Legal

Privacy Policy

Last updated: May 21, 2026

Reconci AI (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and a hashed version of your password. We never store your password in plain text.

1.2 QuickBooks Data

When you connect QuickBooks Online, we import and store:

  • Chart of Accounts (account names and IDs)
  • Purchase and Deposit transactions (vendor, amount, date, memo, category)
  • Open Bills and Invoices (vendor/customer names, amounts, dates)
  • Bank account names associated with transactions
  • Tax codes and class tracking data (if enabled in your QBO account)
  • Company name and company email from your QBO company profile

This data is stored locally in our database and synchronized incrementally on each manual sync or automated daily cron run.

1.3 OAuth Tokens

Your QuickBooks OAuth access and refresh tokens are encrypted using AES-256-GCM before being stored in our database. They are decrypted only when needed to make API calls on your behalf and are never logged or exposed to third parties.

1.4 Receipt Files

Files you upload as receipts are stored on our server storage. We do not currently upload these files back to QuickBooks. Receipt files are associated with your account and deleted when you delete your account.

1.5 Usage Data

We maintain an append-only Activity Log of actions taken within the platform (syncs, category approvals, email sends, etc.) for your own audit and review purposes. This log is visible to you from the dashboard and is retained as long as your account exists.

2. How We Use Your Information

We use your information to:

  • Provide and operate the Reconci AI service.
  • Synchronize your QuickBooks data and apply AI-suggested categorizations.
  • Send receipt follow-up emails and bill/invoice reminders on your behalf.
  • Send daily automation summary emails (when the daily cron runs).
  • Improve the accuracy of learned categorization rules.
  • Communicate important service updates.

We do not sell your data to third parties. We do not use your financial data to train shared AI models.

3. Third-Party Services

3.1 Intuit / QuickBooks Online

Data synchronized from QuickBooks is subject to Intuit's Privacy Statement. We access QBO data only with your explicit OAuth authorization.

3.2 Resend (Email Delivery)

Outbound emails (follow-up requests, reminders, daily summaries) are sent via Resend. Email content may include transaction vendor names, amounts, and dates. Resend processes this data in accordance with their privacy policy.

3.3 AI Providers (Gemini / Groq)

When AI categorization is enabled, transaction details (vendor name, amount, memo, payment type, date) are sent to the configured AI provider (Google Gemini or Groq) for categorization inference. Receipt images may also be sent when available. Data sent to AI providers is subject to their respective privacy policies:

4. Data Security

We implement the following security measures:

  • All data transmitted to and from Reconci AI is encrypted via TLS.
  • OAuth tokens are encrypted at rest using AES-256-GCM.
  • Passwords are hashed using bcrypt (cost factor 10) and never stored in plain text.
  • Session cookies are HttpOnly, SameSite=Lax, and Secure in production.
  • Database credentials are managed via environment variables, never hardcoded.

No system is completely secure. In the event of a data breach, we will notify affected users promptly and take appropriate remediation steps.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your account and all associated data are permanently deleted within 30 days.
  • Uploaded receipt files are removed from our storage.
  • Your QuickBooks OAuth tokens are revoked and deleted.

6. Your Rights

You have the right to:

  • Access the data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Revoke QuickBooks OAuth access at any time via the Intuit developer portal.
  • Withdraw consent to email communications (receipt follow-ups can be disabled).

To exercise any of these rights, contact us at privacy@reconci.ai.

7. Cookies

Reconci AI uses a single session cookie (ledge_session) to maintain your authenticated state. This cookie is HttpOnly (not accessible to JavaScript) and expires after 14 days of inactivity. We also use localStorage to persist your theme preference (light/dark). We do not use advertising or tracking cookies.

8. Children's Privacy

Reconci AI is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice. The “Last updated” date at the top of this page reflects the most recent revision.

10. Contact

For privacy-related questions or requests, contact us at privacy@reconci.ai.