Privacy Policy

WorthCheckup LLC (“WorthCheckup,” “we,” “our”) operates the WorthCheckup platform at worthcheckup.com. This Privacy Policy explains what we collect, how we use it, who we share it with, and your rights.

We do not sell your data. Aggregated, anonymized benchmark data derived from many valuations is used internally to improve the methodology — it never identifies individual businesses or owners.

• Business financials you submit — revenue, profit, employee count, customer mix, operational answers. These are the inputs to your valuation.
• Account information — email address, and (for advisors) firm name, credential, and display name. If you create a password, a hashed version is stored by Supabase. We never see the plain password.
• Payment information — for paid products, Stripe collects and processes payment details. We receive a payment status and a Stripe customer/subscription ID. We never see or store full card numbers.
• Usage data — pages viewed, timestamps, referrer, basic device and browser metadata, IP address. Used for security, debugging, and product improvement.
• Communications — messages you send through the contact form, including name, email, subject, and the content of your message.

• To generate your valuation. Your business data is used to run the SDE × multiple calculation and to produce the AI-authored analysis and recommendations.
• To improve our methodology. In aggregated, anonymized form, your data contributes to an internal benchmark dataset that makes the valuation more accurate over time for businesses in your industry.
• To communicate with you. Transactional messages (your report is ready, your payment succeeded, password resets) and occasional product updates. You can opt out of product updates at any time; transactional messages are required to operate the Service.
• To support the Service. Debugging, fraud prevention, customer support, enforcing our Terms, meeting legal obligations.

We share data with a short list of vendors that help us deliver the Service. Each acts as a data processor under their published terms.

• Supabase — database, authentication, storage. Hosts your business data, user accounts, and generated reports.
• Stripe — payment processing. Handles card details and subscription billing. Receives your email and purchase metadata.
• Anthropic — AI analysis. The structured intake you submit (business name, industry, financials, operational answers) is sent to Anthropic's Claude model to produce the report prose. Anthropic processes this under its enterprise terms and does not train its models on your data.
• Vercel — application hosting and edge network. Sees request metadata (IP, headers) for routing and DDoS protection.
• Resend — transactional and product email delivery. Receives your email address and the message body of the email we send.

We use the minimum cookies required to operate the Service. Supabase sets authentication cookies to keep you signed in across requests. Stripe may set cookies during checkout to support fraud prevention. We do not use third-party advertising or cross-site tracking cookies.

We retain account and valuation data for as long as your account is active, plus a reasonable archival period for backup, dispute resolution, and legal compliance (typically no more than 3 years after account closure). You can request earlier deletion at any time — see “Your rights” below. Aggregated, anonymized benchmark data is retained indefinitely since it contains no identifying information.

You can request access, correction, or deletion of your data at any time through our contact form or by emailing support@worthcheckup.com. We'll verify your identity (usually via the email on file) and respond within 30 days.

California residents (CCPA/CPRA): you have rights to know what personal information we've collected, request deletion, correct inaccurate information, and opt out of sale or sharing. We don't sell or share personal information for cross-context behavioral advertising, so the opt-out is effectively already in place for all users.

EU/UK residents (GDPR/UK GDPR): you have rights of access, rectification, erasure, restriction, and portability, and a right to lodge a complaint with your local supervisory authority. The legal basis for most processing is the performance of the contract with you (i.e., running your valuation) and our legitimate interests in improving the Service. Where we rely on consent (for example, marketing emails), you can withdraw it at any time.

The Service is not directed at anyone under 18 and we do not knowingly collect personal information from minors. If you believe a minor has submitted information, contact us and we'll delete it.

Data is transmitted over TLS and stored encrypted at rest by our infrastructure providers. Row-level security in Supabase ensures that users can only read their own valuations and business records. No system is perfectly secure — if we ever experience a breach affecting your data, we will notify you promptly and comply with applicable breach-notification law.

We'll update this policy as the Service evolves. Material changes will be announced via email or a notice in the Service before they take effect. The “Last updated” date at the top always reflects the current version.

Questions, data requests, or privacy complaints: support@worthcheckup.com or the contact form. WorthCheckup LLC, a New Mexico limited liability company.