. However, our practices described above (no advertising tracking, minimal analytics, no cross-site profiling) effectively implement what most users expect from DNT.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. If we make material changes, we will provide a more prominent notice (for example, a banner on the Site, or an email if you’ve provided one).

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

11. Contact us

For privacy-related questions or to exercise your rights, contact us:

Privacy contact: privacy@finstackcloud.com
General contact: hello@finstackcloud.com

Mailing address:
Tigrate Technology L.L.C.
Texas registered agent address: available upon request at hello@finstackcloud.com
Texas, United States

This Privacy Policy applies to finstackcloud.com and the Service operated by Tigrate Technology L.L.C. It does not apply to third-party services or websites that may be linked from the Site.