Privacy Policy

1. Introduction

This Privacy Policy explains how ReconcileIQ ("Service", "we", "our", or "us") collects, uses, and protects your data when you use our bank reconciliation tool. By using our Service, you consent to the data practices described in this policy.

2. Data Collection and Processing

2.1 Types of Data We Process

We process the following types of user-uploaded data:

• Transaction dates
• Transaction amounts
• Transaction descriptions
• Other related financial data contained in the uploaded CSV files

2.2 Data Processing Methods

All data processing is performed securely and as follows:

• Files are transferred over TLS 1.3 encrypted connections.
• Server-side processing occurs in secure, isolated environments.
• All data is encrypted at rest using AES-256 encryption during processing.
• The Service does not store encryption keys long-term; keys are generated per session and retained only for the duration of the processing task.
• Processed files and associated encryption keys are automatically and securely deleted after analysis (generally within 5 minutes).

3. Data Retention

We operate on a process-and-delete basis:

• Files are processed immediately upon upload.
• Temporary files and keys are securely deleted within 5 minutes of processing completion.
• No historical data or decrypted financial records are retained.
• We do not store processed financial data in any persistent database.

3.1 Logging and Metadata

We may retain minimal logs (e.g., request timestamps, IP addresses) to ensure service stability and security. These logs do not contain uploaded financial data. All logs are periodically purged according to our internal retention policy. Users may request information on these logs and their retention periods by contacting us.

4. Data Security Measures

We implement and maintain appropriate technical and organizational security measures:

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Secure file handling procedures, with strict memory management and usage limits.
• Regular security audits and automated data deletion protocols.
• Server-side encryption of all uploads.
• Secure memory management and periodic security assessments.
• Data sanitization and validation against malicious content.
• Automatic file and key deletion post-processing.

5. Data Breach Protocol

In the unlikely event of a data breach during the short processing window:

• We will notify affected users without undue delay.
• We will investigate the scope of the breach and implement remedial measures.
• We will notify authorities as required by applicable law.

6. Technical Security Specifications

6.1 Security Measures

• File validation and strong encryption.
• Memory monitoring to prevent data leakage.
• Input sanitization and injection protection.
• Secure error handling and no logging of sensitive data.

6.2 Data Handling

• Processing: Encrypted server-side computation only.
• Storage: No permanent data storage; ephemeral encrypted data in memory.
• Deletion: Automatic secure file and key deletion post-processing.
• Access: Single-session basis, no persistent user credentials stored.

7. Changes to Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Any changes will be indicated by updating the "Last Updated" date. Continued use of the Service after modifications indicates acceptance of the updated Privacy Policy.

8. Contact Information

For any questions about this Privacy Policy, please contact us at: [email protected]