Privacy Policy

1. Introduction

PitchFit L.L.C-FZ ("PitchFit", "we", "us", or "our") is committed to protecting your privacy and handling all user data with international best-practice confidentiality and security mechanisms. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data and Customer Content when you use our websites and our subscription products, Ask and Insights (collectively, the "Services").

PitchFit is a Limited Liability Company licensed in the Meydan Free Zone, Dubai, United Arab Emirates (Licence No. 2526573.01). This Policy is designed to align with global best practices, including the EU and UK General Data Protection Regulation (GDPR / UK GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).

By using the Services, you acknowledge that you have read this Policy. Where required by law, we rely on a lawful basis (described below) or your consent to process personal data.

2. Who Is Responsible for Your Data (Controller / Processor)

For personal data about your use of the Services (such as account and billing data), PitchFit acts as a data controller. For Customer Content that you upload and process through the Services - including financial statements you add to Insights - PitchFit acts as a data processor (or service provider) and processes that content only on your instructions and to provide the Services. Where you upload personal data within Customer Content, you are the controller of that data and are responsible for having a lawful basis to provide it to us.

3. Information We Collect

3.1 Information you provide

• Account data: name, email address, organization, role, and login credentials.
• Billing data: subscription plan, billing contact, and payment information (processed by our payment providers; we do not store full card numbers).
• Communications: messages, support requests, and feedback you send us.

3.2 Customer Content

Financial statements, documents, files, queries, and other materials you upload or generate within the Services, including statements you add to Insights for standardization and comparison. Customer Content may include data about companies and, in some cases, individuals. It is stored within your Instance.

3.3 Information collected automatically

• Usage data: features used, actions taken, and timestamps.
• Device and log data: IP address, browser type, device identifiers, and diagnostic logs.
• Cookies and similar technologies: used to operate the Services, remember preferences, and measure performance (see Section 9).

4. How We Use Information

We use information to:

• provide, operate, maintain, and secure the Services, including processing and standardizing financial statements and generating comparisons within Insights;
• create and manage your Account and Subscription, and process payments;
• provide customer support and respond to your requests;
• monitor, troubleshoot, and improve performance, reliability, and security, and prevent fraud or abuse;
• develop and improve the Services using aggregated or de-identified data that does not identify you or any individual or company;
• send service, security, and administrative communications, and, where permitted, relevant product updates (you may opt out of marketing at any time); and
• comply with legal obligations and enforce our Terms.

5. Legal Bases for Processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we process personal data on one or more of the following legal bases:

• Contract: to provide the Services you have subscribed to.
• Legitimate interests: to secure, improve, and promote the Services, balanced against your rights.
• Consent: where required, for example for certain cookies or marketing; you may withdraw consent at any time.
• Legal obligation: to comply with applicable laws, including accounting and tax requirements.

6. How We Share Information

We do not sell your personal data. We do not "sell" or "share" personal data for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. We disclose information only as follows:

• Service providers (sub-processors): trusted vendors who host, process, or support the Services (for example, cloud hosting, payment processing, analytics, and customer support) under contractual confidentiality and data-protection obligations.
• Within your organization: with authorized users of your Account.
• Legal and safety: where required by law, regulation, legal process, or to protect rights, safety, and the integrity of the Services.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy.

7. International Data Transfers

PitchFit operates globally and may process and store information in countries other than your own, including the UAE, the United States, and the European Union. Where we transfer personal data across borders, we implement appropriate safeguards required by applicable law, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms under the UAE PDPL, together with technical and organizational measures to protect the data.

8. Data Retention and Deletion

We retain personal data and Customer Content only for as long as necessary to provide the Services and for the purposes described in this Policy.

Customer Content. Customer Content, including financial statements added to Insights, is stored within your Instance and is deleted when your Account is unsubscribed or deleted.

Account and billing data. We may retain limited account and transaction records for as long as needed to comply with legal, tax, accounting, and audit obligations.

Backups. Residual copies may persist in routine, secure backups for a limited period before being overwritten in the ordinary course.

On request, and subject to legal retention requirements, we will delete or return personal data we process on your behalf.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Services, keep you signed in, remember your preferences, and understand usage so we can improve performance. You can control non-essential cookies through your browser settings or, where provided, our cookie banner. Disabling certain cookies may affect functionality. Where required, we obtain consent before placing non-essential cookies.

10. Data Security

We apply international best-practice technical and organizational measures to protect personal data and Customer Content, including encryption in transit and at rest where appropriate, access controls and least-privilege principles, logical separation of customer Instances, network and application security controls, monitoring and logging, and regular review of our security practices. No system is completely secure; in the event of a personal data breach affecting your rights, we will notify affected parties and the relevant authorities as required by applicable law.

11. Your Privacy Rights

11.1 GDPR / UK GDPR rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority.

11.2 CCPA/CPRA rights (California residents)

Subject to applicable law, you have the right to know what personal information we collect and how it is used and disclosed, to access and delete it, to correct inaccurate information, and to non-discrimination for exercising your rights. As noted above, we do not sell or share personal information for cross-context behavioral advertising.

11.3 UAE PDPL rights

Subject to applicable law, you have rights to access your personal data, request correction or erasure, restrict or object to processing, request portability, and withdraw consent, in accordance with the UAE PDPL.

To exercise any of these rights, contact us at hey@pitchfit.ai. We will respond within the timeframes required by applicable law and may need to verify your identity before acting on a request.

12. Children's Privacy

The Services are intended for business and professional use and are not directed to children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.

13. Third-Party Links and Sources

The Services may link to or process data from third-party websites and publicly available sources. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies. Publicly available financial statements processed through the Services remain subject to the rights and terms of their respective sources.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice (for example, by email or in-product notice) and update the effective date above. Your continued use of the Services after the changes take effect constitutes acceptance of the updated Policy.

15. Contact Us

For privacy questions or to exercise your rights, contact us at hey@pitchfit.ai.

PitchFit L.L.C-FZ - Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates. Licence No. 2526573.01.