Every Finance Task, Done Faster
Upload your data, tell SuperCFO what you need — reports, dashboards, analysis — and review the output. You always have the last word.
One Platform, Every Finance Task
From monthly reporting to compliance checks, SuperCFO handles the full finance workflow — dashboards, reports, transforms, and more. All in one place.
Interactive Dashboards
63+ templates for P&L, cash flow, SWOT analysis, multi-company comparisons, and more. AI generates a full dashboard from your uploaded data.
Data Transform
Upload messy, inconsistent spreadsheets and get back clean, structured Excel files — formatted exactly how your team needs them.
Expense Claims
Bulk-upload receipts and get back a ZIP with a complete Excel summary and renamed receipt files — ready for submission.
Quotation Comparison
Upload vendor quotations and get a side-by-side Excel analysis with scoring, recommendations, and total cost breakdowns.
FS Casting Check
Upload your financial statements and SuperCFO verifies mathematical accuracy, cross-references figures, and flags discrepancies.
Financial Modelling
Build DCF models, scenario analyses, and A vs B comparisons. Provide your assumptions — SuperCFO builds the model in Excel.
Report Compilation
Generate IFRS, MPERS, or interim financial reports from your data. Structured, compliant, and ready for review.
Ask SuperCFO
Your general finance assistant. Ask any finance question, attach supporting files, and get a structured answer or output file.
Upload. Instruct. Review. Done.
No complex setup. No learning curve. Upload your data, describe what you need, and review the output.
Upload Any Financial Data
Drag and drop your files — Excel, CSV, PDF, images, receipts, or quotations. SuperCFO reads and understands them all.
- Excel & CSV files
- PDF reports & statements
- Receipt images
- Vendor quotations
Tell SuperCFO What You Need
Select a capability and describe what you want. Dashboards, reports, financial modelling, expense claims — just tell it.
- Interactive dashboards
- IFRS / MPERS reports
- Data transforms
- DCF & scenario models
Review and Finalize
SuperCFO delivers the output. You review, edit if needed, and download in any format. You always have the last word.
- Download Excel, PDF, ZIP
- Rename and re-run anytime
- Full history in sidebar
- You approve before it's final
Ready to see it in action?
Try It FreeOne Upload, Many Outputs
The same financial data can power dashboards, reports, and claims — all from a single upload.
Monthly Management Dashboard
P&L, cash flow, KPIs, and variance analysis — all generated from your Excel upload in seconds.
Board-Ready Financial Report
IFRS or MPERS-compliant financial statements, structured and formatted for board review.
Team Expense Reconciliation
Bulk-upload receipts and get back a clean Excel summary with renamed files — ready for submission.
Choose Your Perfect Plan
Start free and scale as you grow. All plans include dashboards, reports, transforms, and more.
Free
Get started
Get Started- 200 credits per month (~$20 value)
- All dashboard types
- All AI tools & features
- Organization & team sharing
- Community support
Business
Best for teams & businesses
Get Started- 2,000 credits per month (~$200 value)
- All dashboard types
- All AI tools & features
- Organization & team sharing
- Priority support
Enterprise
Contact sales
Contact Sales- Custom credit allocation
- All dashboard types + custom
- All AI tools & features
- Dedicated account manager
- Priority support & custom SLA
All plans include 14-day free trial. No credit card required to start.
Credit costs: Dashboards (2–8), Transforms (8), Reports (8), Expense Claims (2–8), Casting (3–8), Modelling (8), Amendments (1), Chat (1)
Your Financial Data, Protected
Finance teams trust SuperCFO with sensitive data every day. Here's how we keep it safe.
Your Data is Encrypted
Every file you upload and every report generated is transmitted over an encrypted connection. No one can intercept your financial data in transit.
AI Never Keeps Your Files
Your documents are processed and discarded. AI providers do not store, train on, or have access to your financial data after analysis.
Only Your Team Can See Your Data
Each user only sees their own reports and dashboards. Organization admins control who has access. No cross-account data leaks.
Secure Sign-In, No Passwords to Manage
Sign in with your Google account. We never store passwords on our servers — one less thing to worry about getting breached.
Auto-Logout When You Walk Away
Left your screen open? Sessions automatically expire after 30 minutes of inactivity, so no one can access your account if you step away.
Safe File Handling
We validate every uploaded file before processing — checking file type, size (max 20MB), and content structure. Suspicious files are rejected.
Delete Your Data Anytime
You can delete individual reports or your entire account with one click. All your data is permanently erased — no questions asked. GDPR and PDPA compliant.
Key Actions are Logged
File uploads, downloads, deletions, sign-ins, and account changes are recorded in an audit trail. Your organization can review who did what and when.
Transparent Data Practices
Our Privacy Impact Assessment documents exactly what data we collect, who processes it, how long we keep it, and your rights. No surprises.
Two-Factor Authentication
Add an extra layer of protection with an authenticator app. Organization admins can require MFA for all team members.
IP Restrictions for Teams
Restrict access to approved office or VPN IP addresses only. If someone tries to log in from an unauthorized location, they are blocked.
TLS 1.3 + HSTS
All connections encrypted with TLS 1.3. HSTS enforced with 2-year max-age, includeSubDomains, and preload directives.
Database Security
Managed PostgreSQL with enforced SSL certificate validation. All queries use parameterized statements — zero SQL injection risk.
Security Headers & CORS
X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy on all responses. Explicit CORS origin allowlisting on API routes.
Container Isolation
Non-root Docker containers with pinned base images (node:20.19-bookworm-slim). Multi-stage builds strip dev dependencies from production.
Cookie Security
All auth cookies enforce HttpOnly, Secure, and SameSite=Lax flags. 30-minute maxAge with automatic refresh on active sessions.
Rate Limiting
Per-user and per-IP rate limiting: 20 req/min for uploads, 10 req/min for AI generation, 60 req/min general API. Guest endpoints are further restricted.
Vulnerability Scanning
Automated npm audit runs before every deployment. Critical vulnerabilities are flagged and reviewed before code reaches production.
Pinned Dependencies
Docker base images and critical packages are version-pinned. Every build is reproducible and auditable — no supply chain drift.
Audit Logging
File uploads, downloads, deletions, and account changes logged with user ID, IP, user agent, and timestamp. Admin API for audit trail review.
Encrypted Backups
Managed PostgreSQL with AES-256 encryption at rest. Automated daily backups with 7-day retention.
GDPR/PDPA Deletion
Self-serve DELETE /api/user/delete-account cascades across all 19 user-owned tables via atomic database function. Audit-logged before execution.
AES-256-GCM at Rest
Sensitive fields (extracted financial text, OAuth tokens) encrypted with AES-256-GCM. Backward-compatible: existing plaintext auto-detected and read as-is.
TOTP MFA (AAL2)
Supabase TOTP enrollment + verification. Org admins toggle require_mfa. Middleware enforces AAL2 — redirects aal1 users to enroll or verify.
IP Allowlisting
Org-level JSONB allowlist with CIDR support. Middleware checks x-forwarded-for against allowlist. NULL = unrestricted. 403 on mismatch.
Anomaly Detection
Admin API scans for high-frequency users (>100 calls/hr), downloads from new IPs, and bulk deletes (>10/hr). Query-based, no external dependencies.
Data Retention Policies
Automated purge API: api_usage_logs > 12mo, audit_logs > 24mo, credit_transactions > 24mo. Batch deletes (10k rows) to avoid lock contention.