Privacy Policy

Last Updated: January 13, 2025

1. Introduction

BookKeeping App ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password (encrypted)
  • Financial Data: Receipt images, bank transaction data, vendor names, amounts, dates
  • User-Generated Content: Categories, notes, edits to extracted data

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent
  • Device Information: Browser type, operating system, IP address
  • Cookies: Authentication cookies, preference cookies

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our Service
  • Process and store your receipts and transaction data
  • Perform AI-powered data extraction from receipts and bank statements
  • Authenticate your identity and manage your account
  • Send important Service notifications (security alerts, updates)
  • Respond to your requests and support inquiries
  • Analyze usage patterns to improve user experience
  • Detect and prevent fraud, abuse, and security incidents

4. Third-Party Services

We use the following third-party services:

4.1 Supabase (Infrastructure)

We use Supabase for database, authentication, and file storage. Supabase is SOC 2 Type II certified and complies with GDPR. Your data is encrypted at rest and in transit.

Privacy Policy: https://supabase.com/privacy

4.2 Google Gemini (AI Processing)

We use Google Gemini AI to extract data from receipts and bank statements. Receipt images are sent to Google's API for processing. Google does not store your images or use them for training purposes.

Privacy Policy: https://policies.google.com/privacy

4.3 Vercel (Hosting)

Our Service is hosted on Vercel's infrastructure. Vercel may collect analytics and performance data to ensure Service availability.

Privacy Policy: https://vercel.com/legal/privacy-policy

4.4 Sentry (Error Tracking - Optional)

We may use Sentry to monitor errors and application performance. Error reports may include de-identified data about your session.

Privacy Policy: https://sentry.io/privacy/

5. Data Security

We implement security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS) and at rest (AES-256)
  • Authentication: Secure password hashing with bcrypt
  • Access Control: Row-Level Security (RLS) ensures users can only access their own data
  • Storage Policies: File access restricted to authenticated owners
  • Regular Audits: Security reviews and vulnerability scanning

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. You can delete your data at any time through the Service interface.

Upon account deletion:

  • All receipts, transactions, and associated data are immediately deleted
  • Uploaded files in storage are removed
  • Database backups are purged within 30 days
  • Authentication credentials are permanently removed

7. Your Rights (GDPR/CCPA)

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Data Portability: Export your data in CSV format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@bookkeepingapp.example.com

8. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and Service functionality
  • Analytics Cookies: Help us understand how you use the Service (optional)
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us so we can delete it.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on the Service. Continued use after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

13. Data Processing Agreement

For business users who need a Data Processing Agreement (DPA) for GDPR compliance, please contact us at the email address above.

← Back to Home