Privacy.

Last updated: April 28, 2026. This policy describes what data we collect, how we use it, and how you can control it.

1. What we collect

Account data:

• Email address (required for sign-up and account communication)
• Workspace name and the LLC names + states you create
• Authentication tokens (managed by Clerk; we never see your password)

Bookkeeping data you provide:

• Bank transactions (date, amount, merchant description, account)
• Bank-connection metadata via Plaid (institution name, masked account number)
• CSV uploads of your transactions
• Your categorizations, property tags, and AI-suggestion overrides

Payment data:

• We do not collect or store payment-card details
• Paddle.com Inc. is our merchant of record and processes all payments — they store your card data securely on PCI-DSS-compliant infrastructure
• We receive only the billing-status metadata (subscription active, next renewal date, billing email) Paddle sends back to us

Operational data we collect automatically:

• IP address (used for security monitoring and fraud prevention)
• Browser type and version (used for compatibility decisions)
• Pages visited and feature usage (used to improve the product)
• Error reports (sent to Sentry; PII is allowlisted out before transmission)

2. How we use it

• To provide the Service: categorize transactions, generate reports, produce export files
• To send you account and product communications (transactional emails, security notices)
• To improve the categorization model's accuracy on your transactions over time (your overrides train your workspace's rule cache)
• To monitor for security issues and fraud
• To comply with legal obligations (tax, accounting, anti-money-laundering)

3. What we don't do

• We don't sell your data to anyone
• We don't share your transaction data with marketing partners
• We don't train general-purpose AI models on your transactions (Anthropic, our LLM provider, also does not train on API customer data per their policy)
• We don't scan your data for advertising
• We don't share your data with your bank, your accountant, or any third party without your explicit consent

4. Service providers

We use the following sub-processors to operate the Service:

• Clerk (US) — authentication and identity
• Supabase (US-East) — database and storage; row-level security per workspace
• Anthropic (US) — AI categorization (transaction descriptions only; Anthropic does not retain or train on API requests per their data-handling policy)
• Plaid (US) — bank connectivity (post-v0.1)
• Paddle.com Inc. (Merchant of Record) — payment processing and tax compliance
• Resend (US) — transactional email delivery
• Sentry (US) — error monitoring (PII filtered out)
• Vercel (US) — application hosting

Each sub-processor receives only the data it needs to perform its function and is contractually obligated to protect it. We maintain Data Processing Agreements (DPAs) with each.

5. Data location & retention

Your data is stored in US-East data centers operated by our sub-processors. Active subscription data is retained for as long as your subscription is active. After cancellation, your data is retained for 30 days (during which you can export it), then permanently deleted from production systems and rolling backups.

6. Your rights

You can:

• Export all your data at any time via the CPA-export button (Excel format)
• Correct any data on your account by editing it in the product or emailing support
• Delete your account and all associated data by emailing privacy@flatbooks.io — deletion is irreversible and processed within 5 business days
• Object to processing or restrict use by contacting privacy@flatbooks.io
• Withdraw consent for any optional data processing (e.g. analytics) at any time

California residents (CCPA) and EU/UK residents (GDPR) have additional rights including the right to know what personal data we hold and the right to portability. Contact privacy@flatbooks.io to exercise any of these rights — we respond within 30 days.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API routes that access your bookkeeping data require authentication. Bank credentials are handled exclusively by Plaid; we never see them. Card details are handled exclusively by Paddle; we never see them. We publish a vulnerability-disclosure policy at /legal/security and a machine-readable record at /.well-known/security.txt.

8. Cookies

We use a minimal set of cookies, all first-party, all required for the Service to function: an authentication token (set by Clerk), a theme-preference cookie (light/dark/system), and a session-id used for error monitoring. We do not use third-party advertising cookies or cross-site tracking pixels.

9. Children

The Service is not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact privacy@flatbooks.io and we will delete it.

10. Changes to this policy

We may update this policy as our practices evolve. Material changes will be announced via email at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

11. Contact

Privacy questions or rights requests: privacy@flatbooks.io. We respond within 5 business days.