Privacy Policy

EDMA Group Inc – Privacy Policy

Last Updated: November 25, 2025

1. Scope

This Privacy Policy applies to all services, websites, and mobile applications provided by EDMA Group Inc.

2. Information We Collect

  • Personal Information: name, email address, company name, billing information, phone number
  • Financial Data: transactions, chart of accounts, invoices, bank feeds you connect, tax IDs (where provided)
  • Technical & Usage Data: IP address, browser type, device information, activity logs

3. How We Use Your Information

  • To deliver and improve the Services
  • To process payments and issue invoices
  • To communicate support, updates, and (with opt-out) marketing
  • To detect and prevent fraud or abuse
  • To comply with legal and regulatory obligations

4. Data Security

  • Data in transit: TLS 1.3 encryption
  • Data at rest: AES-256 encryption
  • Bank connections: via Plaid, Yodlee, or equivalent read-only, credential-free integrations
  • Regular penetration testing and pursuit of SOC 2 Type II attestation (report available under NDA to paid customers)

5. Data Sharing

We share data only with: - Trusted sub-processors under strict Data Processing Agreements (AWS, Stripe, Plaid, SendGrid, etc.)
- Law enforcement or regulators when legally required
- Potential acquirers in the event of a merger or sale (with notice where practicable)

We do not sell your personal information.

6. International Data Transfers

Data is primarily processed and stored in the United States. We rely on Standard Contractual Clauses and/or adequacy decisions for transfers outside the U.S.

7. Your Rights

You may request to access, correct, delete, export, restrict, or object to processing of your personal data. Contact support@edmagroup.io — we will respond within 30 days (or sooner where required by law).

8. Data Retention

We retain personal and financial data as long as your account is active or as required for legal, tax, or auditing purposes (generally 7 years for U.S. financial records).

9. Changes to this Policy

Material changes will be notified via email or prominent in-app notice at least 30 days in advance.

10. Contact & Data Protection Officer

EDMA Group Inc
Attn: Data Protection Officer
support@edmagroup.io