Privacy Policy

NullPoint LLC, DBA RLNR Docu-Service
Effective Date: August 10, 2025

At NullPoint LLC, DBA RLNR Docu-Service ("Company," "we," "us," or "our"), we are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use our manual fraud detection services ("Services"), website, or any related applications or platforms. We comply with all applicable data protection laws, including the Connecticut Data Privacy Act (CTDPA), California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and other relevant U.S. state laws, as well as the General Data Protection Regulation (GDPR) and UK GDPR where they apply to our operations. If you have questions or concerns, please contact us using the details in Section 14.

By using our Services, you consent to the practices described in this Policy. If you do not agree, please do not use our Services.

1. Scope and Applicability

This Policy applies to all personal information we collect from or about you through our website, Services, third-party integrations (e.g., QuickBooks Online Accountant for account linking and transaction monitoring, monday.com for client management, Squarespace for payments), and any other interactions with us, including emails, forms, and customer support communications. "Personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including sensitive personal information under applicable laws (e.g., financial account data under CCPA).

This Policy does not apply to information collected by third parties not controlled by us, such as financial institutions, unrelated websites linked from our platform, or publicly available information from government databases. We are not responsible for the privacy practices of these third parties.

2. Information We Collect

We collect the following categories of personal information, as defined under applicable laws like CCPA:

a. Information You Provide Directly:

- Identifiers (e.g., name, email address, phone number, mailing address).

- Commercial information (e.g., subscription tier, service preferences).

- Financial account authorization data (e.g., permissions to access transaction data via QuickBooks Online Accountant) but not usernames or passwords.

b. Information Collected Automatically:

- Internet or other electronic network activity (e.g., IP address, browser type, operating system, pages viewed, time spent, referring URL) via cookies, web beacons, and similar technologies.

- Log data (e.g., access times, error reports, device identifiers).

- Geolocation data (e.g., approximate location based on IP address, if enabled).

c. Information from Third Parties:

- Transaction data from linked accounts via QuickBooks Online Accountant when you authorize access.

- Client management data from monday.com (e.g., contact details) with your consent.

- Payment processing data (e.g., transaction confirmation) from Squarespace, which handles payment details directly and does not share them with us.

- Aggregated or de-identified data from analytics providers for service improvement.

We do not collect sensitive personal information (e.g., racial or ethnic origin, religious beliefs, health data, biometric data, or precise geolocation) unless necessary for the Services and with your explicit consent. We do not engage in automated profiling or decision-making that produces legal or similarly significant effects without your consent.

3. How We Collect Information

- Directly from you (e.g., registration forms, account setup, communications, support tickets).

- Automatically through cookies, server logs, and tracking technologies (see Section 10 for details).

- From third-party integrations (e.g., QuickBooks Online Accountant syncs transaction data when you link accounts with your authorization; monday.com collects client interaction data).

- From service providers or partners (e.g., Squarespace for payment confirmations, analytics tools like Google Analytics for usage metrics).

- From publicly available sources for verification purposes (e.g., business registries).

We minimize data collection to what is necessary for the Services and use data minimization principles as recommended by privacy best practices [IAPP Privacy Resources, web:1].

4. How We Use Your Information

We use your personal information for the following purposes, in accordance with legal bases such as consent, contract performance, legitimate interests, or legal obligations:

- To provide and maintain the Services, including manual monitoring of transactions for fraud via QuickBooks Online Accountant.

- To process and manage subscriptions and payments through Squarespace (we do not handle payment details directly).

- To communicate with you (e.g., notifications, support queries, service updates) via email or monday.com.

- To improve our Services, conduct internal analytics, and detect fraud or abuse (using de-identified data where possible).

- To comply with legal and regulatory obligations, such as data retention under tax laws or reporting under CTDPA/CCPA.

- For business operations, including auditing, research, and development (limited to aggregated data).

- To enforce our Terms of Service, protect our rights, and prevent misuse.

We do not use your information for automated decision-making or profiling that produces legal effects without human oversight or your consent. Under CCPA/CPRA, we do not "sell" or "share" personal information, but if we do in the future, we will provide opt-out rights [Termly Privacy Policy Template, web:10].

5. How We Share Your Information

We may share your personal information with the following categories of recipients, only as necessary and with appropriate safeguards:

- Service providers and vendors (e.g., QuickBooks Online Accountant for monitoring, monday.com for management, Squarespace for payments) under binding data processing agreements that require them to protect your data and use it only for specified purposes.

- Legal authorities, regulators, or law enforcement when required by law, subpoena, court order, or similar legal process (e.g., fraud investigations).

- Business partners or successors in the event of a merger, acquisition, reorganization, or asset sale (with prior notice to you and an opportunity to object where required by law).

- Affiliates or subcontractors for operational support, subject to the same privacy protections.

- Professional advisors (e.g., lawyers, auditors) for compliance purposes.

We do not sell personal information to third parties. For CCPA/CPRA purposes, we do not "share" for behavioral advertising, but if we do, opt-out is available via our website. International transfers use Standard Contractual Clauses or equivalent mechanisms under GDPR [Intuit Privacy Statement, web:1].

6. Data Security

We implement industry-standard security measures to protect your personal information, including administrative (e.g., employee training), technical (e.g., encryption, firewalls, access controls), and physical safeguards (e.g., secure servers). For example, monday.com uses 256-bit encryption for client data, and QuickBooks Online Accountant employs bank-level security for transaction monitoring [Intuit Global Privacy Statement, web:1]. However, no system is completely secure, and we cannot guarantee absolute protection against unauthorized access, breaches, or cyberattacks. In the event of a data breach, we will notify affected individuals and authorities as required by law (e.g., within 60 days under CTDPA or 72 hours under GDPR).

7. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

- Access: Request a copy of your personal information we hold (e.g., under CCPA, twice per year free of charge).

- Correction/Rectification: Request updates to inaccurate or incomplete data.

- Deletion/Erasure: Request deletion of your data, subject to legal exceptions (e.g., retention for tax purposes).

- Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information (not applicable currently, but we provide mechanisms for future compliance).

- Limit Use of Sensitive Data: Request limitations on the use of sensitive personal information (e.g., financial data) under CCPA/CPRA.

- Data Portability: Receive your data in a portable format under GDPR or CCPA.

- Objection/Restriction: Object to or restrict processing for certain purposes (e.g., legitimate interests under GDPR).

- Non-Discrimination: We will not discriminate against you for exercising your rights, such as by denying services or charging different prices.

To exercise these rights, submit a verifiable request via [Customer Support Email] or our website form. We respond within 45 days (extendable under CTDPA/CCPA to 90 days with notice). For CCPA/CPRA, we verify requests using identifiers like email or account details. Appeals can be made to our Data Protection Officer, and you may contact your state attorney general if unsatisfied.

8. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to collect data for functionality, analytics, and personalization. Categories include:

- Essential cookies: Required for site operation (e.g., session management).

- Performance cookies: Track usage metrics (e.g., page views via Google Analytics).

- Functional cookies: Enable preferences (e.g., language settings).

- Targeting cookies: For personalized content (minimal use).

You can manage cookies via your browser settings or our cookie banner. For more details, see our Cookie Policy [Termly Privacy Policy Template, web:10].

9. Children's Privacy

Our Services are not intended for children under 18 (or 16 in some jurisdictions under GDPR). We do not knowingly collect, use, or disclose personal information from minors. If we discover such data has been collected without verifiable parental consent under COPPA or equivalent laws, we will delete it immediately and terminate the associated account. Parents or guardians who believe we have collected child data should contact us for removal.

10. International Data Transfers

We may transfer personal information to countries outside your jurisdiction (e.g., QuickBooks Online Accountant servers in the US or abroad). To ensure adequate protection, we use approved mechanisms such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or adequacy decisions under GDPR and equivalent U.S. state laws. For CCPA/CPRA, we ensure transfers do not diminish your rights. If you are in the EEA or UK, you may request a copy of our data transfer agreements.

11. Data Retention

We retain personal information only as long as necessary for the purposes described, or as required by law. For example:

- Subscription data: During the active Subscription and 30 days post-termination.

- Transaction data: Up to 7 years for tax and audit compliance.

- Log data: Up to 2 years for security purposes.

- De-identified data: Indefinitely for analytics.

Data is deleted or anonymized when no longer needed, using secure methods. You may request deletion earlier via your privacy rights.

12. Changes to This Policy

We may update this Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email, website notice, or in-app alert at least 30 days in advance (or as required by law). Continued use after the effective date constitutes acceptance. We encourage you to review this Policy periodically.

13. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects without human oversight or your explicit consent. Any automated processing is limited to basic fraud alerts and requires manual review.

14. Contact Us

For privacy questions, rights requests, complaints, or to exercise your rights, contact our Data Protection Officer at Support or 203-212-8762. For CTDPA/CCPA appeals, we provide a formal response process. If unsatisfied, you may contact your state attorney general or, for GDPR, your local data protection authority.

Thank you for trusting us with your privacy.