End Close, Inc.

Privacy Policy

Effective Date: April 22, 2026

1. Introduction

End Close, Inc. ("EndClose," "we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at endclose.com, use our automatic reconciliation platform, or engage with us as a customer, prospect, or partner.

EndClose provides financial reconciliation software for fintechs, marketplaces, and banks. We take data privacy obligations seriously. Please read this policy carefully. By using our services, you acknowledge the practices described below.

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

When you interact with our website or platform, we may collect:

  • Account and registration information: name, business email address, job title, company name, and password when you create an account or request a demo.
  • Communication data: messages, inquiries, support requests, and feedback you send to us via email or our website contact form.
  • Contract and billing information: billing contact details, company address, and payment information collected when you enter into a subscription or service agreement.

2.2 Information We Collect Automatically

When you interact with our website or platform, we may automatically collect:

  • Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
  • Usage data: features accessed, actions taken within the platform, and session duration.
  • Device information: hardware model, unique device identifiers, and network information.
  • Cookies and tracking technologies: see Section 6 below for details.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Identity and access management providers (e.g., Google Workspace) used for authentication.
  • Business contact data enrichment services for prospecting purposes.
  • Our cloud infrastructure and monitoring providers (e.g., AWS) in the course of providing and securing our services.

2.4 Customer-Provided Financial Data

Our reconciliation platform processes financial transaction data that our customers upload or connect via integrations. This data is processed on behalf of customers as a data processor. We do not use customer financial data for any purpose other than providing contracted services. Customers are the data controllers for such data and are responsible for their own compliance obligations.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Our Services

  • Creating and managing your account.
  • Delivering, operating, and maintaining the EndClose reconciliation platform.
  • Responding to support requests, questions, and feedback.
  • Diagnosing technical issues and improving platform reliability.
  • Developing new features and improving existing functionality.

3.2 Business Operations

  • Processing transactions and sending billing-related communications.
  • Sending product updates, security notices, and administrative messages.
  • Conducting internal audits and compliance monitoring required for SOC 2 and other certifications.
  • Managing our vendor and partner relationships.

3.3 Marketing and Communications

  • Sending marketing communications about our services, where you have opted in or where permitted by applicable law.
  • Personalizing content and recommendations on our website.
  • You may opt out of marketing emails at any time using the unsubscribe link in our emails.

3.4 Security and Compliance

  • Detecting, investigating, and preventing fraudulent transactions, abuse, and security incidents.
  • Complying with legal obligations, including applicable financial regulations.
  • Enforcing our Terms of Service and other agreements.
  • Maintaining records required by our SOC 2 Type 2 program.

4. Legal Bases for Processing

Where applicable law (such as the GDPR or CCPA) requires a legal basis for processing personal data, we rely on the following:

  • Contract performance: Processing necessary to provide the services you have contracted for.
  • Legitimate interests: Processing for fraud prevention, security, product improvement, and business analytics, where these interests are not overridden by your rights.
  • Legal obligation: Processing necessary to comply with applicable law, regulations, or legal proceedings.
  • Consent: Where we rely on your consent (e.g., marketing emails), you may withdraw consent at any time.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We engage trusted third-party vendors who process personal data on our behalf to help us deliver our services. All service providers are contractually required to protect personal data and use it only for the purposes we specify. We conduct third-party risk assessments in accordance with our Third-Party Management Policy.

5.2 Business Transfers

In the event of a merger, acquisition, financing, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website if such a transfer occurs and your data becomes subject to a materially different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or other governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website and platform. Cookies are small data files placed on your browser or device.

We use the following types of cookies:

  • Strictly necessary cookies: Required for the website and platform to function (e.g., session authentication).
  • Analytics cookies: Help us understand how visitors interact with our website (e.g., pages viewed, time on site). We use this data in aggregate and anonymized form.
  • Preference cookies: Remember your settings and preferences to improve your experience.

You can control cookie settings through your browser settings. Please note that disabling certain cookies may affect the functionality of our services. We do not use third-party advertising cookies or sell data collected via cookies.

7. Data Security

EndClose implements administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security program includes:

  • Encryption of data at rest and in transit over public networks, in accordance with our Cryptography Policy.
  • Role-based access controls and least-privilege principles, ensuring only authorized personnel access personal data.
  • Multi-factor authentication for access to production systems and sensitive data.
  • Continuous monitoring and vulnerability scanning of our cloud infrastructure.
  • A formal Incident Response Plan for detecting, reporting, and remedying security incidents.
  • Regular security testing and code reviews as part of our Secure Development Policy.
  • SOC 2 Type 2 compliance program covering security trust service criteria.

If you believe your information has been compromised, please contact us immediately at security@endclose.com.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, contractual, or audit requirements. When personal data is no longer needed, we securely delete or de-identify it in accordance with our Data Management Policy.

Specifically:

  • Account data is retained for the duration of your active account and for a period following termination as required by applicable law or our contractual obligations.
  • Customer financial data processed through our platform is retained per the terms of the applicable customer agreement and deleted promptly upon termination of that agreement.
  • Marketing and communication data is retained until you opt out or as otherwise required by law.
  • Personally identifiable information (PII) is deleted or de-identified as soon as it is no longer serves a legitimate business purpose.

9. Your Privacy Rights

Depending on your location, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information, subject to legal and contractual obligations.
  • Objection: Object to certain processing activities, such as direct marketing.
  • Restriction: Request that we restrict processing of your personal information in certain circumstances.
  • Portability: Receive your personal data in a structured, machine-readable format.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights.

To exercise any of these rights, please contact us at privacy@endclose.com. We will respond within the timeframe required by applicable law (generally 30 days). We may need to verify your identity before fulfilling your request.

10. International Data Transfers

EndClose is based in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. We take steps to ensure that any international transfers of personal data are made in compliance with applicable data protection laws, including through the use of appropriate contractual safeguards.

11. Children's Privacy

Our services are designed for and directed at businesses and professionals. We do not knowingly collect personal information from children under the age of 13 (or 16 in the EEA). If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete it promptly. If you believe we may have collected information from a child, please contact us at privacy@endclose.com.

12. Third-Party Links

Our website and platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised effective date, and, where appropriate, by sending an email notification to registered users.

Your continued use of our services after the effective date of any updated policy constitutes your acceptance of the changes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

End Close, Inc.

Privacy Inquiries: privacy@endclose.com

Security Incidents: security@endclose.com

Website: https://www.endclose.com