Privacy Policy

1. Overview

HeadlessCPA ("we," "us," or "our") operates the HeadlessCPA platform, including headlesscpa.com and associated APIs. This policy describes what data we collect, how we use it, and your rights as a visitor or customer. This policy does not cover data processed on behalf of our customers as part of the accounting infrastructure service — that is governed by our Data Processing Agreement.

2. Data We Collect

Contact and lead forms

When you submit a request for API access or send a contact message, we collect your name, work email, company name, and any information you include in the message field. This data is stored in our Convex database and is used only to respond to your request.

Authentication

If you create an account or sign in to the dashboard, authentication is handled by Clerk. We store a reference to your Clerk user ID, your name, and email address. Passwords are never stored by us — Clerk handles credential management.

Financial data (customers only)

Bank feed connections are established via Plaid. We store Plaid access tokens (encrypted) and transaction data as part of the accounting infrastructure service. Financial credentials (bank usernames and passwords) are never stored by HeadlessCPA or Plaid after the initial link — Plaid uses tokenized access.

Usage and error data

We use Sentry for error monitoring. When an application error occurs, Sentry captures the error message, stack trace, and limited context about the request. We do not intentionally send personally identifiable information to Sentry.

3. How We Use Your Data

• To respond to your API access or contact requests
• To operate the accounting infrastructure service for customers
• To diagnose and fix application errors
• To improve the product based on usage patterns
• We do not sell your data to third parties
• We do not use your data for advertising targeting

4. Third-Party Services

The following third-party services may process your data:

• Clerk — authentication and user management (clerk.com)
• Convex — database and backend (convex.dev)
• Plaid — bank feed connections (plaid.com)
• Sentry — error monitoring (sentry.io)

5. Data Retention

Lead and contact form submissions are retained for up to 2 years. Customer accounting data is retained for the duration of the customer relationship plus any legally required retention period. You may request deletion of your data by contacting us at the email below.

6. Your Rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data. To exercise these rights, contact us at privacy@headlesscpa.com.

7. Cookies

This site uses minimal cookies — primarily for authentication session management via Clerk. We do not use third-party advertising cookies. If you are signed in to the dashboard, a session cookie is set. If you are only browsing the marketing site, no persistent cookies are set by us.

8. Contact

Questions about this policy: headlesscpa.com/contact

Note: This privacy policy is a baseline document. Consult qualified legal counsel before relying on it for compliance purposes.