Exit OSxTerms of Service

Privacy Policy

Effective date: May 24, 2026

This Privacy Policy describes how Exit OSx (“Exit OSx,” “we,” “us,” or “our”) collects, uses, shares, and protects information about you when you use our website at exitosx.com, our application at app.exitosx.com, and the related services we provide (collectively, the “Service”).

We built Exit OSx to help business owners prepare for and execute a successful exit. Doing that well requires us to handle sensitive financial and personal information. We take that seriously. This policy explains what we collect, why, and what you can do about it.

1. Information we collect

1.1 Information you give us

  • Account information. When you create an account, we collect your name, email address, and password. Authentication is handled by our identity provider, Clerk, and we receive only the minimum information needed to identify your account.
  • Business and financial information. When you complete assessments, valuations, financial projections, retirement planning, or related workflows in the Service, we collect the information you enter — including company financials, ownership structure, customer concentration, operational metrics, personal financial statement data, and similar.
  • Connected-account data. If you connect a third-party service (such as QuickBooks Online) to Exit OSx, we receive financial data from that service on your behalf. See Section 3 for details on third-party integrations.
  • Communications. If you contact us by email or through the Service, we receive the contents of that communication along with any metadata your email or messaging client sends.
  • Payment information. If you subscribe to a paid plan, payment card and billing details are collected and processed by our payment processor, Stripe. We do not store full payment card numbers on our systems; we receive only the limited information Stripe returns to us (such as last four digits, card brand, and subscription status).

1.2 Information we collect automatically

  • Usage data. When you use the Service, our servers automatically record information such as your IP address, browser type, operating system, the pages you view, the actions you take, and timestamps.
  • Cookies and similar technologies. We and our authentication provider use cookies and similar technologies to keep you signed in, remember your preferences, and measure how the Service is used. You can configure your browser to refuse cookies, but parts of the Service may not work if you do.
  • Device and connection data. Standard technical information about the device, browser, and network you use to access the Service.

2. How we use information

We use the information we collect to:

  • Provide, operate, and maintain the Service;
  • Generate valuations, diagnostics, scoring, reports, and other analytical output that depend on your inputs;
  • Authenticate you, secure your account, and detect or prevent fraud and abuse;
  • Process payments and manage subscriptions;
  • Communicate with you about your account, send transactional messages, respond to support requests, and (with your consent where required by law) send product updates;
  • Improve and develop new features and analytical models;
  • Comply with legal obligations, enforce our terms, and protect our rights.

3. How we share information

We do not sell your personal information. We share information only as described in this policy.

3.1 Service providers (subprocessors)

We share information with third-party service providers who process information on our behalf to deliver the Service. Each is bound by contract to use the information only for the purposes we direct, and to maintain appropriate security. Our current subprocessors include:

  • Clerk — authentication and user identity.
  • Supabase — database and file storage.
  • Vercel — application hosting, edge compute, and analytics.
  • Stripe — payment processing and subscription billing.
  • Resend — transactional email delivery.
  • Anthropic — AI-assisted document parsing (used in optional features such as image-based financial document ingestion).
  • Intuit (QuickBooks Online) — when you choose to connect your QuickBooks Online account, we exchange data with Intuit on your behalf to import your financials into the Service.
  • Sentry — error monitoring and observability (where enabled).

We review subprocessors before engaging them and periodically thereafter. We may add, change, or remove subprocessors over time; this policy reflects our current list.

3.2 Third-party integrations you authorize

When you connect a third-party service (such as QuickBooks Online) to Exit OSx, you are authorizing data exchange between Exit OSx and that service. The third-party service’s use of your data is governed by its own privacy policy and terms; please review those before connecting. You can disconnect a third-party integration at any time from the Service.

3.3 Advisors and collaborators

If you invite an advisor, co-owner, or other collaborator to your workspace, we share with them the information necessary to give them access to the workspace at the permission level you grant. You control who is invited and at what level.

3.4 Legal and protective disclosures

We may disclose information when we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request; to protect the rights, property, or safety of Exit OSx, our users, or others; or to investigate potential violations of our terms.

3.5 Business transfers

If Exit OSx is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction. We will give you notice (for example, through the Service or by email) before your information becomes subject to a different privacy policy.

4. How we protect information

We use a combination of technical, organizational, and physical safeguards designed to protect the information we collect:

  • Transport-layer encryption (TLS) for data in transit;
  • At-rest encryption for sensitive credentials (including OAuth tokens used for third-party integrations such as QuickBooks);
  • Role-based access controls and audit logging on production systems;
  • Vendor security reviews for subprocessors handling sensitive data;
  • Regular software updates and dependency management.

No system is perfectly secure. While we work hard to protect your information, we cannot guarantee its absolute security. If we become aware of a breach affecting your information, we will notify you as required by applicable law.

5. Data retention

We retain information for as long as you maintain an account with us and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete content or close your account, we delete or de-identify the information within a reasonable period, except where retention is required by law (for example, financial records for tax or accounting purposes).

6. Your rights and choices

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you;
  • Correct or update inaccurate or incomplete information;
  • Delete your information, subject to certain exceptions;
  • Receive a copy of your information in a portable format;
  • Object to or restrict certain uses of your information;
  • Withdraw consent where we rely on consent;
  • Lodge a complaint with a data protection authority.

You can exercise most of these rights directly inside the Service (by editing your account, deleting workspace content, or disconnecting integrations). For requests you cannot complete in-product, contact us at the email below and we will respond within a reasonable timeframe.

7. International transfers

Exit OSx is operated from the United States, and our subprocessors may store and process information in the United States or other countries. If you access the Service from outside the United States, you understand that your information may be transferred to, stored, and processed in jurisdictions whose data protection laws may differ from those in your country.

8. Children

The Service is intended for use by business owners and professionals and is not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected such information, we will delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, legal requirements, or for other reasons. When we make material changes, we will update the “Effective date” above and, where appropriate, notify you through the Service or by email. Your continued use of the Service after a change takes effect constitutes acceptance of the updated policy.

10. Contact us

If you have questions or requests about this Privacy Policy or about how we handle your information, contact us at brad@bradfeldman.com.