Privacy Policy

Who we are

DocuBalance provides docubalance.com - an OCR-powered tool that helps accountants, bookkeepers, and business owners extract transaction data from bank and card statement PDFs, with optional AI-powered categorization (collectively, the "Services").

For the purposes of applicable data protection laws, DocuBalance is typically the controller of personal information described in this policy when we determine how and why that information is processed in connection with the Site and Services.

Safety is our number 1 priority

Because you trust us with bank statements and financial records, we apply the strictest data protection standards in the industry:

• Instant deletion of PDFs: Bank statements you upload are permanently deleted immediately after processing. No backup copies, no archives, no retention. Files never sit on our servers.
• No data retention: Extracted transaction data is not retained unless you explicitly save it to your account. If you don't save it, it's gone after your session ends.
• No secondary use: Your financial information is never used to train AI models, build consumer profiles, conduct market research, or improve unrelated products. Never.
• No third-party sharing: Your statements and transaction data are never shared with marketing platforms, ad networks, data brokers, financial institutions, or any external party. Period.
• No selling: We do not sell your personal information for money, and we do not sell "inferences" derived from your data. This applies to all your information, especially financial data.
• Encrypted always: All data in transit uses TLS encryption. Session data runs locally in your browser using secure storage, never transmitted to our servers unless you save explicitly.

If you ever question how your data is handled, contact us immediately. We believe transparency and straight answers about financial data are the foundation of trust.

Scope of this policy

This policy applies to personal information we process in connection with:

• Visiting or browsing docubalance.com;
• Creating or managing an account, purchasing or managing a subscription, or using in-product features;
• Uploading bank statements, PDFs, and other documents for OCR extraction, review, tagging, export, or similar workflows;
• Communicating with us through channels made available on the Site (for example, our Contact page); and
• Using any OCR, AI categorization, or related features.

If you access the Services through an organization (for example, your employer or client), that organization may have its own agreement with us and may control certain account-related data. In those cases, we may process information as a processor or service provider on their instructions.

Information we collect

Depending on how you use the Services, we may collect or receive the following categories of information.

Information you provide

• Account and profile data: such as name, email address, password or authentication credentials (stored using industry-standard protections), organization details, and preferences.
• Billing data: payment-related information is processed by our payment processors. We generally receive limited billing metadata (for example, subscription status, partial card identifiers, or transaction references) rather than full payment card numbers.
• Support and inquiry content: information you submit when you contact us, including the contents of your message and any attachments you choose to provide.
• Financial documents and inputs: PDFs, bank statements, and similar files you submit for processing, along with associated metadata (for example, filenames, timestamps, and processing settings you select). These are processed for OCR extraction and deleted per our deletion policy.

Information collected automatically

• Device and technical data: such as IP address, browser type and version, operating system, general location derived from IP (for example, region or city), and identifiers associated with cookies or similar technologies.
• Usage data: such as pages viewed, features used, referring URLs, approximate timestamps, and diagnostic events that help us operate and improve the Services.

Inferences and processing

We may derive limited inferences from the information above - for example, to prioritize support, detect abuse, or suggest expense categories in AI tagging workflows. We never use your financial data to build marketing profiles, predictive models about your finances, or consumer intelligence products.

How we use information

We use personal information for purposes including:

• Providing, operating, maintaining, and improving the Site and Services;
• Authenticating users, securing accounts, and preventing fraud, abuse, and security incidents;
• Processing payments and fulfilling subscriptions;
• Performing OCR extraction, categorization, review, and export you request;
• Providing customer support and responding to inquiries;
• Sending service-related notices (for example, security alerts, billing receipts, or policy updates);
• Complying with legal obligations and enforcing our terms; and
• Analyzing usage in aggregate or de-identified form to understand product performance.

What we do NOT do: We do not sell your personal information for money. We do not use your uploaded financial documents to train generalized public AI models unless we explicitly disclose otherwise and obtain your written consent. We do not create marketing profiles from your transaction data. We do not monetize your financial information in any form.

Legal bases for processing (EEA, UK, and similar regions)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of:

• Contract: processing necessary to provide the Services you request or to take steps before entering a contract;
• Legitimate interests: processing that is necessary for our legitimate interests (such as securing the Services, improving reliability, and understanding product usage), where not overridden by your rights; and
• Consent: where required for certain cookies, marketing communications, or other processing we describe at the point of collection.

Where we process special categories of personal data under applicable law, we do so only when permitted and with appropriate safeguards.

Sharing, disclosure, and subprocessors

We may share personal information in the following circumstances:

• Service providers: vendors that help us host infrastructure, process payments, deliver email, monitor security, and analyze reliability, subject to strict contractual obligations and data processing agreements (DPAs).
• Professional advisors: lawyers, auditors, or insurers where necessary for legal, compliance, or insurance purposes.
• Legal and safety: when we believe disclosure is required by law, regulation, legal process, or governmental request, or to protect the rights, safety, and property of DocuBalance, our users, or the public.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards and notice.
• With your direction: when you integrate with a third party or explicitly ask us to share information.

Important: We never share your financial documents with third parties unless you explicitly authorize it. Your bank statements and extracted transaction data are not sold, bartered, or shared with ad networks, data brokers, or marketing partners under any circumstance.

Data retention and deletion

We retain personal information only as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Uploaded PDF statements: permanently and immediately deleted after processing. No backup copies. If you don't explicitly save extracted data to your account, all data from that upload is destroyed. This is our core promise.
• Extracted transaction data: retained only in your account if you save it. If you don't save it, it's deleted at the end of your session. You control whether extracted data persists.
• Account records: retained while your account is active and for a reasonable period afterward (typically 30-90 days) to resolve disputes, enforce agreements, and meet legal requirements. After that period, they are deleted.
• Security and access logs: retained for a limited period (typically 30-90 days) consistent with security monitoring and incident response needs, then deleted.

You can request deletion of your account and associated data by contacting us. We will delete your account and data consistent with legal retention requirements.

Security measures

We implement technical and organizational measures designed to protect personal information against unauthorized access, loss, or alteration. These measures include:

• Encryption in transit (TLS) for all network communication;
• Secure authentication and session management;
• Access controls limiting who can view your data;
• Continuous monitoring for security threats;
• Regular security testing and vulnerability assessments;
• Vendor audits and data processing agreements for all subprocessors;
• Incident response procedures if a breach occurs.

No method of transmission or storage is completely secure. If you believe your interaction with the Services is no longer secure, please notify us immediately through the Contact page.

International data transfers

DocuBalance may process information in the United States and other countries where we or our service providers operate. If we transfer personal information from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of protection, we use appropriate safeguards such as standard contractual clauses or other mechanisms permitted by law.

Your privacy rights and choices

Depending on your location, you may have rights to:

• Access, correct, or update your personal information;
• Delete certain personal information, subject to legal exceptions;
• Object to or restrict certain processing;
• Port personal information you provided where applicable;
• Withdraw consent where processing is based on consent;
• Lodge a complaint with a supervisory authority if you believe we've violated your privacy rights.

You can exercise many rights through your account settings or by contacting us via the Contact page. We may need to verify your identity before responding.

U.S. state privacy notices

Several U.S. states provide residents with additional rights regarding personal information. Depending on your state, those rights may include access, deletion, correction, opt-out of certain "sales" or "sharing" (including targeted advertising), and appeal rights.

As noted above, we do not sell personal information for money and do not share financial data for targeted advertising purposes. If our practices change or if a state law requires a specific disclosure, we will update this policy or provide a supplemental notice.

Children

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us so we can take appropriate action.

Third-party links and services

The Site may link to third-party websites or services. Their privacy practices are governed by their own policies. We encourage you to read those policies before providing information. DocuBalance is not responsible for third-party privacy practices.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice (for example, a banner on the Site or an email to registered users). Material changes will be communicated clearly.

Questions or concerns?

For privacy-related questions, requests, complaints, or concerns regarding DocuBalance and docubalance.com, please contact us. We will respond consistent with applicable law and do our best to address your concerns promptly.