tinyCFO is an informational financial management tool. Connect your financial accounts once through secure third-party providers and then query your data in plain English. You get organized visibility into your finances plus forecasts and summaries, all on a read-only basis.

Yes. All data is encrypted in transit and at rest using 256-bit AES encryption. We never store your bank login credentials or passwords. Connections are handled through trusted third-party providers and are always read-only. You can revoke access to any account at any time.

Does tinyCFO provide financial advice?

No. tinyCFO is not a registered investment adviser, broker-dealer, or tax professional. The service does not constitute financial, investment, legal, or tax advice. All information is for informational purposes only.

How much does it cost?

tinyCFO has one simple plan at $8.33/month (billed yearly at $100/year) or $12.00/month billed monthly. Cancel anytime with no fees.

Terms of Service

1.Introduction / Acceptance of Terms

These Terms of Service (“Terms”) are a legally binding agreement between you and 7th Street Research, Co., a Delaware corporation doing business as tinyCFO (“Company,” “we,” “us,” or “our”), governing your access to and use of the Company’s AI-first personal finance application, website, and any related services, features, and content (collectively, the “Services”). By creating an account, accessing, or using the Services in any manner, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree, you must not access or use the Services.

Protecting your financial information is fundamental to our mission. We built tinyCFO with privacy-by-design principles because we believe users should never have to choose between powerful financial tools and strong data protection. We do not sell your personal information or Financial Data, and we never monetize your data through sale or sharing for advertising. Our collection, use, and disclosure of your information is governed by our Privacy Policy, which is incorporated by reference.

These Terms also incorporate any other policies posted on the Services. We may update these Terms from time to time as set forth in Section 25. Your continued use after any modification constitutes acceptance of the revised Terms.

2.Definitions

“Account”: means the online account you create to access the Services.
“AI Outputs”: means any insights, summaries, forecasts, trends, analyses, or other content generated by artificial intelligence or machine-learning models within the Services.
“Connected Accounts”: means your external financial accounts linked to the Services through third-party data providers.
“Financial Data”: means account balances, transactions, holdings, and other information retrieved from Connected Accounts or provided by you.
“MCP Server”: means the Model Context Protocol server operated by tinyCFO that exposes read-only financial data tools to authorized Third-Party AI Clients.
“OAuth Authorization”: means the industry-standard protocol used by tinyCFO to grant Third-Party AI Clients revocable, read-only permission to query your Financial Data through the MCP Server. Access is all-or-nothing: an authorized client can query all of your Financial Data, or none.
“Personal Information”: means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you, as defined by applicable U.S. state privacy laws (including the CCPA/CPRA).
“Poke.com”: means an AI assistant that operates in iMessage and other messaging platforms, through which you may interact with your authorized tinyCFO data. Poke is not a banking platform or open-banking provider.
“Services”: means the informational financial management platform, including account aggregation, natural-language query tools, search, filtering, AI-generated features, and the MCP Server.
“Third-Party AI Client”: means any personal AI assistant that supports the Model Context Protocol (MCP) and that you authorize via OAuth to query your Financial Data through the MCP Server.
“User Content”: means any data, queries, inputs, feedback, or other information you submit or upload to the Services.
“You / your”: mean the individual or entity accessing or using the Services.

3.Eligibility and Account Registration

You must be at least 18 years old, a legal resident of the United States, and fully able to enter into these Terms. By using the Services, you represent and warrant that you meet these criteria and that all registration information is accurate and complete. You may maintain only one Account. You are responsible for maintaining the confidentiality of your Account credentials and for all activity that occurs under your Account. You agree to notify us immediately of any unauthorized use. We reserve the right to suspend or terminate any Account that violates these Terms or that we reasonably suspect is used fraudulently or in violation of law.

4.Description of Services

The Services provide an informational financial management tool that enables you to aggregate Financial Data from Connected Accounts and interact with that data through natural-language queries, search, filtering, summaries, and forecasts. The Services are designed solely to organize and present information and are not intended to facilitate transactions, execute trades, or provide any form of financial service requiring regulatory licensing. All features operate on a read-only basis unless you separately authorize transaction-related functionality in the future.

5.Connected Accounts and Third-Party Data Providers

To use certain features, you may voluntarily connect your external financial accounts through third-party data providers. By connecting an Account, you (i) authorize us and our third-party providers to access, retrieve, and refresh your Financial Data on a recurring basis for as long as the connection remains active, (ii) represent and warrant that you have all necessary authority and rights to grant such access, and (iii) agree to comply with the terms of the third-party providers. We do not control, operate, or maintain the websites or services of your financial institutions or the third-party data providers. We are not responsible for any outages, delays, policy changes, credential failures, multi-factor authentication interruptions, or inaccuracies originating from those parties. You may revoke authorization at any time through the Services or by contacting the third-party provider; however, revocation may impair or terminate your access to certain features.

6.Third-Party AI Integrations and OAuth Authorization

tinyCFO provides a read-only MCP Server that connects to any Third-Party AI Client supporting the Model Context Protocol. Through our OAuth Authorization, you grant read-only permission for your personal AI to query your Financial Data from the Services. Access is all-or-nothing: an authorized client can query all of your Financial Data, or none.

Financial account connections are handled separately by you through Plaid, the industry-standard aggregator. You may also manually add holdings (such as stock tickers and share counts) for accounts you prefer not to link.

Each Third-Party AI Client is a separate legal entity. You are solely responsible for reviewing and accepting its terms and privacy policies. tinyCFO is not responsible for any Third-Party AI Client’s data practices, privacy policies, or security measures.

API keys you issue are revocable at any time through your tinyCFO account settings
All data access is strictly read-only; no Third-Party AI Client can modify, transfer, or delete your financial data through the MCP Server
You are responsible for reviewing and accepting the terms and privacy policies of any Third-Party AI Client you choose to connect

7.MCP Server, Data Flow, and Consumer-Directed Sharing

The MCP Server exposes strictly read-only financial data tools. When you authorize a Third-Party AI Client via OAuth, you are deliberately directing the sharing of your Financial Data with that client. This is consumer-directed data sharing consistent with the principles of CFPB Section 1033 and open-banking data access rights.

Once Financial Data leaves the MCP Server in response to a tool call, tinyCFO has no control over how the Third-Party AI Client processes, stores, retains, or discloses that data. You acknowledge and accept this risk when you authorize a Third-Party AI Client.

Risk Warnings

Consumer-tier AI services may log your queries and the data returned, and may use that data for model training or improvement
AI providers may share data with sub-processors or retain it beyond the duration of your session
AI-generated responses based on your Financial Data may be inaccurate, incomplete, or misleading

Recommendations

Review your AI provider's privacy policy and data retention practices before connecting
Consider using enterprise or team plans from your AI provider, which typically offer stronger data retention controls and may disable model training on your inputs
Prefer asking summarized or aggregated questions over pulling raw transaction lists with sensitive details
Do not rely on AI-generated outputs for financial, legal, tax, or investment decisions

Data shared through the MCP Server is provided solely for your personal financial analysis. You may not use the MCP Server or any Third-Party AI Client integration for commercial purposes, to provide services to third parties, or for any purpose other than your own personal informational use. MCP access can be revoked instantly by deleting the API key through your tinyCFO account settings.

8.Information Security Program

We maintain a written information security program with reasonable administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of your personal and financial information. Our program is aligned with industry-standard frameworks, including the AICPA Trust Services Criteria (which underpin the SOC 2 framework), and with applicable state data security requirements.

Data minimization: we request and store only the minimum Financial Data necessary to provide the Services
Read-only architecture: no write, transfer, or money-movement capabilities exist in our system design
Encryption in transit using TLS 1.2 or higher, and AES-256-GCM field-level encryption for sensitive credentials such as access tokens
Versioned, rotatable encryption keys with support for zero-downtime key rotation
Regular security assessments, access controls, employee training, vendor management, and incident response procedures
Easy and instant revocation of API keys (for AI clients) and financial account connections

9.User Content, Natural-Language Queries, and Inputs

You retain ownership of your User Content. By submitting User Content (including natural-language queries), you grant us a worldwide, non-exclusive, royalty-free, sublicensable, and transferable license to use, reproduce, modify, distribute, and display that content solely to provide, improve, and protect the Services and as otherwise permitted by our Privacy Policy. You represent and warrant that your User Content is accurate, does not violate any third-party rights, and complies with all applicable laws. We may reject or remove any query that we determine, in our sole discretion, attempts to elicit regulated advice or otherwise violates these Terms.

10.AI-Generated Outputs, Insights, and Forecasts

Certain features of the Services use artificial intelligence models to generate AI Outputs based on your Financial Data and User Content. AI Outputs are provided solely for informational purposes. You acknowledge that AI models may produce incomplete, inaccurate, biased, stale, or hallucinatory results. Forecasts are hypothetical projections based on historical data and assumptions and are not guarantees of future performance. We may monitor, log, store, and use your queries and the resulting AI Outputs to operate, maintain, improve, and protect the Services, subject to the Privacy Policy. We reserve the right to modify, suspend, or discontinue any AI feature at any time without notice.

11.Accuracy Limitations, Stale Data, Outages, and Model Errors

Financial Data and AI Outputs are provided “as available.” We do not guarantee the accuracy, completeness, timeliness, or reliability of any data retrieved from Connected Accounts or any AI Output. Data may be stale, incomplete, or unavailable due to third-party outages, API limitations, credential issues, or model errors. Scheduled or unscheduled downtime may occur. You are solely responsible for verifying all information independently before taking any action.

12.No Financial, Investment, Legal, or Tax Advice

tinyCFO is not a registered investment adviser, broker-dealer, bank, lender (unless expressly stated elsewhere), law firm, accounting firm, or tax professional. The Services do not constitute financial, investment, legal, or tax advice, nor do they create a fiduciary relationship of any kind. No AI Output, summary, forecast, or other content provided through the Services is a recommendation to buy, sell, hold, or pursue any financial strategy, product, or transaction. You agree that you will not rely on the Services for any decision that requires professional advice. You must consult a qualified professional for any such decisions.

13.User Responsibilities and Duty to Verify Information

You are solely responsible for (i) maintaining accurate credentials for Connected Accounts, (ii) reviewing and verifying all Financial Data and AI Outputs, and (iii) ensuring that any action you take based on the Services is appropriate for your individual circumstances. You bear all risk and responsibility for any financial, tax, legal, or other consequences resulting from your use of the Services.

14.Intellectual Property Rights and Licenses

The Services, including all software, AI models, designs, text, graphics, and other content (excluding your User Content), are owned by us or our licensors and are protected by U.S. and international copyright, trademark, and other intellectual property laws. We grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Services for your personal, non-commercial use only. You may not copy, modify, reverse engineer, or create derivative works of the Services. Any feedback you provide is non-confidential and may be used by us without compensation or attribution.

15.Acceptable Use / Prohibited Conduct

You agree not to:

Use the Services for any illegal purpose or in violation of any applicable law
Attempt to elicit regulated advice through queries
Reverse engineer, decompile, or attempt to discover the source code or underlying AI models
Scrape, data-mine, or use automated means to access the Services
Upload viruses, malicious code, or disruptive content
Impersonate any person or entity
Interfere with the Services or third-party providers
Use the Services for commercial purposes

We may investigate and take appropriate legal action for any violation.

16.Privacy, Data Use, and Information Security

Your privacy is important to us — it is one of our most important values. Our collection, use, and disclosure of your information is governed by our Privacy Policy, which is incorporated herein. By using the Services, you consent to the practices described in the Privacy Policy, including the sharing of Financial Data with third-party providers strictly as necessary for account aggregation.

We do not sell your Personal Information. As used here, “sell” has the meaning given under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”) — the disclosure of Personal Information to a third party for monetary or other valuable consideration. We do not engage in such activity. We also do not share Financial Data, AI interaction logs, or query history with unaffiliated third parties for their own marketing, advertising, or data-monetization purposes. We limit data collection to what is strictly necessary to deliver, maintain, and improve the Services.

We process Personal Information (including Financial Data) in compliance with all applicable U.S. state privacy laws, including the CCPA/CPRA, the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), and any other comprehensive state privacy statute in effect. We provide the rights and notices required under those statutes and honor opt-out preference signals, including Global Privacy Control. For a full description of your state-specific rights, see Section 6 and Section 7 of our Privacy Policy.

We implement reasonable administrative, technical, and physical security measures — including encryption in transit (TLS), field-level encryption for sensitive credentials, access controls, and regular security assessments — but cannot guarantee absolute security. You acknowledge that no security system is impenetrable.

17.Fees, Billing, Subscription, Renewal, and Cancellation

Certain features may require payment of fees (“Fees”). If you purchase a subscription, you authorize us to charge the payment method on file on a recurring basis until canceled. Subscriptions automatically renew unless canceled before the renewal date. You may cancel at any time through your Account settings; cancellation takes effect at the end of the current billing period and no refunds are provided for partial periods unless required by law. We may change Fees upon notice. All Fees are non-refundable except as expressly stated in these Terms or required by applicable law.

18.Disclaimers of Warranties

THE SERVICES AND ALL CONTENT, INCLUDING AI OUTPUTS AND FINANCIAL DATA, ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. WE DISCLAIM ALL WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ACCURACY OR RELIABILITY OF DATA OR AI OUTPUTS. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF VIRUSES.

19.Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL TINYCFO OR ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THE AMOUNT PAID BY YOU IN THE TWELVE MONTHS PRECEDING THE CLAIM (OR $100 IF NO PAYMENT WAS MADE).

20.Indemnification

You agree to indemnify, defend, and hold harmless tinyCFO and its affiliates from and against any claims, liabilities, damages, losses, and expenses (including reasonable attorneys’ fees) arising out of or related to (i) your use of the Services, (ii) your User Content or queries, (iii) any reliance on AI Outputs or Financial Data, (iv) your violation of these Terms, or (v) your violation of any third-party rights or applicable law.

21.Suspension, Termination, and Survival

We may suspend or terminate your Account or access to the Services at any time, with or without cause or notice. Upon termination, your right to use the Services ceases immediately, but Sections 7, 8, 12, 13, 14, 15, 16, 18, 19, 20, 22, 23, 24, 27, and any other provision that by its nature should survive shall survive.

22.Dispute Resolution, Mandatory Arbitration, and Class Action Waiver

Any dispute, claim, or controversy arising out of or relating to these Terms or the Services (including the formation, interpretation, breach, or termination thereof) shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules then in effect. The arbitration will be conducted by a single arbitrator in Delaware (or another location mutually agreed). You and we agree that any arbitration shall be limited to the dispute between us individually, and you waive any right to bring or participate in a class, collective, or representative action. Each party retains the right to seek injunctive relief in a court of competent jurisdiction.

You may opt out of arbitration by sending written notice to 169 Madison Ave STE 15124, New York, NY 10016 within thirty (30) days after first accepting these Terms. If the arbitration agreement is found unenforceable, any judicial proceeding shall be brought exclusively in the state or federal courts located in Delaware. Both parties waive any right to a jury trial. If twenty-five (25) or more similar arbitration demands are filed against us by or with the assistance of the same law firm or group, a “batch arbitration” process may apply as permitted by the administrator’s rules.

23.Governing Law and Venue

These Terms are governed by the laws of the State of Delaware without regard to conflict-of-laws principles. Subject to the arbitration provision, any action not subject to arbitration shall be brought exclusively in the state or federal courts located in Delaware, and you consent to the personal jurisdiction of such courts.

24.State-Specific Consumer Rights / Jurisdiction-Specific Provisions

We comply with all applicable U.S. state consumer-protection and privacy statutes. The following is a non-exhaustive list of laws we monitor and adhere to as they apply to the Services:

California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)
Virginia Consumer Data Protection Act (VCDPA)
Colorado Privacy Act (CPA)
Connecticut Data Privacy Act (CTDPA)
Utah Consumer Privacy Act (UCPA)
Texas Data Privacy and Security Act (TDPSA)
Oregon Consumer Privacy Act (OCPA)
Montana Consumer Data Privacy Act (MCDPA)
Any other comprehensive state privacy statute enacted and effective as of the date of your use

Some states do not allow the exclusion of certain warranties or the limitation of liability for certain damages; in such states, the disclaimers and limitations in Sections 18 and 19 shall apply to the maximum extent permitted by law. Residents of California are entitled to the consumer rights and notices set forth in our Privacy Policy, including the right to know, delete, correct, and opt out of the “sale” or “sharing” of Personal Information. We honor Global Privacy Control and other opt-out preference signals where required by applicable state law.

If the Company later offers money-transmission, lending, or other regulated services, additional state-specific licensing and consumer-protection disclosures will be added to these Terms and the Privacy Policy. Nothing in these Terms waives any non-waivable rights under applicable state consumer-protection laws.

25.Changes to the Terms

We may modify these Terms at any time. We will notify you of material changes by posting the revised Terms and updating the Effective Date or by other reasonable means (e.g., email). Your continued use after the effective date of the revised Terms constitutes acceptance. If you do not agree, you must stop using the Services.

26.Electronic Communications and E-SIGN Consent

You consent to receive all communications, agreements, and notices electronically. You agree that electronic signatures and records have the same legal effect as physical ones. You may withdraw consent by contacting us, but doing so may prevent continued use of the Services.

27.Miscellaneous

These Terms constitute the entire agreement between you and us. If any provision is held invalid, the remainder remains in full force. No waiver of any breach constitutes a waiver of any prior or subsequent breach. We may assign these Terms without notice; you may not. The Services are not offered to users outside the United States. Headings are for convenience only.

28.Contact Information

If you have questions about these Terms, please contact us at:

tinyCFO (a DBA of 7th Street Research, Co.)
169 Madison Ave STE 15124
New York, NY 10016
Email: support@tinycfo.ai

← Back to home