Privacy Policy

• We store only what is necessary for authentication, billing, and platform operation.
• Your General Ledger data, generated reports, and AI conversation history can stay in your own storage via BYOD (Bring Your Own Drive / Database). In that mode we never persist your financial data on our servers.
• Your AI usage can flow through your own Claude / OpenAI / Gemini account via BYOK. In that mode we do not see prompts or completions.
• We do not sell, rent, or share your data with third parties for advertising or marketing.

Account information. Email, name, hashed password, organisation, role, and timestamps of sign-in, sign-up, and terms acceptance.

Trial signups. When you submit the trial form we record the email, name, IP address, and user-agent for fraud prevention and lifecycle messaging.

Platform-operation data. Run metadata (timestamps, agent versions, durations, token counts), audit logs (sign-in events, configuration changes, BYOK / BYOD connection events), and error logs.

Financial data you upload. Depending on your storage mode:

• Managed mode — your GL, reports, and chat history live in our infrastructure under SOC 2 controls and are isolated per-tenant.
• BYOD mode — financial data lives in your Google Drive, OneDrive, SharePoint, or your own database. We never persist a copy.

AI provider data. Depending on your AI mode:

• Managed AI — prompts and completions flow through our enterprise AI provider account, governed by their no-training policy.
• BYOK — prompts and completions flow through your own AI provider account. We do not see them.

• To provide the platform: authentication, running reports, generating outputs, customer support.
• To improve reliability: aggregated error rates, anonymised performance metrics. We do not use your financial data to train AI models.
• To communicate: trial status, security notices, product updates you have opted into.
• To meet legal obligations: tax records, fraud prevention, security incident response.

• Account data — kept while your account is active and for up to 12 months after closure, then deleted.
• Trial signups that do not convert — retained for 12 months for product analytics, then deleted.
• Audit logs — retained for up to 7 years where required for compliance.
• Financial data in managed mode — you control retention via your account; we delete on request.
• Financial data in BYOD mode — controlled entirely by you in your own storage.

Subject to applicable law (including GDPR for EU/UK and CCPA/CPRA for California), you have the right to:

• Access the data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Object to or restrict certain processing
• Port your data to another provider
• Withdraw consent at any time
• Lodge a complaint with your local data-protection authority

Contact us at /contact to exercise any of these rights.

We process data primarily in the region you select during onboarding. If data is transferred internationally, we rely on Standard Contractual Clauses (SCCs) and equivalent legal mechanisms. BYOK and BYOD give you direct control over where data resides.

See our Security page for detail on encryption, access controls, audit logs, and our certification roadmap.

We use only essential cookies: an HTTP-only signed session cookie for authentication and a CSRF token. We do not use third-party advertising or behavioural tracking cookies.

Finance & Reporting Intelligence is a business product not intended for users under 18.

We will notify registered users by email of material changes at least 30 days before they take effect. The “Last updated” date at the top reflects the current version.

Privacy questions, deletion requests, and data-protection complaints: /contact.