Privacy Policy

This Privacy Policy ("Policy") describes how OurBooks ("we," "our," or "us") collects, uses, stores, shares, and protects your personal information when you use the OurBooks cloud-based accounting platform and related services (the "Service"). By accessing or using the Service, you acknowledge that you have read and agree to this Policy.

1. Information We Collect

1.1 Information You Provide

When you create an account, subscribe to the Service, or interact with us, we collect:

• Account Information: Name, email address, and authentication credentials (managed by our authentication provider, Clerk).
• Billing Information: Payment card details, billing address, and subscription plan selection (processed and stored by our payment provider, Stripe). We do not store your full credit card number on our servers.
• Company Information: Business name, legal name, business type, tax identification numbers, fiscal year settings, address, phone number, and other company profile details you enter.

1.2 Financial Data You Enter

The core purpose of OurBooks is to manage your financial records. You may enter or import:

• Chart of accounts, account balances, and account hierarchies
• Journal entries, general ledger transactions, and adjusting entries
• Invoices, bills, and payment records
• Customer and supplier contact information and records
• Bank account details and bank transaction records for reconciliation
• Budget and forecast data
• Receipts and documents uploaded for OCR processing
• Trial balance imports from other accounting systems

All financial data is entered or uploaded by you. We do not independently collect financial data about you or your business from external sources.

1.3 Usage and Device Information

We automatically collect certain information when you use the Service:

• Usage Data: Feature usage events (e.g., reports generated, imports completed, pages visited), session duration, and interaction patterns. These analytics help us improve the Service.
• Device Information: Browser type and version, operating system, screen resolution, and device type.
• Log Data: IP address, access times, referring URLs, and server log information.

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze Service usage. See Section 9 for detailed cookie disclosures.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To operate, maintain, and provide the features and functionality of OurBooks, including processing your financial data, generating reports, and enabling data imports and exports.
• Account Management: To create and manage your account, authenticate your identity, and process subscription payments.
• Service Improvement: To analyze usage patterns, diagnose technical issues, and improve the performance, reliability, and user experience of the Service.
• Communication: To send you transactional emails (account confirmations, billing receipts, subscription renewal notices), service announcements, and responses to your support requests.
• Compliance: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
• Analytics: To generate aggregated, de-identified analytics about Service usage to understand trends and improve our product.

We do not sell your personal information or financial data to third parties. We do not use your data to train third-party AI or machine learning models without your separate, explicit consent.

3. Data Storage and Security

3.1 Data Architecture

OurBooks employs a schema-per-tenant data isolation architecture. Each company you create in OurBooks receives its own dedicated PostgreSQL database schema. This means:

• Your financial data is stored in an isolated schema that is logically separated from all other customers' data.
• Cross-company data access is prevented at the database level through schema isolation.
• User account data (name, email, authentication) is stored in a shared schema, separate from your financial data.

3.2 Encryption and Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Encryption at Rest: Database storage is encrypted at rest using AES-256 encryption provided by our database hosting provider.
• Authentication Security: User authentication is managed by Clerk, which implements secure session management, password hashing, and multi-factor authentication support.
• Access Controls: Role-based access controls and company membership verification ensure users can only access data they are authorized to view.

3.3 Data Location

Your data is stored on servers located in the United States, hosted by our infrastructure providers (see Section 4). If you are located outside the United States, your data will be transferred to and stored in the United States. See Section 7 for information about international data transfers.

4. Data Sharing and Third-Party Services

We share your information only with the third-party service providers necessary to operate the Service. We do not sell, rent, or trade your personal information or financial data. Our third-party service providers include:

4.1 Clerk (Authentication)

We use Clerk (clerk.com) for user authentication and session management. Clerk receives your name, email address, and authentication credentials. Clerk's privacy policy is available at clerk.com/privacy.

4.2 Stripe (Payment Processing)

We use Stripe (stripe.com) for subscription billing and payment processing. Stripe receives your payment card details, billing address, and transaction amounts. We do not store your full credit card number on our servers. Stripe's privacy policy is available at stripe.com/privacy.

4.3 AWS Textract (Optical Character Recognition)

If you use the receipt scanning feature, we use Amazon Web Services Textract to perform optical character recognition (OCR) on uploaded documents. Document images are transmitted to AWS for processing and are not retained by AWS after processing is complete. AWS's privacy notice is available at aws.amazon.com/privacy.

4.4 Neon (Database Hosting)

We use Neon (neon.tech) to host our PostgreSQL databases. All your financial and account data resides on Neon's infrastructure. Neon provides encryption at rest and in transit. Neon's privacy policy is available at neon.tech/privacy.

4.5 Vercel (Application Hosting)

We use Vercel (vercel.com) to host the OurBooks web application. Vercel processes your requests and may receive your IP address and browser information as part of standard web hosting operations. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.

4.6 Other Disclosures

We may also disclose your information if required to do so by law, in response to a valid legal process (such as a subpoena or court order), to protect our rights or property, to prevent fraud or abuse, or to protect the safety of our users or the public. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Your Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose what personal information we collect, use, share, and sell about you. This includes the categories and specific pieces of personal information collected, the sources of collection, the business purposes, and the categories of third parties with whom we share information.
• Right to Delete: You may request deletion of personal information we have collected about you, subject to certain exceptions (such as data needed for legal compliance or to complete a transaction you requested).
• Right to Opt-Out of Sale: We do not sell your personal information. However, if we ever change this practice, you will have the right to opt out.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing or service quality for making a privacy request.
• Right to Correct: You may request that we correct inaccurate personal information that we maintain about you.

To exercise any of these rights, contact us at privacy@ourbooks.app. We will verify your identity before processing your request and respond within 45 days as required by law.

6. Your Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent local legislation:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
• Right to Erasure: You may request that we delete your personal data, subject to applicable legal retention requirements.
• Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format. OurBooks provides a comprehensive data export feature that exports all your financial data in CSV and JSON formats.
• Right to Object: You may object to the processing of your personal data for certain purposes, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

Our legal bases for processing your personal data include: (a) performance of a contract (providing the Service you subscribed to); (b) legitimate interests (improving and securing the Service, analytics); and (c) compliance with legal obligations.

To exercise any of these rights, contact us at privacy@ourbooks.app. You also have the right to lodge a complaint with your local data protection supervisory authority.

7. International Data Transfers

OurBooks is operated from the United States, and your data is stored on servers located in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data protection laws that differ from U.S. law, your personal data will be transferred to the United States.

For transfers of personal data from the EEA or the United Kingdom to the United States, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK Information Commissioner's Office, respectively. These contractual safeguards ensure that your personal data receives an adequate level of protection when transferred outside your jurisdiction.

You may request a copy of the applicable Standard Contractual Clauses by contacting us at privacy@ourbooks.app.

8. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Policy. Specific retention periods by data category:

• Account Information: Retained for the duration of your active account plus 90 days following account closure to allow for reactivation or data export.
• Financial Data: Retained for the duration of your active account. After account cancellation or termination, you have a 30-day data export window. Financial data is then scheduled for deletion within 90 days of account closure, subject to any legal retention requirements.
• Billing and Transaction Records: Retained for a minimum of seven (7) years following the transaction date, as required for tax and financial compliance purposes.
• Usage and Analytics Data: Retained in identifiable form for up to 24 months, after which it is aggregated or de-identified.
• Server Logs: Retained for up to 90 days for security and troubleshooting purposes.
• Support Communications: Retained for up to three (3) years following resolution to maintain service quality and for reference.

When data is no longer required, we delete or de-identify it in accordance with our internal data retention procedures. You may request earlier deletion of your personal data by contacting us at privacy@ourbooks.app, subject to applicable legal retention requirements.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

• Essential Cookies: Required for the Service to function, including session management, authentication state, and security tokens. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings (such as selected company, display preferences, and recently accessed features) to provide a personalized experience.
• Analytics Cookies: Help us understand how you use the Service, which features are most popular, and where users encounter issues. We use this data in aggregate to improve the Service.

We do not use third-party advertising cookies or cross-site tracking technologies. You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using the Service.

10. Children's Privacy

OurBooks is a business accounting platform not directed at children under the age of thirteen (13). We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If we learn that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible.

If you believe we have collected personal information from a child under 13, please contact us immediately at privacy@ourbooks.app so that we can take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. For material changes, we will:

• Post the updated Policy on our website with a new "Last Updated" date.
• Send an email notification to the address associated with your account at least fourteen (14) days before the change takes effect.
• Where required by applicable law, obtain your consent before implementing changes that materially affect how we process your personal data.

Your continued use of the Service after the effective date of an updated Policy constitutes your acceptance of the changes. If you do not agree to any changes, you should discontinue use of the Service and contact us to close your account.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Privacy Inquiries: privacy@ourbooks.app
• General Legal: legal@ourbooks.app
• Mailing Address: OurBooks, Attn: Privacy Team

We will respond to all privacy-related requests within thirty (30) days, or within the timeframe required by applicable law.