Privacy Policy

1. Introduction

Welcome to AIledger ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered financial management application.

By using AIledger, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use our services:

• Full name
• Email address (required for account creation and verification)
• Password (encrypted using industry-standard hashing)
• IP address for security and fraud prevention
• Device information (browser type, operating system, device ID)

2.2 Financial Data

• Bank Statements: PDF files of bank statements you upload for processing
• Receipt Images: Photos of receipts (JPG, PNG) you upload
• Transaction Data: Expense and income transactions extracted from your documents
• Financial Records: Assets, liabilities, and categorized financial information
• Generated Reports: Profit & Loss statements, Balance Sheets, Cash Flow statements

2.3 Automatically Collected Information

• Access times and dates
• Pages viewed and features used
• Actions taken within the application
• Cookies and similar tracking technologies
• Usage analytics and performance data

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To process bank statements and receipts using AI to extract financial data
• Account Management: To create, maintain, and secure your account
• AI Processing: To analyze uploaded documents using OpenAI's GPT-4o and GPT-4o Vision APIs
• Financial Reporting: To generate Profit & Loss statements, Balance Sheets, and Cash Flow statements
• Data Storage: To save your transactions, categories, and financial records
• Email Notifications: To send account-related notifications and updates
• Security: To detect, prevent, and address fraud, security issues, and technical problems
• Service Improvement: To analyze usage patterns and improve our application
• Legal Compliance: To comply with applicable laws and regulations

4. AI Services and Third-Party Processing

AIledger uses artificial intelligence services to process your financial documents:

• OpenAI GPT-4o: Your uploaded PDF bank statements are processed by OpenAI's API to extract transaction data in structured format
• OpenAI GPT-4o Vision: Receipt images are processed to extract transaction details, amounts, dates, and merchant information

These AI services process your content according to their respective privacy policies. We use enterprise-grade APIs with strong privacy protections. However, we do not control how these third-party AI providers handle your data during processing. By using AIledger, you acknowledge and consent to this processing.

Important: Your uploaded financial documents and extracted data are sent to OpenAI for processing. OpenAI's data usage policy applies to this processing.

5. Data Sharing and Disclosure

We share your information only in the following circumstances:

• Service Providers: With trusted third-party services:
  • OpenAI for AI-powered document processing and data extraction
  • Cloud hosting providers for application infrastructure
  • Database services for secure data storage
  • Email service providers for transactional notifications
• Legal Requirements: When required by law, subpoena, court order, or government regulations
• Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets
• Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users or the public
• Fraud Prevention: To prevent fraud, security issues, or technical problems
• With Your Consent: When you explicitly authorize us to share your information

We do not sell, rent, or trade your personal information or financial data to third parties for marketing purposes.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• Encryption: SSL/TLS encryption for all data transmission
• Password Protection: Bcrypt hashing with salt for password storage
• Secure Authentication: JWT-based authentication and session management
• File Security: Uploaded files are stored with restricted access controls
• Database Security: MySQL with prepared statements to prevent SQL injection
• Access Controls: Role-based access and data isolation between users
• Regular Updates: Security patches and software updates

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. You use our service at your own risk.

7. Data Retention and Deletion Policy

7.1 Retention Policy Overview

AIledger maintains a defined and enforced data retention and deletion policy in compliance with applicable data privacy laws, including GDPR, CCPA, and other relevant regulations. Our retention practices are designed to balance service delivery, legal compliance, and user privacy rights.

7.2 Retention Periods

We retain different types of data for specific periods:

• Account Information: Retained while your account is active and for 90 days after account deletion
• Financial Transaction Data: Retained for the duration of your active subscription plus 7 years to comply with financial record-keeping requirements
• Uploaded Documents (PDFs, Receipts): Retained while your account is active and deleted within 90 days of account closure
• Generated Financial Reports: Retained for 7 years or as required by applicable accounting standards
• Payment Records: Retained for 7 years to comply with tax and financial regulations
• Security Logs: Retained for 2 years for fraud prevention and security purposes
• Deleted/Trashed Items: Items moved to trash are retained for 90 days for recovery, then permanently deleted

7.3 Data Deletion Procedures

Automated Deletion:

• Trash items are automatically permanently deleted after 90 days
• Account data is automatically deleted 90 days after account closure (subject to legal retention requirements)
• Expired session tokens are automatically purged

User-Initiated Deletion:

• Users can delete individual ledger entries (moved to trash, recoverable for 90 days)
• Users can request account deletion at any time by contacting support@blackfyre.us
• Users can request immediate data export before deletion

Secure Deletion Methods:

• Database records are permanently deleted using DELETE operations
• File storage is cleared with secure deletion procedures
• Backup systems are purged according to the same retention schedule

7.4 Legal and Regulatory Compliance

Our retention policy complies with:

• GDPR (General Data Protection Regulation): European users' data rights are fully respected
• CCPA (California Consumer Privacy Act): California residents have enhanced privacy rights
• Financial Record-Keeping Laws: Compliance with IRS, tax authority, and accounting standards requirements
• SOX (Sarbanes-Oxley): Where applicable, retention of financial records for audit purposes

7.5 Exceptions to Deletion

We may retain certain data beyond standard retention periods when:

• Required by law, regulation, or court order
• Necessary for ongoing litigation or legal proceedings
• Required to detect, prevent, or investigate fraud, security incidents, or abuse
• Needed to comply with tax, accounting, or financial auditing requirements
• Essential for business continuity and disaster recovery (anonymized when possible)

7.6 Policy Enforcement

This data retention and deletion policy is actively enforced through:

• Automated scheduled deletion jobs that run daily
• Regular compliance audits conducted quarterly
• Staff training on data handling and retention requirements
• Technical controls preventing unauthorized data retention
• Annual policy reviews to ensure ongoing compliance with evolving regulations

7.7 Data Retention Transparency

Users can request information about their data retention status by contacting us at support@blackfyre.us. We will provide details on what data we hold and applicable retention periods within 30 days.

8. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information and financial data
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Export: Download your data in a portable format (JSON/CSV)
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for data processing (may limit service functionality)

To exercise these rights, please contact us at support@blackfyre.us. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your login session and authentication state
• Remember your preferences and settings
• Analyze usage patterns and application performance
• Improve user experience and application features

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of AIledger, including login functionality.

10. Children's Privacy

AIledger is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately at support@blackfyre.us, and we will take steps to delete that information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your jurisdiction.

By using AIledger, you consent to the transfer of your information to the United States and other countries where our service providers operate, and you acknowledge that your information will be subject to the laws of those jurisdictions.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights
• Right to correct inaccurate personal information

To exercise your CCPA rights, contact us at support@blackfyre.us.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority
• Rights related to automated decision-making and profiling

Legal Basis for Processing: We process your data based on (1) your consent when you create an account, (2) contractual necessity to provide our services, (3) compliance with legal obligations, and (4) legitimate interests in improving our services.

14. Google Play Store Compliance

AIledger is available as a Progressive Web App (PWA) that can be installed on Android devices. This Privacy Policy complies with Google Play Store requirements for data collection and usage transparency.

Data Safety:

• We collect personal information (name, email) and financial data (transactions, statements)
• Data is encrypted in transit using HTTPS/SSL
• Users can request deletion of their data
• Data is used to provide financial management services
• Data is shared with OpenAI for AI processing

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (for significant changes)
• Displaying a prominent notice in the application

Your continued use of AIledger after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: