Last updated: May 2026
This Privacy Policy ("Policy") describes how OurBooks ("we," "our," or "us") collects, uses, stores, shares, and protects your personal information when you use the OurBooks cloud-based accounting platform and related services (the "Service"). By accessing or using the Service, you acknowledge that you have read and agree to this Policy.
When you create an account, subscribe to the Service, or interact with us, we collect:
The core purpose of OurBooks is to manage your financial records. You may enter or import:
All financial data is entered or uploaded by you. We do not independently collect financial data about you or your business from external sources.
We automatically collect certain information when you use the Service:
We use cookies and similar technologies to maintain your session, remember your preferences, and analyze Service usage. See Section 10 for detailed cookie disclosures.
We use the information we collect for the following purposes:
We do not sell your personal information or financial data to third parties. We do not use your data to train third-party AI or machine learning models without your separate, explicit consent.
OurBooks employs a schema-per-tenant data isolation architecture. Each company you create in OurBooks receives its own dedicated PostgreSQL database schema. This means:
We implement industry-standard security measures to protect your data:
Your data is stored on servers located in the United States, hosted by our infrastructure providers (see Section 4). If you are located outside the United States, your data will be transferred to and stored in the United States. See Section 8 for information about international data transfers.
We share your information only with the third-party service providers necessary to operate the Service. We do not sell, rent, or trade your personal information or financial data. Our third-party service providers include:
We use Clerk (clerk.com) for user authentication and session management. Clerk receives your name, email address, and authentication credentials. Clerk's privacy policy is available at clerk.com/privacy.
We use Stripe (stripe.com) for subscription billing and payment processing. Stripe receives your payment card details, billing address, and transaction amounts. We do not store your full credit card number on our servers. Stripe's privacy policy is available at stripe.com/privacy.
If you use the receipt scanning feature, we use Amazon Web Services Textract to perform optical character recognition (OCR) on uploaded documents. Document images are transmitted to AWS for processing and are not retained by AWS after processing is complete. AWS's privacy notice is available at aws.amazon.com/privacy.
We use Neon (neon.tech) to host our PostgreSQL databases. All your financial and account data resides on Neon's infrastructure. Neon provides encryption at rest and in transit. Neon's privacy policy is available at neon.tech/privacy.
We use Vercel (vercel.com) to host the OurBooks web application. Vercel processes your requests and may receive your IP address and browser information as part of standard web hosting operations. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.
If you connect a bank or credit card account to import transactions, we use Plaid (plaid.com) to facilitate that connection. You enter your bank credentials directly with Plaid — OurBooks never sees or stores your banking username or password.Plaid provides us with an access token and the transaction data for accounts you have authorized. Access tokens are encrypted at rest before storage. You can disconnect a bank account at any time from the Bank Feeds settings, which instructs Plaid to revoke its access. Plaid's end-user privacy policy is available at plaid.com/legal.
We use Resend (resend.com) to deliver email — including account confirmations, password resets, billing receipts, invitations, subscription notices, service announcements, and a short series of onboarding and educational messages after you sign up. Resend receives your email address and the content of each message we send. Onboarding and other non-essential messages include an unsubscribe link, and we do not sell your email address or share it for third-party advertising. Resend's privacy policy is available at resend.com/legal/privacy-policy.
We use Sentry (sentry.io) to capture application errors and monitor performance. When an error occurs in the Service, Sentry receives technical context including the error stack trace, the URL where the error occurred, your browser and device information, and your OurBooks user ID. We do not intentionally send financial data or message bodies to Sentry, though small fragments may appear in error messages or stack frames. Sentry's privacy policy is available at sentry.io/privacy.
We use Upstash (upstash.com) Redis to enforce request rate limits and protect the Service against abuse. Upstash processes identifiers (such as your user ID or IP address) and short-lived counters; it does not store financial data, account details, or message contents. Upstash's privacy policy is available at upstash.com/trust/privacy.
Several optional features of the Service use Google's Gemini API to assist you. These include the AI assistant (chat), automated extraction of data from uploaded bills, invoices, and bank-statement PDFs, suggested chart-of-accounts categories, transaction and bank-feed categorization, and budget, quote, and report assistance. When you invoke one of these features, the input text or document content you provide and the contextual information needed to generate a result are transmitted to Google for processing. We access the Gemini API through a paid, billing-enabled Google Cloud account; under Google's paid API terms, Google does not use Gemini API inputs or outputs to train its models. AI features are optional, and you can avoid sending data to Google by not using them. Google's privacy policy is available at policies.google.com/privacy.
We use Vercel Blob (vercel.com), provided by Vercel, to store files you upload to the Service — including company logos, scanned bills and invoices, receipt images, and any files you attach to in-app feedback. Vercel Blob receives the contents of these files and the access metadata needed to serve them back to you. OurBooks does not request or require you to upload full credit-card images or bank-credential documents, and we do not authorize Vercel to use uploaded files for any purpose other than storing and serving them on our behalf. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.
If you use OurBooks to electronically file 1099 information returns, we use Tax1099 (tax1099.com), provided by Zenwork, Inc., to prepare and transmit those filings to the IRS. To submit a filing, Tax1099 receives the recipient and payer information the IRS requires — including names, mailing addresses, taxpayer identification numbers (EINs or SSNs), and payment amounts. We transmit this information only when you initiate a 1099 e-filing, and only for the recipients included in that filing. Tax1099's privacy policy is available at tax1099.com/privacy-policy.
We may also disclose your information if required to do so by law, in response to a valid legal process (such as a subpoena or court order), to protect our rights or property, to prevent fraud or abuse, or to protect the safety of our users or the public. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
We extend the following privacy rights to all U.S. residents, regardless of which state you live in. These rights derive from the California Consumer Privacy Act (CCPA/CPRA) and similar laws in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Florida, and other states.
To exercise any of these rights, email privacy@ourbooks.app and describe the right you wish to exercise. We can usually verify your request fastest when it is sent from the email address associated with your OurBooks account; if you are submitting a request through an authorized agent, see Section 5.4. We will respond within 45 days; if we need additional time to fulfill your request, we may extend this period by up to 45 additional days and will notify you of the extension and the reason.
To protect your data, we must verify that the person making a request is the account holder. We verify by confirming that the request comes from the email address registered to the account, and we may ask you to confirm specific account details. If we cannot reasonably verify your identity, we will be unable to fulfill your request and will tell you why.
You may designate an authorized agent to submit privacy requests on your behalf. We will require written documentation of the authorization (such as a signed permission or a power of attorney) and may also ask you to verify your identity directly with us before fulfilling the agent's request.
We do not sell personal information, share it for cross-context behavioral advertising, or engage in targeted advertising. We honor Global Privacy Control (GPC) signals consistent with this practice.
OurBooks does not use automated decision-making or profiling to make decisions that produce legal or similarly significant effects about you. We do not use your personal information to assess creditworthiness, employment eligibility, insurance risk, or any similar consequential outcome.
Some optional features of the Service use artificial intelligence to assist you — for example, suggesting chart-of-accounts categories or describing a transaction. These features generate suggestions for you to review and accept, reject, or modify; they do not make decisions on your behalf. AI features that send data to a third-party provider are disclosed in Section 4. We do not use your financial data or personal information to train AI or machine learning models, and we do not authorize our AI providers to do so.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent local legislation:
Our legal bases for processing your personal data include: (a) performance of a contract (providing the Service you subscribed to); (b) legitimate interests (improving and securing the Service, analytics); and (c) compliance with legal obligations.
To exercise any of these rights, contact us at privacy@ourbooks.app. You also have the right to lodge a complaint with your local data protection supervisory authority.
OurBooks is operated from the United States, and your data is stored on servers located in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with data protection laws that differ from U.S. law, your personal data will be transferred to the United States.
For transfers of personal data from the EEA or the United Kingdom to the United States, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK Information Commissioner's Office, respectively. These contractual safeguards ensure that your personal data receives an adequate level of protection when transferred outside your jurisdiction.
You may request a copy of the applicable Standard Contractual Clauses by contacting us at privacy@ourbooks.app.
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Policy. Specific retention periods by data category:
Archived companies vs closed accounts: Within OurBooks, you can archive individual companies separately from closing your account. Archived companies are retained for 7 years from the date of last activity (matching our 7-year tax-record retention period) so you can restore or export them during that window. Closing the company (or closing your account) starts a separate 90-day deletion countdown.
When data is no longer required, we delete or de-identify it in accordance with our internal data retention procedures. Closure is reversible during the 90-day window via the in-app recovery flow. After 90 days, deletion is permanent and irreversible. You may request earlier deletion of your personal data by contacting us at privacy@ourbooks.app, subject to applicable legal retention requirements.
We use cookies and similar technologies to operate and improve the Service:
We do not use third-party advertising cookies or cross-site tracking technologies. You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using the Service.
OurBooks is a business accounting platform not directed at children under the age of thirteen (13). We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If we learn that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible.
If you believe we have collected personal information from a child under 13, please contact us immediately at privacy@ourbooks.app so that we can take appropriate action.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. For material changes, we will:
Your continued use of the Service after the effective date of an updated Policy constitutes your acceptance of the changes. If you do not agree to any changes, you should discontinue use of the Service and contact us to close your account.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
We will respond to all privacy-related requests within forty-five (45) days, or within the timeframe required by applicable law, as described in Section 5.2.