Privacy Policy

Version 1.0 · Effective 14 June 2026

1. Who we are

Pavitt Public Finance, LLC ("we", "us") operates the service at pfmexpert.net. This policy explains what we collect, why, and your choices. Questions: support@pfmexpert.net.

2. Information we collect

Account data you provide (name, email, job title, organisation, and the pathway and access level chosen at registration). Billing data handled by our payment processor, Stripe (billing address and tax identifiers; card details are entered with Stripe and are not stored by us). Usage data (how you use the training and the Desk). Content you submit, including Desk questions and any documents you upload. Technical data such as authentication cookies and, for security and abuse-prevention, a hashed form of your IP address and your browser user-agent.

3. How we use it

To provide and operate the service; to authenticate you and keep accounts secure; to process payments and taxes; to respond to your questions; to maintain and improve the service; and to comply with law. We rely on performing our contract with you, our legitimate interests in running and securing the service, and your consent where required.

4. Service providers (sub-processors)

We share data only as needed with providers who process it on our behalf: Supabase (database, authentication, and document storage), Vercel (hosting), Stripe (payments and tax), Resend (transactional email), OpenRouter and the underlying model providers it routes to (generating Desk answers), Amazon Web Services (optical character recognition, in the EU (Ireland) region, used only to read scanned or photographed document uploads), and OpenAI (text embeddings for search). Each processes data under its own terms.

5. AI processing of your questions and documents

When you use the Desk, your question, any documents you attach, and the source material retrieved to answer it are sent through OpenRouter to a language-model provider to generate a response. For the call that carries your uploaded documents, we instruct OpenRouter to route only to providers that do not retain or train on the content. Scanned or photographed uploads are first read by an optical-character-recognition service (Amazon Web Services, in the EU (Ireland) region) to extract their text; pages are sent only as transient image data and are not stored by that service. We do not use your submitted content to train any model, and we do not sell your data.

6. Retention

We keep account and billing records for as long as your account is active and as required for legal, tax, and accounting purposes, then delete or anonymise them. Desk conversations, answers, and any documents you upload are retained while your account is active so you can refer back to them; you can delete an uploaded document, together with the text extracted from it, at any time from the conversation. Acceptance records of these terms are kept as a record of the agreement.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise them, contact support@pfmexpert.net. You can also manage billing details through the customer portal.

8. International transfers

We and our providers may process data in the United States and other countries; optical character recognition for document uploads is performed in the European Union (Ireland). Where required, we rely on appropriate safeguards for cross-border transfers.

9. Security

We use access controls, encryption in transit and at rest, row-level security in our database, and private, per-account storage for uploaded documents to protect data. No system is perfectly secure; you are responsible for keeping your credentials safe.

10. Children

The service is not directed to children under 13, and we do not knowingly collect their data.

11. Changes

We may update this policy; we will revise the version and effective date above when we do.