Change Solutions

Support

Support & legal

Contact us, read our policies, or get help when you need it.

Privacy Policy

Last updated: April 30, 2026

Privacy Policy

1. Introduction

This document describes our data practices only—what we collect, how we use it, and your rights. For your obligations and our service terms, see our Terms of Service.

Change Solutions is committed to protecting your privacy and ensuring the security of your business and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us:

  • Name and contact information (email address, phone number)
  • Company information (business name, address, industry)
  • Account credentials and authentication data
  • Profile information and preferences
  • Authentication tokens and session information
  • IP address and user agent (captured during account creation and terms acceptance)

2.2 Payment Processor Data (Square)

Important: When you connect your Square account to our Service, we collect and process the following data from Square:

  • Transaction Data: Orders, payments, transaction amounts, dates, line items, product information, and payment methods
  • Inventory Data: Product catalog, stock levels, inventory changes, and product details
  • Location Data: Square location information, addresses, timezone, and currency settings
  • OAuth Credentials: Access tokens and refresh tokens (stored securely) to maintain your Square account connection

Note on Customer Data: While Square's API responses may include customer information (names, emails, phone numbers, addresses), we do not actively process, extract, or store customer-specific data in our active database. Our focus is on transaction and inventory data for business analytics and forecasting. Raw data files stored in Cloud Storage may contain customer information as part of Square's API response structure, but this data is not used or processed by our Service.

This data is collected via Square's OAuth API with your explicit authorization. We use this data to provide business analytics, forecasting, inventory management, and transaction processing. You can disconnect your Square account at any time through your account settings.

2.3 Business Data

To provide our Service, we collect and process business-related data:

  • Sales and transaction data from payment processors
  • Inventory and product information
  • Financial and revenue information
  • Business performance metrics and analytics
  • Employee information (names, roles, schedules, salaries)
  • Forecasts and predictions

2.4 Usage Information

We automatically collect certain information about your use of our Service:

  • Log data (IP address, browser type, access times)
  • Device information and operating system
  • Feature usage and interaction patterns
  • Error reports and performance data
  • Session duration and navigation patterns

2.5 AI Training Data

We collect data used for AI model training and improvement:

  • Company documents (PDF, DOC, DOCX, TXT files up to 10MB)
  • Business context and company information
  • User preferences and AI interaction data
  • Business metrics and operational data

2.6 Google and Gmail Data

Limited use of Google user data. If you connect your Gmail account via Google OAuth, we access your Gmail only to:

  • Update your order information (e.g., orders or delivery information from emails)
  • Update your inventory levels (e.g., restock or receipt information derived from your emails)

We do not use Gmail or any other Google user data for:

  • Advertising or marketing
  • Selling or sharing with third parties for their marketing
  • Machine learning or AI model training — Gmail/Google user data is never used to train or improve our ML or AI models
  • Any purpose other than providing or improving the above order and inventory functionality within our Service

Google user data obtained through Gmail integration is used solely to update your order information and inventory levels. We do not use it for machine learning or AI model training.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide, maintain, and improve our Service
  • Process transactions and manage your account
  • Use Gmail/Google data only to update your order information and inventory levels (see Section 2.6). Gmail/Google user data is not used for machine learning or AI model training.
  • Generate AI-powered insights and predictions
  • Train and improve our machine learning models (Gmail/Google user data is never used for this purpose)
  • Communicate with you about the Service
  • Ensure security and prevent fraud
  • Comply with legal obligations

4. Payment Processor Data Storage

Important Note: When we fetch data from Square, the raw data files stored in Cloud Storage may contain customer information (names, emails, phone numbers, addresses) that Square includes in their API responses. However:

  • We do not actively process or use customer data - our focus is on transaction and inventory data
  • Customer data may be present in raw data files stored in Cloud Storage but is not extracted, processed, or stored in our active database (Firestore)
  • We only process and store: transaction data (orders, payments, amounts, dates), inventory data (products, stock levels), and location data
  • Raw data files in Cloud Storage are retained for data processing purposes and may contain customer information as part of Square's API response structure

If you have concerns about customer data in raw storage files, or if we begin processing customer data in the future, we will update this Privacy Policy and notify you of the change.

5. AI and Machine Learning

Important: We use your business data to train and improve our AI models, including:

  • MARC AI assistant for business intelligence
  • Predictive analytics and forecasting models
  • Pattern recognition for business insights
  • Automated recommendation systems

Data Usage:

  • Gmail/Google user data is not used for AI or machine learning model training. Data collected from Gmail is used only to update your order information and inventory levels (see Section 2.6).
  • Company-specific AI customizations remain your property
  • Aggregated and anonymized data may be used for general service improvement
  • Some personal and business data may be used directly for AI training purposes (excluding Gmail/Google user data)
  • Document uploads are processed by third-party AI services (OpenAI)

Your data helps us provide more accurate predictions and insights. AI predictions are not guaranteed to be 100% accurate and should be used as guidance only.

6. Data Protection and Security

We implement comprehensive security measures to protect your information:

  • End-to-end encryption for data in transit and at rest
  • Role-based access controls and company data isolation
  • Regular security audits and vulnerability assessments
  • Secure authentication and session management
  • Multi-factor authentication support
  • PCI DSS compliance measures for payment data (we do not store full card numbers; payment processing is handled by Square)
  • OAuth token security and encryption
  • Employee security training and access controls
  • Incident response procedures

Data Breach Notification: In the event of a data breach that may affect your personal information, we will notify affected users as soon as we become aware of the breach and as required by applicable law. We will provide information about the nature of the breach, the data affected, and steps we are taking to address it.

7. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information with the following third-party services:

7.1 Service Providers

We share data with trusted third-party services that help us operate our platform:

  • Square: Payment processing, transaction data, and inventory data (we do not process customer data)
  • Firebase/Google Cloud: Data storage, authentication, and cloud infrastructure
  • OpenAI: AI model processing and document analysis
  • Analytics Provider: Analytics and user behavior tracking
  • Resend: Email delivery services
  • Twilio: SMS delivery services

Each service provider has its own privacy policy and terms of service. We have data processing agreements with our service providers to ensure your data is protected.

7.2 Other Disclosures

  • Legal Requirements: When required by law, legal process, or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: When you have given us explicit consent to share your information
  • Company Administrators: Authorized users within your organization may access company data according to their role and permissions

8. Your Rights and Choices

You have the following rights regarding your personal information:

8.1 Right to Access

You have the right to request access to your personal information and know what data we have about you, including:

  • What personal information we collect
  • How we use your information
  • Who we share your information with
  • How long we retain your information

8.2 Right to Rectification

You can request correction of inaccurate or incomplete information. You can update most information directly through your account settings.

8.3 Right to Erasure (Right to Delete)

You can request deletion of your personal information. When you delete your account through your account settings:

  • All user data is permanently deleted: Your user profile, account information, preferences, and authentication data
  • All company data is permanently deleted: If you are the company owner, all company data, including forecast data, inventory data, transaction data, and all associated business information
  • All chat history is permanently deleted: All MARC AI conversations and messages
  • Square integration data is deleted: OAuth credentials and all Square data connections
  • Change Solutions has no access: Once your account is deleted, Change Solutions has no access to any of your data. The deletion is permanent and cannot be undone.

Important: Some data may be retained for legal/regulatory compliance (e.g., financial transaction records for 7 years as required by law), but Change Solutions will not have access to or use this retained data for any purpose other than legal compliance.

8.4 Right to Data Portability

You can request a copy of your data in a machine-readable format (JSON) to transfer to another service. You can export your data directly through your account settings at any time.

The data export includes:

  • Your user profile information (name, email, phone, role, status)
  • Company information (if applicable)
  • Chat history (all MARC AI conversations and messages)
  • User preferences and settings

For additional data types (forecast data, inventory data, transaction data, etc.), please contact privacy@changesolutions.app with a specific data export request.

8.5 Right to Restrict Processing

You can request limitation of data processing in certain circumstances, such as when you contest the accuracy of your data.

8.6 Right to Object

You can object to data processing for certain purposes, including:

  • Direct marketing
  • Analytics and tracking (you can opt-out of analytics tracking directly through your account settings)
  • AI training (you can request exclusion from AI model training)

8.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: privacy@changesolutions.app
  • Include your name, email address, and specific request
  • We will respond within a reasonable timeframe (typically within 30 days)
  • We may need to verify your identity before processing your request

Account Settings: You can update most personal information, export your data, delete your account, and manage analytics preferences directly through your account settings. For other privacy requests, please contact privacy@changesolutions.app.

9. Data Retention and Deletion

We retain your information for different periods depending on the type of data:

  • Account Data: Retained while your account is active and for a reasonable period after account closure
  • Transaction Data: Retained for 7 years as required by financial record-keeping laws
  • Square Data: Retained according to our data retention policy; deleted upon account termination or Square disconnection
  • Raw Square Data Files: May contain customer information as part of Square's API response structure; retained for data processing purposes; deleted upon account termination or Square disconnection
  • AI Training Data: Company-specific customizations deleted upon account termination; aggregated data may be retained for service improvement
  • Communication Logs: Retained for service improvement and compliance purposes

You can request deletion of your data at any time. When you delete your account, all user and company data is permanently deleted and Change Solutions has no access to any of your data. Some data may be retained for legal/regulatory compliance (e.g., financial transaction records for 7 years as required by law), but Change Solutions will not have access to or use this retained data for any purpose other than legal compliance. Upon account termination, you can export your data before deletion using the data export feature in your account settings.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and authentication state (required)
  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Track user behavior for analytics (via our analytics provider)

You can control cookies through your browser settings. Disabling non-essential cookies may affect some Service functionality. You can opt-out of analytics tracking directly through your account settings.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including:

  • United States (Google Cloud, Firebase, OpenAI, Resend, Twilio)
  • Other countries where our service providers operate

We ensure appropriate safeguards for international data transfers:

  • Data processing agreements with all service providers
  • Compliance with applicable international privacy laws
  • Industry-standard data protection safeguards

12. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to delete such information promptly.

13. Compliance and Certifications

We comply with applicable privacy and data protection laws:

  • PCI DSS: Payment Card Industry Data Security Standard (payment data security)
  • Regular compliance audits and assessments
  • Industry-standard data protection practices

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our services and features
  • Updates to legal and regulatory requirements
  • Improvements in data protection practices
  • New AI and analytics capabilities

We will notify you of material changes through:

  • Email communications to registered users
  • In-app notifications and alerts
  • Updated "Last updated" date on this page

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions about this Privacy Policy, our data practices, or to exercise your privacy rights, please contact us:

Change Solutions Email: privacy@changesolutions.app For privacy-related inquiries and data requests

We will respond to your inquiries and data requests within a reasonable timeframe (typically within 30 days).