Privacy Policy

We collect account information (name, email, encrypted password), business profile data, financial records you upload or sync, receipt images and scan results, usage analytics, and third-party integration metadata (such as bank connection details) to operate the service. Bank connections and payment credentials are handled by external providers and are not stored directly on our servers.

We use data to provide bookkeeping automation, generate financial reports, improve product features, detect fraud, power approval routing and policy checks, and comply with legal obligations.

AI systems analyze your data to suggest categorizations, summaries, and forecasts. Auto-posting is optional and governed by thresholds you control in Settings. We record AI actions and provide explainability notes to support review and transparency.

We share data with vendors that provide infrastructure, payments, and AI processing (for example: hosting, data storage, analytics, payments, and receipt scanning). Subprocessors are required to meet contractual security standards. See our Service providers list for the current providers.

We retain data while your account is active and for a limited period after termination to comply with legal obligations and support data export requests.

You may request access, correction, deletion, or export of your data subject to applicable law. Contact support to submit a request.

California residents have the right to know what personal information we collect, request deletion of personal information, opt-out of the sale or sharing of personal information (we do not sell or share your data for cross-context behavioral advertising), and not be discriminated against for exercising these rights. To exercise your rights, contact support with your request.

Financial data is encrypted in transit and at rest. We implement access controls, security logging, and regular security assessments. Bank credentials are handled by third-party providers and are never stored on our servers. We comply with applicable data protection requirements under the Gramm-Leach-Bliley Act (GLBA) safeguards rule.

Where required, we rely on standard contractual protections for cross-border transfers and store data in approved regions.

You can manage analytics preferences through our Privacy Choices page and by adjusting browser settings. We use essential cookies to operate the service and only use optional analytics cookies when consent is provided where required by law.

We may update this policy periodically. We will notify you of material changes and update the effective date above.