Privacy Policy

What We Collect

We collect only what's necessary to provide the service:

• The invoice files and extracted data
• Transactions from your accounting software in order to match with invoice data
• A one-way hash of your IP address (for rate limiting only)
• The number of files you've processed for billing

If you choose to create an account, we collect your email address for authentication.

File Storage

Your files are stored using Supabase, a SOC 2 Type II compliant infrastructure provider. Files are retained for as long as the retention period you set in your project and permanently deleted afterwards. We do not retain copies of your documents after this period, or any of the information they contain.

AI Processing

We use Google Vertex AI to extract data from your invoices. Google's Zero Data Retention (ZDR) policy ensures your data is:

• Not used to train AI models
• Not retained after processing
• Not shared with third parties

Background Processing

We use Inngest for background job processing. Inngest is SOC 2 Type II compliant and does not store your invoice files. They only execute the code that processes your invoices.

Hosting

Our application is hosted on Vercel, which maintains SOC 2 Type II attestation for Security, Confidentiality, and Availability, as well as ISO 27001 certification.

Cookies

We use minimal cookies for essential functionality such as rate limiting. We may use analytics software to understand how the application is used and improve the service. We do not use advertising cookies.

Your Rights

You are free to delete your project at any time, which removes all data associated with you and your business. You can also link and unlike your Google Drive, Gmail, Xero, and FreeAgent accounts as you wish from within the project settings.

Contact

If you have questions about this privacy policy, please contact us.