Privacy Policy
Effective Date: November 1, 2025
Introduction
CFO AI, Inc. (referred to as “CFO AI,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes what information we collect from visitors and subscribers (“you” or “users”), how we use and share that information, and your rights regarding your data. By using the benchmarkAI.app website (the “Site”) or providing us with your information, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Site.
Information We Collect
Personal Information (Email Address)
We do not require any personal data to simply browse the Site. However, if you choose to subscribe to our email updates, we will collect your email address. This is the only piece of personally identifiable information we collect from you. We use your email address solely to send you the newsletters or research updates you requested, with an option to unsubscribe in every message.
Usage Data (Analytics)
When you visit our Site, we automatically receive certain non-personal usage data about your visit. Specifically, we use Vercel Web Analytics, a privacy-focused analytics service, to collect anonymized information such as:
- Your IP address (which Vercel immediately anonymizes)
- Browser type and version
- Operating system
- Pages you visit on our Site
- The time spent on each page
This information is aggregated and cannot directly identify you – it is used for understanding overall visitor behavior and improving our website's content and performance. Vercel Analytics does not use cookies or persistent identifiers to track you. Instead, it employs a cookie-less technique to count visits in a privacy-friendly manner. As a result, we do not deploy any tracking cookies on your device for analytics purposes, and no personal profile of your browsing is created.
Cookies and Similar Technologies
Aside from the above-mentioned analytics (which uses no cookies), we do not currently use any cookies or web beacons for tracking or advertising. The Site does not employ third-party advertising networks or social media trackers. The only third-party tools in use (Vercel Analytics and our email service) do not require cookies for their core functionality. If in the future we introduce features that use cookies (for example, to remember preferences), we will update this policy and provide appropriate notice and consent options. You always have the ability to control cookies through your browser settings.
How We Use Your Information
We use the information we collect for the following purposes:
To Provide and Operate the Site
We process usage data to monitor the Site's performance, load pages correctly, and fix technical issues. For example, anonymized analytics help us identify errors or pages with technical problems so we can address them.
To Improve Content and User Experience
We analyze aggregate visitor data (e.g. which pages are most visited, how long users stay on a page) to understand what content is most useful and to make informed decisions on improving our offerings. This helps us optimize site layout, add new features, or refine content to better serve our users' interests.
To Send Email Updates (With Consent)
If you subscribe to our newsletter or research updates, we will use your email address to send you periodic emails containing the content you signed up for. These emails may include news about benchmarkAI.app's research findings, site updates, or related educational information. We will only send you these emails if you have provided your email address for this purpose, and you can opt out at any time (see “Your Choices” below). We do not send unsolicited marketing emails or share your email with advertisers.
To Ensure Security and Prevent Misuse
We may use IP addresses and browser information to help diagnose or prevent fraud or abuse of our Site. For example, if we detect multiple failed subscription attempts or suspicious activities, we might use logged information to investigate or block malicious behavior. This is done to protect the integrity of our website and the security of our users.
We do not use the data we collect to profile you or make any automated decisions that could affect you legally or significantly. All analytics data is reviewed in aggregate form, and personal data (limited to email addresses for subscribers) is handled only in the context of sending you the content you signed up for.
How We Share and Disclose Information
We value your privacy and handle your information with care. We do not sell or rent your personal information to third parties. Because we currently do not monetize our Site or user data, there is no sharing of your information for advertising or marketing purposes. We share information only in the limited circumstances described below:
Service Providers
We use a few trusted third-party service providers to help us operate our Site and deliver our services to you:
Website Hosting and Analytics (Vercel)
Our Site is hosted on Vercel's platform, which also provides the analytics described above. In the course of providing these services, Vercel may process anonymized usage data (e.g. IP addresses, device information) as our data processor. This data is handled in accordance with Vercel's privacy and security policies, and remains under our control. Vercel does not use the analytics data for its own purposes; it simply presents us with aggregated statistics about our site traffic.
Email Delivery (Resend)
We use Resend (an email delivery service for developers) to manage our email newsletter list and send out our update emails. If you subscribe to our updates, your email address is stored on Resend's secure servers so that we can send you the emails. Resend acts as a data processor on our behalf – it may process your email address and the content of the newsletter emails for the sole purpose of sending messages to you. Resend is a reputable email service that is committed to data security and privacy (it is GDPR-compliant and provides unsubscribe functionality by default). We do not permit Resend to use your email information for any purpose other than to send our communications. Additionally, every email we send via Resend includes an “Unsubscribe” link that you can click to opt out of future emails immediately, in compliance with email best practices and laws.
These third-party providers are bound by contractual privacy obligations. They cannot legally use your data for their own marketing or share it, and they must adhere to applicable privacy laws. We only partner with service providers that employ industry-standard security measures to safeguard your data.
Legal Compliance
We may disclose your information if required to do so by law or lawful subpoena, or if we believe in good faith that such action is necessary to (a) comply with a legal obligation (for example, responding to a court order or government request), (b) protect and defend our rights or property, (c) prevent or investigate possible wrongdoing in connection with the Site, (d) protect the personal safety of users of the Site or the public, or (e) protect against legal liability. In any such case, we would only provide the minimum information necessary to meet the legal requirement.
Business Transfers
If CFO AI, Inc. is involved in a merger, acquisition, sale of assets, or other business reorganization, your information (such as the email subscription list) may be transferred to the succeeding entity as part of that transaction. If that occurs, we will ensure the successor is bound to the same standards of privacy stated in this policy and we will notify you (for example, by email or a prominent notice on our Site) of any change in data ownership or new contact information.
With Your Consent
Apart from the scenarios above, we will only share your personal information with third parties if you have given us explicit consent to do so. For instance, if in the future you request that we connect you with a partner or sign up for a service through benchmarkAI.app that requires sharing information, we would do so only with your knowledge and approval. At this time, we have no such data-sharing partnerships in place.
In summary, outside of our core service providers (Vercel and Resend) acting on our behalf, we do not share your personal data with anyone unless it's legally necessary or you ask us to.
Data Storage and Retention
Email Addresses
If you subscribe to our email updates, we will retain your email address for as long as you remain subscribed. We store subscriber emails securely in our email service (Resend) and in any backup mailing list we maintain. We keep this information so we can continue sending you the research updates you requested. If you choose to unsubscribe or ask us to remove your email, we will delete your email address from our active mailing list promptly. (Note: we may retain a minimal record of your email in a suppression list to ensure we honor your unsubscribe request and do not accidentally re-add you, as required by anti-spam regulations. This suppression record will not be used for any other purpose.)
Analytics Data
The anonymized usage data collected via Vercel Analytics is retained in aggregate form. We generally look at trends over various periods, but individual visit data (which is already anonymous) is not tied to any persistent identifier. Vercel's system generates daily unique visitor hashes that reset every 24 hours, so we cannot track a specific visitor beyond a single day. We may retain aggregated analytics reports (e.g. monthly page view counts) indefinitely for historical comparison, but these do not contain personal data. Any raw analytics logs that do contain IP addresses (even truncated) are managed by Vercel and are subject to Vercel's retention policies. According to Vercel, the data is stored in a privacy-preserving way; we do not have access to full IP addresses or any data that would personally identify visitors.
Data Security and Storage Locations
CFO AI, Inc. is based in the United States. By using our Site or subscribing to our emails, you understand that your information will be stored and processed on servers located in the United States (and possibly other jurisdictions where our service providers maintain servers, such as within the US or EU). If you are located outside the United States, note that local laws may differ on data protection. We take steps to ensure appropriate safeguards are in place to protect your data when it is transferred internationally. Your continued use of the Site or submission of information represents your agreement to this transfer and storage of your information in the U.S.
We retain personal data only as long as necessary for the purposes described above (or as required by law). In practice, this means: subscriber emails are kept until you unsubscribe or request deletion; and analytics data is kept in aggregate without personal identifiers. We periodically review the data we hold and erase or anonymize information that is no longer needed.
Data Security
We employ commercially reasonable security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include using secure server environments, encryption where appropriate, and restricting access to personal data to only those in our team or service providers who need it to perform their duties. For example, access to the email subscriber list is limited and protected by authentication, and our website's connection is encrypted via HTTPS when transmitting data.
However, please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use acceptable means to protect your information, we cannot guarantee absolute security. You transmit data to us at your own risk. In the unlikely event of a data breach that affects your personal information, we will notify you as required by applicable law and take immediate steps to mitigate the issue.
To further protect yourself, we recommend that you use unique and strong passwords for your email and any online accounts, and that you do not share sensitive personal information in unencrypted channels. CFO AI, Inc. will never ask you for sensitive information like passwords or credit card numbers, and you should be cautious if you receive any such request purporting to be from us.
Your Rights and Choices
We respect your rights over your personal information. Depending on your jurisdiction, you may have some or all of the following rights regarding data that relates to you:
Access and Correction
You have the right to request a copy of any personal information we hold about you (which, for typical users, would just be your email address if you subscribed). You also have the right to request correction of any inaccuracies in that information.
Unsubscribe / Opt-Out
If you no longer wish to receive our email updates, you can unsubscribe at any time. Every email we send includes an “Unsubscribe” link at the bottom; clicking that link will automatically remove you from the mailing list. Once you unsubscribe, we will stop sending you the newsletter or updates. (Please note it may take a short time to process the removal, but typically it is immediate via the link.)
Deletion
You can request that we delete the personal information we have about you. For example, you may ask that we remove your email from our records entirely. Aside from information we are required to keep for legal compliance or legitimate purposes (which is uncommon in our case), we will honor such requests. If you have subscribed to emails, unsubscribing achieves the deletion of your email from active use.
California Privacy Rights
If you are a California resident, you are entitled to certain additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These include the right to know what personal data is collected about you, the right to request deletion of your personal data, the right to opt out of the sale or sharing of personal information, and the right to correct inaccurate personal information. As noted, we do not sell or share your personal data for monetary value or cross-context behavioral advertising.
GDPR and International Rights
If you are located in the European Economic Area (EEA), United Kingdom, or other region with comprehensive data protection laws (like the GDPR), you may have the right to withdraw consent (for email subscriptions), and to request from us: access to personal data, rectification or erasure of your data, restriction of processing, or to object to processing, as well as the right to data portability. You also have the right to lodge a complaint with a supervisory authority in your country. As our processing of your email (if you subscribe) is based on your consent, you may withdraw that consent at any time by unsubscribing. Our processing of usage data is based on our legitimate interest in understanding and improving our website (and is done without identifying you).
We will not discriminate against you for exercising any of these rights. We are a small, research-oriented service, and we strive to be transparent and responsive to users' privacy needs.
Children's Privacy
Our Site and services are not intended for children under the age of 13, and we do not knowingly collect personal information from anyone under 13 years old. If you are under 13, please do not use the Site or submit any personal information to us (including your email).
If we learn that we have inadvertently collected personal data from a child under 13 without appropriate consent, we will take prompt steps to delete that information from our records. If you are a parent or guardian and you believe your child under 13 may have provided personal information to us, please contact us immediately so that we can investigate and delete any such data.
(For residents of certain jurisdictions, such as the European Union, the age limit for data consent may be higher – e.g., 16. We do not knowingly collect data from minors under the age of 16 either, in order to comply with those requirements. If you are under the age of 16, you should not use this Site or provide any personal information.)
Changes to This Privacy Policy
We may update or revise this Privacy Policy from time to time. If we make material changes to how we collect or use your information, we will notify users by posting the updated policy on this page with a new effective date, and/or by any other reasonable means. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
Your continued use of the Site after any changes to this Privacy Policy have been posted will signify your acceptance of those changes, provided that for any material changes that expand our use or sharing of personal data in ways not previously disclosed, we will obtain your consent or give you the opportunity to opt out as required by law.
The “Effective Date” at the top of this Privacy Policy indicates when it was last updated.