Privacy Policy

Last updated: January 19, 2026

1. Introduction

Exit OSx ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our exit planning platform and services.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using Exit OSx, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Email address, full name, and profile picture (via OAuth or Gravatar)
  • Authentication Data: Encrypted passwords and session tokens
  • Organization Data: Company name, role, and team membership
  • Usage Data: Actions taken within the platform, timestamps, and preferences

2.2 Financial Information

If you connect financial integrations (e.g., QuickBooks), we may access:

  • Revenue and expense data
  • Financial statements and reports
  • Business valuation metrics

2.3 Automatically Collected Information

  • IP address and browser type
  • Device information and operating system
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

  • Provide and maintain our exit planning services
  • Authenticate and secure your account
  • Send transactional emails (invitations, notifications)
  • Improve our platform and develop new features
  • Comply with legal obligations
  • Protect against fraud and abuse

Under GDPR, we process your data based on:

  • Contract: To provide services you've requested
  • Consent: For marketing communications and cookies
  • Legitimate Interest: To improve our services and prevent fraud
  • Legal Obligation: To comply with applicable laws

5. Data Sharing and Third Parties

We share your data with:

5.1 Service Providers

  • Supabase: Database hosting and authentication (EU/US)
  • Resend: Email delivery service
  • Vercel: Application hosting

5.2 Integrations (With Your Consent)

  • QuickBooks: Financial data synchronization
  • Google/GitHub: OAuth authentication

We do not sell your personal information to third parties.

6. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and security
  • Functional Cookies: Remember your preferences
  • Analytics Cookies: Help us understand how you use our platform (with consent)

You can manage your cookie preferences through our cookie consent banner or your browser settings.

7. Data Retention

We retain your data as follows:

  • Account Data: Until you delete your account, plus 30 days for recovery
  • Financial Data: Until you disconnect integrations or delete your account
  • Deleted Companies: 30-day soft delete period before permanent removal
  • Audit Logs: 2 years for security and compliance

8. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, visit your account settings or contact us at privacy@exitosx.com.

9. Data Security

We protect your data through:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure authentication with Supabase Auth
  • Regular security audits and monitoring
  • Access controls and role-based permissions
  • Secure data centers with SOC 2 compliance

10. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Data processing agreements with all third parties
  • Privacy Shield certifications where applicable

11. Children's Privacy

Exit OSx is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the platform. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights:

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Privacy Policy | Exit OSx | Exit OSx