Privacy Policy

Last updated: May 1, 2026

1. Information We Collect

We collect information you provide directly when you create an account, post an RFP, submit a proposal, or contact us. This includes:

  • Account information: Name, organization name, email address, and password
  • Profile information: For firms, this may include location, years of experience, specialties, CPA license number, website, and phone number
  • RFP and proposal content: The text, budgets, timelines, and other details you enter when posting or responding to RFPs
  • Messages: In-app messages between nonprofits and firms
  • Payment information: Billing is processed by Stripe. AuditMatch does not store your payment card details.

We also collect certain information automatically when you use the Service, including IP address, browser type, pages visited, and usage patterns through standard server logs.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Match nonprofits with relevant CPA firms
  • Send transactional emails (new proposals, messages, account notifications)
  • Process subscription payments
  • Respond to support requests
  • Detect and prevent fraud or abuse

We do not sell your personal information to third parties.

3. Public Information

Firm profiles — including organization name, bio, location, specialties, and years of experience — are publicly visible to nonprofit users and may be indexed by search engines. RFPs posted by nonprofits are visible to subscribed firm users but are not indexed by search engines.

The nonprofit directory is populated from publicly available IRS data. Information in the directory, including organization name, location, revenue, and auditor history, is publicly visible and may be indexed by search engines.

4. Information Sharing

We share your information only in the following circumstances:

  • With other users: When a firm submits a proposal, the nonprofit can see the firm's name and profile. When a nonprofit accepts a proposal, both parties can exchange messages.
  • Service providers: We use Supabase (database and authentication), Stripe (payments), Resend (email), and Vercel (hosting). These providers process data on our behalf under data processing agreements.
  • Legal requirements: We may disclose information if required by law or to protect the rights, property, or safety of AuditMatch, our users, or the public.

5. Data Retention

We retain your account information and content for as long as your account is active. If you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes such as dispute resolution.

6. Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and access controls. Authentication is managed through Supabase. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

7. Your Rights

You may access, update, or delete information in your account at any time through your account settings. To request deletion of your account and associated data, contact us through our support page.

If you are located in the European Economic Area or California, you may have additional rights regarding your personal data under applicable law. Contact us to exercise these rights.

8. Cookies

We use session cookies to keep you logged in. We do not use third-party advertising cookies or tracking pixels. Browser local storage is used for minor UI preferences such as dismissed notifications.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by email or by posting a notice on the platform. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Contact us here.