Privacy Policy

Effective April 19, 2026 · CPA Analytics

This Privacy Policy explains what information CPA Analytics ("we," "us," "our") collects when you use our service, how we use it, and the choices you have. It applies to organizations that register for an account and to individual users who sign in to use the service.

1. Information We Collect

Account & organization information

When you register, we collect your organization name, address, primary contact email, phone number, and billing information. For each user account we collect name, email, username, optional phone number, and an encrypted password hash. We never store passwords in plain text.

Device telemetry

The service receives operational data from Mutha Goose devices and their attached machines that you or your organization have registered. This includes meter readings, transaction events, timestamps, device identifiers, and machine identifiers. Telemetry does not include personally identifiable information about end customers of the machines.

Payment information

Subscription payments are processed by Stripe. We do not store full card numbers; Stripe retains the card and returns a reference token we store to charge your subscription. See Stripe's privacy policy at stripe.com/privacy.

Usage & technical information

We collect standard server logs including IP address, browser user agent, pages viewed, timestamps, and errors. We use cookies to keep you signed in and to remember preferences. We do not use third-party advertising cookies.

Support communications

When you submit a support ticket or reply to one, we retain the subject, body, and metadata (status, priority, who it was assigned to). Agents may add internal notes that are not visible to you.

2. How We Use Information

Provide, secure, and operate the service, including authentication, billing, ingestion of device data, and reporting.
Send transactional messages — password resets, billing notices, support responses, system alerts, and security events.
Send SMS notifications if you have opted in (e.g., machine-offline alerts). You can opt out by replying STOP.
Monitor and improve the service, including detecting abuse, debugging, and capacity planning.
Comply with legal obligations and enforce our Terms of Use.

3. How We Share Information

We do not sell personal information. We share information only with:

Service providers who operate on our behalf under written contracts: hosting (AWS), email delivery (Postmark), SMS delivery (Twilio), payments (Stripe), real-time messaging (PubNub), and error monitoring.
Other users in your organization — by design. Administrators at your organization can see user accounts, tickets, and data belonging to the organization.
Legal requirements — when we believe in good faith that disclosure is required to comply with law, protect rights, or respond to lawful requests.
Business transfers — in connection with a merger, acquisition, or sale of assets, subject to the same commitments as in this policy.

4. Data Retention

Account and billing records are retained for the life of your subscription and for a reasonable period thereafter to comply with tax, accounting, and legal obligations. Device telemetry is retained according to your plan. Support tickets and replies are retained for historical reference. Deleted records are soft-deleted in our database; we purge backups on a rolling schedule.

5. Security

We use industry-standard safeguards: encrypted transport (HTTPS/TLS), hashed passwords, role-based access controls, session timeouts, CSRF protection, and audit logging. No system is perfectly secure; please use a strong password and do not share it.

6. Your Choices

Access and correction — you can view and update your profile, your organization's details, and user accounts from within the service.
Deletion — account administrators can close the account at any time from Settings; this cancels billing and disables all users.
SMS opt-out — reply STOP to any message, or uncheck SMS consent in your profile.
Email notifications — you can manage notification preferences from your profile. Transactional messages (billing, security, password resets) cannot be disabled while the account is active.
Cookies — you can block cookies in your browser, but the service requires cookies to keep you signed in.

7. Children

The service is intended for business use. We do not knowingly collect personal information from children under 13.

8. International Transfers

We operate in the United States. If you access the service from outside the US, you understand that your information will be transferred to and processed in the US.

9. Changes

We may update this policy from time to time. Material changes will be posted here with a new effective date. Continued use of the service after changes become effective constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Contact CPA Analytics support through the in-app support page, or by email at the address listed in your account.