Main CFO

Contact Us

Main CFO
Main CFO

Privacy Policy

Privacy Policy

Last Updated: February 19, 2025

1. Introduction

This Privacy Policy describes how Main CFO LLC (“we,” “us,” “our,” or the “Company”) collects, uses, discloses, and protects personal information when you use our website (www.maincfo.com), engage our services, or otherwise interact with us.

We provide fractional Chief Financial Officer services to businesses in the United States and internationally. Because we serve clients located in the European Union and European Economic Area, and process payments through international banking channels, this policy addresses both United States federal and state privacy requirements and the European Union General Data Protection Regulation (GDPR).

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

  • Personal Data: Any information that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked to, an identified or identifiable natural person.

  • Processing: Any operation performed on personal data, including collection, recording, storage, retrieval, use, disclosure, or deletion.

  • Data Controller: Main CFO LLC, which determines the purposes and means of processing personal data.

  • Data Processor: A third party that processes personal data on behalf of the Data Controller.

  • Data Subject: An identified or identifiable natural person whose personal data is processed.

  • Service: Our website at www.maincfo.com and the fractional CFO services we provide.

  • Consumer: For purposes of the California Consumer Privacy Act (CCPA), a natural person who is a California resident.

3. Data Controller

The data controller responsible for your personal data is:

  • Main CFO LLC

  • United States

  • Email: admin@maincfo.com

  • Website: www.maincfo.com

4. Personal Data We Collect

4.1 Information You Provide Directly

  • Full name and business title

  • Email address

  • Phone number

  • Business name and address

  • Billing and payment information (processed by Stripe; we do not store payment card details)

  • Bank account details for wire transfers and SEPA payments (processed by Stripe)

  • Financial records and business data you share in the course of our engagement

  • Communications you send to us (email, forms, phone)

4.2 Information Collected Automatically

  • IP address

  • Browser type and version

  • Device type and operating system

  • Pages visited, time spent on pages, and navigation paths

  • Referring URL and exit pages

  • Date and time of visits

  • Cookies and similar tracking technologies (see Section 9)

4.3 Information from Third Parties

  • Payment status and transaction confirmations from Stripe

  • Analytics data from service providers

5. Legal Basis for Processing (GDPR)

If you are located in the European Union, European Economic Area, or the United Kingdom, we process your personal data on the following legal bases:

  • Performance of a Contract: Processing necessary to deliver the fractional CFO services you have engaged us to perform, including invoicing and payment processing.

  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, internal analytics, and direct communications with existing clients, provided these interests are not overridden by your data protection rights.

  • Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal proceedings, including tax reporting and anti-money laundering requirements.

  • Consent: Where we rely on your consent (e.g., for marketing communications or non-essential cookies), you may withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal.

6. How We Use Your Personal Data

  • To provide and deliver our fractional CFO services

  • To process payments, including SEPA bank transfers and ACH transfers

  • To communicate with you regarding our services, invoices, and account activity

  • To respond to your inquiries and requests

  • To send marketing communications (only with your consent or where otherwise permitted by law)

  • To monitor and improve our website functionality and user experience

  • To comply with legal and regulatory obligations

  • To detect, prevent, and address fraud, security incidents, or technical issues

  • To enforce our contractual terms and protect our legal rights

7. Payment Processing

We use Stripe, Inc. (“Stripe”) as our third-party payment processor. Stripe processes payments on our behalf, including credit card payments, ACH bank transfers, and SEPA (Single Euro Payments Area) bank transfers from clients located in the European Union.

When you submit payment information, that information is provided directly to Stripe. We do not store or have access to your full payment card numbers, bank account numbers, or SEPA account details. Stripe’s use of your personal information is governed by Stripe’s Privacy Policy, available at https://stripe.com/privacy.

Stripe is certified under the PCI Data Security Standards (PCI-DSS) and adheres to industry-standard security measures for the processing of payment data. For EU-to-US data transfers, Stripe relies on approved transfer mechanisms including Standard Contractual Clauses (SCCs) and other safeguards as required under the GDPR.

8. Sharing and Disclosure of Personal Data

We do not sell your personal data. We may share your personal data in the following limited circumstances:

  • Service Providers: We share personal data with trusted third-party service providers who assist us in operating our business, including payment processing (Stripe), website analytics, email communication platforms, and cloud storage providers. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

  • Legal Requirements: We may disclose personal data when required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Main CFO LLC, our clients, or the public.

  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will provide notice before your data becomes subject to a different privacy policy.

  • With Your Consent: We may share your personal data for purposes not described in this policy if we obtain your explicit consent.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and analyze website usage. The types of cookies we use include:

  • Essential Cookies: Required for the basic functionality of our website (e.g., session management, authentication). These cannot be disabled.

  • Functional Cookies: Allow us to remember your preferences and provide enhanced features.

  • Analytics and Performance Cookies: Help us understand how visitors interact with our website. These may be administered by third-party analytics providers.

You may control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Note that disabling certain cookies may affect website functionality.

For EU visitors, non-essential cookies are only placed after you provide consent through our cookie banner.

10. International Data Transfers

Main CFO LLC is based in the United States. If you are located outside the United States, including in the European Union, European Economic Area, or United Kingdom, your personal data will be transferred to and processed in the United States.

We take appropriate safeguards to ensure that international transfers of personal data comply with applicable law. These safeguards include:

  • Standard Contractual Clauses (SCCs): Where required, we use EU-approved Standard Contractual Clauses with our service providers to ensure adequate protection for personal data transferred outside the EU/EEA.

  • Data Processing Agreements: We maintain written agreements with all service providers that process personal data on our behalf, requiring them to implement appropriate technical and organizational security measures.

  • EU-U.S. Data Privacy Framework: Where applicable, we work with service providers (such as Stripe) that have certified under the EU-U.S. Data Privacy Framework.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Specifically:

  • Client engagement data: Retained for the duration of our engagement and for a period of seven (7) years thereafter, in accordance with tax and accounting record-keeping requirements.

  • Payment transaction records: Retained as required by applicable financial regulations and tax law.

  • Website usage data: Retained for up to twenty-four (24) months, unless required for security purposes.

  • Marketing communications data: Retained until you unsubscribe or withdraw consent.

When personal data is no longer needed, we securely delete or anonymize it.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL)

  • Secure access controls and authentication for internal systems

  • Regular review of data collection, storage, and processing practices

  • Restriction of access to personal data to authorized personnel only

  • Use of PCI-DSS compliant payment processors

No method of transmission over the Internet or electronic storage is completely secure. While we take commercially reasonable steps to protect your personal data, we cannot guarantee its absolute security.

13. Your Rights Under the GDPR (EU/EEA/UK Residents)

If you are located in the European Union, European Economic Area, or the United Kingdom, you have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.

  • Right to Rectification: You may request that we correct inaccurate or incomplete personal data.

  • Right to Erasure: You may request the deletion of your personal data, subject to legal retention obligations.

  • Right to Restriction of Processing: You may request that we limit the processing of your personal data in certain circumstances.

  • Right to Data Portability: You may request your personal data in a structured, commonly used, and machine-readable format.

  • Right to Object: You may object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.

  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us at contact@maincfo.com. We will respond to your request within thirty (30) days.

14. Your Rights Under the CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

Categories of Personal Information Collected

Within the preceding twelve (12) months, we may have collected the following categories of personal information:

  • Identifiers (name, email address, IP address, account name)

  • Personal information under Cal. Civ. Code § 1798.80(e) (name, address, telephone number)

  • Commercial information (records of services purchased or considered)

  • Internet or similar network activity (browsing history, interactions with our website)

Your CCPA Rights

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.

  • Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.

  • Right to Opt-Out of Sale: We do not sell personal information as defined under the CCPA.

  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, contact us at contact@maincfo.com or visit www.maincfo.com. We will verify your identity before processing your request and respond within forty-five (45) days.

15. Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at contact@maincfo.com.

16. Third-Party Links

Our website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any third-party site you visit.

17. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required under the GDPR

  • Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms

  • Notify affected California residents as required under applicable California law

  • Document the breach, its effects, and the remedial actions taken

18. Do Not Track Signals

Some browsers include a “Do Not Track” (DNT) feature that signals to websites that the user does not wish to be tracked. There is no uniform standard for responding to DNT signals. At this time, our website does not respond to DNT signals. We will update this policy if a uniform standard is established.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we make material changes, we will:

  • Post the updated policy on our website with a revised “Last Updated” date

  • Notify you by email if we have your contact information and the changes are material

We encourage you to review this policy periodically.

20. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we process your personal data, please contact us:

Main CFO LLC

Email: contact@maincfo.com

Website: www.maincfo.com

For EU/EEA/UK residents: You also have the right to lodge a complaint with your local data protection authority.

Go to the Homepage