1. Introduction
This Privacy Policy explains how ReconcileIQ ("Service", "we", "our", or "us") collects, uses, and
protects your data when you use our bank reconciliation tool. By using our Service, you consent to
the data practices described in this policy.
2. Data Collection and Processing
2.1 Types of Data We Process
We process the following types of user-uploaded data:
- Transaction dates
- Transaction amounts
- Transaction descriptions
- Other related financial data contained in the uploaded CSV files
2.2 Data Processing Methods
All data processing is performed securely and as follows:
- Files are transferred over TLS 1.3 encrypted connections.
- Server-side processing occurs in secure, isolated environments.
- All data is encrypted at rest using AES-256 encryption during processing.
- The Service does not store encryption keys long-term; keys are generated per session and retained
only for the duration of the processing task.
- Processed files and associated encryption keys are automatically and securely deleted after analysis (generally within 5 minutes).
3. Data Retention
We operate on a process-and-delete basis:
- Files are processed immediately upon upload.
- Temporary files and keys are securely deleted within 5 minutes of processing completion.
- No historical data or decrypted financial records are retained.
- We do not store processed financial data in any persistent database.
3.1 Logging and Metadata
We may retain minimal logs (e.g., request timestamps, IP addresses) to ensure service stability and
security. These logs do not contain uploaded financial data. All logs are periodically purged according
to our internal retention policy. Users may request information on these logs and their retention periods
by contacting us.
4. Data Security Measures
We implement and maintain appropriate technical and organizational security measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Secure file handling procedures, with strict memory management and usage limits.
- Regular security audits and automated data deletion protocols.
- Server-side encryption of all uploads.
- Secure memory management and periodic security assessments.
- Data sanitization and validation against malicious content.
- Automatic file and key deletion post-processing.
5. Data Breach Protocol
In the unlikely event of a data breach during the short processing window:
- We will notify affected users without undue delay.
- We will investigate the scope of the breach and implement remedial measures.
- We will notify authorities as required by applicable law.
6. Technical Security Specifications
6.1 Security Measures
- File validation and strong encryption.
- Memory monitoring to prevent data leakage.
- Input sanitization and injection protection.
- Secure error handling and no logging of sensitive data.
6.2 Data Handling
- Processing: Encrypted server-side computation only.
- Storage: No permanent data storage; ephemeral encrypted data in memory.
- Deletion: Automatic secure file and key deletion post-processing.
- Access: Single-session basis, no persistent user credentials stored.
7. Changes to Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Any changes will be indicated by updating the
"Last Updated" date. Continued use of the Service after modifications indicates acceptance of the updated Privacy Policy.
8. Contact Information
For any questions about this Privacy Policy, please contact us at:
[email protected]
Return to Homepage