Privacy Policy

1. Introduction

This Privacy Policy explains how ReconcileIQ ("Service", "we", "our", or "us") collects, uses, and protects your data when you use our bank reconciliation tool. By using our Service, you consent to the data practices described in this policy.

2. Data Collection and Processing (Server-Side)

2.1 Types of Data We Process on Our Servers

For the core reconciliation functionality, we temporarily process the following types of user-uploaded data on our servers:

• Transaction dates
• Transaction amounts
• Transaction descriptions
• Other related financial data contained in the uploaded CSV or Excel files

2.2 Server-Side Data Processing Methods

All data processing on our servers is performed securely and as follows:

• Files are transferred over TLS 1.3 encrypted connections.
• Server-side processing occurs in secure, isolated environments.
• All data is encrypted at rest using AES-256 encryption during server-side processing.
• The Service does not store server-side encryption keys long-term; keys are generated per session and retained only for the duration of the server-side processing task.
• Uploaded files and associated server-side encryption keys are automatically and securely deleted from our servers after analysis (generally within 5 minutes of processing completion).

3. Data Retention (Server-Side)

Regarding data processed on our servers, we operate on a process-and-delete basis:

• Files are processed immediately upon upload for reconciliation.
• Temporary files and keys used during server-side processing are securely deleted within 5 minutes of the processing task completing.
• No historical financial data or decrypted financial records from your uploaded files are retained on our servers post-processing.
• We do not store your processed financial data in any persistent database on our servers.

3.1 Logging and Metadata (Server-Side)

We may retain minimal operational logs (e.g., request timestamps, IP addresses, user ID if logged in, success/error status of a reconciliation job) to ensure service stability, security, and for billing purposes (e.g., credit usage). These logs do not contain the detailed financial transaction data from your uploaded files. All logs are periodically purged according to our internal retention policy. Users may request information on these logs and their retention periods by contacting us.

4. Use of Local Storage for Reconciliation History (Client-Side)

To enhance your experience with ReconcileIQ and provide convenient access to your recent work, we utilize your web browser's localStorage technology. This functionality is designed to improve usability by storing reconciliation data directly on your device.

4.1 Purpose of Local Storage

We use localStorage in your browser to:

• Store a history of your recent reconciliation sessions. This allows you to quickly access and resume work on reconciliations without needing to re-upload and reprocess files each time. Currently, up to your 15 (fifteen) most recent reconciliation sessions are stored in this local history.
• Remember any transaction matches you have manually confirmed within the results analysis page. This ensures that your confirmations persist if you close and later reopen a specific reconciliation session from your locally stored history.
• Allow you to assign custom names to your reconciliation sessions for easier identification.

4.2 Data Stored in Local Storage

The data stored in your browser's localStorage for this history feature includes:

• Unique identifiers generated by the Service for each reconciliation session.
• Names you may assign to your reconciliation sessions.
• Timestamps indicating when sessions were created and last updated by you.
• Metadata related to the files processed for a session (such as the filenames you provided during upload and the time of processing).
• The transaction details (such as dates, amounts, and descriptions) from your uploaded files for these recent sessions, along with their reconciliation status (e.g., unresolved, confirmed match) as determined by your interactions with the Service.

4.3 Your Control Over Locally Stored Data

This reconciliation history data is stored directly in your web browser on your device and is subject to your browser's security and storage mechanisms. ReconcileIQ does not systematically transmit this specific locally stored history data to its servers after the initial file processing is complete. You have control over this locally stored data and can manage or delete it in the following ways:

• In-App Controls: You can delete individual reconciliation sessions or clear your entire reconciliation history using the features provided within the ReconcileIQ application's results analysis page (typically via a "History" sidebar).
• Browser Controls: You can clear your browser's cache, cookies, and site data for the bankreconciler.app domain, which will also remove all data stored by our Service in localStorage. Please refer to your web browser's help documentation for instructions on how to do this, as the process may vary between browsers.

The use of localStorage for history is intended to provide a seamless and efficient user experience.

5. Data Security Measures

We implement and maintain appropriate technical and organizational security measures for data handled by our servers and guide on client-side storage:

• Encryption in transit (TLS 1.3) for data sent to our servers.
• Server-side encryption at rest (AES-256) for data during its temporary processing on our servers.
• Secure file handling procedures on our servers, with strict memory management and usage limits.
• Regular security audits of our server infrastructure and automated data deletion protocols for server-processed data.
• Guidance on how users can manage data stored locally in their browser's localStorage.
• Data sanitization and validation against malicious content for files uploaded to our servers.

While localStorage is specific to your browser and our domain, the security of data stored within it also depends on the overall security of your device and browser environment.

6. Data Breach Protocol

In the unlikely event of a data breach affecting data processed or stored on our servers:

• We will notify affected users without undue delay, if their data was involved.
• We will investigate the scope of the breach and implement remedial measures.
• We will notify relevant authorities as required by applicable law.

For data stored in your browser's localStorage, security is primarily managed by your browser and device security. We are not responsible for unauthorized access to your local device or browser storage.

7. Technical Security Specifications (Server-Side)

7.1 Server-Side Security Measures

• File validation and strong encryption for data processed on servers.
• Memory monitoring on servers to prevent data leakage during processing.
• Input sanitization and injection protection for server interactions.
• Secure error handling and no server-side logging of sensitive financial transaction details from your files.

7.2 Server-Side Data Handling

• Processing: Encrypted server-side computation only.
• Storage: No permanent storage of your financial transaction data on our servers; ephemeral encrypted data in memory during processing.
• Deletion: Automatic secure file and key deletion from our servers post-processing.

Access to user accounts for subscription and service management is handled via secure authentication, but we do not store user credentials directly (e.g., passwords are hashed).

8. Changes to Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Any changes will be indicated by updating the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically. Continued use of the Service after modifications indicates your acceptance of the updated Privacy Policy.

9. Contact Information

For any questions about this Privacy Policy, please contact us at: [email protected]