Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and a hashed password. If you sign in with Google, we receive your Google account email and profile information.

1.2 Uploaded Data

We store bank transaction data and invoice data that you upload in CSV or Excel format. This includes transaction dates, descriptions, amounts, invoice numbers, client names, and currency information.

1.3 Usage Data

We automatically collect information about how you interact with our service, including pages visited, features used, upload frequency, and match confirmation rates. This data is collected via Vercel Analytics.

1.4 Payment Information

If you subscribe to a paid plan, payment processing is handled by FastSpring. We receive your subscription status, plan type, and order references. We do not store your credit card or banking details.

2. How We Use Your Information

• Provide and maintain the reconciliation service
• Process AI-powered matching of bank transactions to invoices
• Manage your account and subscription
• Send service-related communications (password resets, account notifications)
• Improve our matching algorithms and user experience
• Monitor usage and enforce plan limits
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your data with the following third-party service providers:

• Supabase — Database hosting and authentication (data stored in their cloud infrastructure)
• Google (Gemini API) — Text embeddings for AI matching (transaction descriptions and client names are sent for semantic analysis)
• FastSpring — Payment processing (order and subscription data)
• Vercel — Application hosting and analytics (anonymized usage data)

All third-party providers are bound by their respective privacy policies and data processing agreements.

4. Data Storage & Security

Your data is stored in Supabase's PostgreSQL database with Row-Level Security enabled, ensuring that each user can only access their own data. We implement industry-standard security measures including HTTPS encryption, HTTP-only session cookies, and input validation on all API endpoints. Passwords are handled by Supabase Auth using bcrypt hashing.

5. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access — Request a copy of your personal data
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your account and all associated data
• Export — Request a portable copy of your data
• Objection — Object to processing of your data for certain purposes

To exercise any of these rights, please contact us at the email address provided at the bottom of this policy.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (bank transactions, invoices, matches, and batches) is permanently removed from our systems within 30 days. Analytics data is anonymized and retained for up to 12 months.

7. Cookies

We use essential cookies for authentication and session management. These cookies are HTTP-only, secure, and same-site restricted. We also use analytics cookies via Vercel Analytics to understand how users interact with our service. For more details, see our Cookie Policy.

8. Children's Privacy

Our service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page with an updated "Last updated" date. Significant changes may also be communicated via email.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:
support@reconsync.ai