D2 Financial ("we," "us," or "our") operates a financial services portal accessible at d2.financial. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our services.
1. Information We Collect
Account Information
When you register for an account, we collect your name, email address, and any other information you provide during signup. All accounts require administrator approval before access is granted.
Financial Documents
When you upload documents through our portal (tax returns, invoices, financial statements, etc.), we store those files securely in Cloudflare R2 object storage. Uploaded documents may be processed using optical character recognition (OCR) technology to enable search and document management features.
Usage and Activity Data
We automatically collect certain technical information when you use our services, including your IP address, browser user agent, pages visited, actions performed, and timestamps of activity. This data is used for security monitoring, auditing, and improving our services.
Product Analytics & Error Tracking
We use PostHog to understand how the product is used, fix issues, and improve features. This includes page views, clicks and other interactions, browser console errors and unhandled exceptions, and visual session replays with sensitive inputs masked. You can opt out via the cookie banner on first visit. When opted out, we still record anonymous, aggregated usage using a daily-rotated server hash — no cookies are set and no individual identification occurs. When you authenticate, our Terms of Service permit us to associate analytics events with your account so we can support you and improve features you use.
Communications
We collect email addresses to send transactional notifications (account approval, document processing completion, invoice updates, and password reset emails).
2. How We Use Your Information
- Provide and maintain our financial services portal
- Process and manage your uploaded financial documents
- Send transactional email notifications related to your account and documents
- Monitor and enforce security, detect fraud, and prevent unauthorized access
- Comply with legal and regulatory obligations applicable to financial services
- Improve our platform's functionality and user experience
3. Third-Party Services
We use the following third-party services to operate our platform. Each service has its own privacy policy governing their data handling practices.
| Service | Purpose | Data Shared |
|---|---|---|
| Auth0 | Authentication & identity management | Name, email, login credentials |
| Cloudflare | File storage (R2), CDN, rate limiting (KV) | Uploaded documents, usage data |
| Azure Document Intelligence | OCR processing of uploaded documents | Document images and PDFs |
| Mailjet | Transactional email delivery | Name, email address, notification content |
| Neon | PostgreSQL database hosting | All application data |
| Sentry (optional) | Error monitoring | Error logs, stack traces, user context |
| PostHog | Product analytics, session replay, error tracking | Page views, interactions, errors, masked session recordings, user ID (when authenticated) |
4. Cookies and Session Data
We use cookies for two purposes:
- Authentication: the primary session cookie (auth_session) is set by Auth0 to keep you signed in. It is a secure, HTTP-only cookie and is essential for the portal to function.
- Product analytics & measurement (optional): when you accept on the cookie banner, third-party services such as PostHog may set cookies that allow us to associate events and session replays with your account over time, support you, and improve features you use. We may add additional analytics or marketing-measurement tools over time; the current list of services we share data with is maintained in the Third-Party Services section above.
If you reject the analytics cookies, we fall back to a privacy-preserving mode that records anonymous, aggregated usage using a daily-rotated server hash — no cookies, no localStorage, and no individual identification. Your consent choice is stored locally in your browser and is never transmitted to our servers. Authentication implies consent for identified tracking under our Terms of Service.
5. Data Security
We implement industry-standard security measures to protect your information:
- All data is transmitted over HTTPS/TLS encryption
- Files are stored encrypted at rest in Cloudflare R2
- WebSocket connections are authenticated using HMAC-SHA256 signed tokens
- Authentication is managed by Auth0, a SOC 2 Type II certified provider
- Rate limiting is applied to authentication endpoints to prevent brute-force attacks
- Access to the portal requires explicit administrator approval
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide services. Specifically:
- Account information is retained for the duration of your account
- Uploaded documents are retained until you or our staff delete them
- Activity logs (including IP addresses) are retained for security auditing purposes
- Password reset tokens expire after 1 hour
- Auth0 sessions expire after 24 hours of inactivity
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Request a portable copy of your data
- Objection: Object to certain types of processing
To exercise these rights, contact us at frontdesk@d2.financial.
8. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us personal information, please contact us immediately at frontdesk@d2.financial.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
10. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
D2 Financial
1836 S Commons, Federal Way, WA 98003
Email: frontdesk@d2.financial
Phone: 253.839.6989