Skip to main content

FundPath Privacy Policy


**Last Updated:** February 2, 2026


1. Introduction


XOBiz LLC ("we", "us", "our") operates FundPath ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.


2. Information We Collect


2.1 Information You Provide

  • **Account Information**: Name, email address, organization name, role
  • **Funding Request Data**: Request details, amounts, descriptions, attachments
  • **Communication Data**: Support requests, feedback, correspondence

    • 2.2 Automatically Collected Information

  • **Usage Data**: Pages visited, features used, time spent
  • **Device Information**: Browser type, operating system, device identifiers
  • **Log Data**: IP addresses, access times, error logs

    • 2.3 Information from Third Parties

  • **Authentication Providers**: We use Supabase Auth for authentication. We receive your email and profile information when you sign in via email/password or Google OAuth.

    • 3. How We Use Your Information


    We use collected information to:

  • Provide, maintain, and improve the Service
  • Process and manage funding requests
  • Send notifications and communications
  • Respond to support requests
  • Analyze usage patterns and improve user experience
  • Detect and prevent fraud or security issues
  • Comply with legal obligations

    • 4. Information Sharing


    We do NOT sell your personal information. We may share information:


    4.1 With Your Organization

    Other members of your organization may see your name, role, and activity related to funding requests based on configured permissions.


    4.2 Service Providers

    We work with third-party providers who assist in operating our Service:

  • **Supabase**: Database hosting and authentication services (data stored in United States)
  • **Resend**: Email delivery
  • **Vercel**: Web hosting

    • 4.3 Legal Requirements

    We may disclose information when required by law, subpoena, or legal process.


    4.4 Business Transfers

    In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.


    5. Data Retention


    We retain your information for as long as your account is active or as needed to provide services. Upon account deletion:

  • Personal data is deleted within 90 days
  • Anonymized analytics data may be retained
  • Data required by law is retained as necessary

    • 6. Data Security


    We implement appropriate security measures including:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for sensitive data
  • Role-based access controls
  • Regular security assessments
  • Row-level security in our database

    • No system is 100% secure. We cannot guarantee absolute security but take reasonable measures to protect your data.


    7. Your Rights


    Depending on your location, you may have rights to:

  • **Access**: Request a copy of your personal data
  • **Correction**: Request correction of inaccurate data
  • **Deletion**: Request deletion of your data
  • **Portability**: Request your data in a portable format
  • **Opt-out**: Unsubscribe from marketing communications

    • To exercise these rights, contact us at privacy@xobiz.com.


    8. Cookies and Tracking


    We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention

    • We do not use advertising or tracking cookies.


    9. Children's Privacy


    The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.


    10. International Data Transfers


    Your information may be transferred to and processed in the United States. By using the Service, you consent to such transfers.


    11. California Privacy Rights (CCPA)


    California residents have additional rights:

  • Right to know what personal information is collected
  • Right to request deletion
  • Right to opt-out of sale (we do not sell data)
  • Right to non-discrimination

    • 12. European Privacy Rights (GDPR)


    If you are in the European Economic Area, you have rights under GDPR including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Right to object to processing

    • Legal basis for processing: Performance of contract, legitimate interests, consent where applicable.


    13. Data Processing Agreement


    Enterprise customers may request a Data Processing Agreement (DPA) for GDPR compliance. Contact sales@xobiz.com.


    14. Changes to This Policy


    We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification.


    15. Contact Us


    For privacy-related questions or requests:

  • **Email**: privacy@xobiz.com
  • **Mail**: XOBiz LLC, Raleigh, NC, USA


    • *XOBiz LLC | FundPath*