Privacy Policy

Account Information: When you create an account, we collect your email address, display name, and authentication provider details (e.g., Google OAuth). We do not store passwords directly — authentication is handled securely through Supabase Auth.

Usage Data: We track page counts processed, job types (convert, edit, bookkeeping), processing timestamps, and plan utilization to enforce limits and improve the Service.

Device Information: For anonymous (non-authenticated) users, we collect a device fingerprint hash to enforce free-tier usage limits. This fingerprint is a one-way hash and cannot be used to identify you personally.

Payment Information: Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription details but never store credit card numbers, CVVs, or bank account information on our servers.

Uploaded Files: Bank statements and PDFs you upload are temporarily stored for processing and automatically deleted after your plan's retention period (24 or 48 hours).

To provide the Service: Processing your uploaded documents, converting data, editing PDFs, and generating bookkeeping reports.

To enforce usage limits: Tracking pages consumed against your plan limits to ensure fair use and prevent abuse.

To process payments: Managing your subscription, billing, and providing invoices through Stripe.

To improve the Service: Analyzing aggregate, anonymized usage patterns to improve conversion accuracy, performance, and user experience. We never analyze the content of your financial documents for any purpose other than providing the Service.

To communicate with you: Sending essential service notifications including billing confirmations, plan changes, and security alerts. We do not send marketing emails without explicit opt-in consent.

Encryption at Rest: All stored data is encrypted using AES-256 encryption. Database backups are encrypted and stored in geographically redundant locations.

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3. API communications with our processing backend use TLS with certificate pinning.

File Security: Uploaded files are stored in isolated, encrypted storage buckets. Each file is associated with a unique job ID and accessible only to the authenticated user who uploaded it.

Automatic Deletion: Files are automatically and permanently deleted after your plan's retention period. Deletion is irreversible — we use cryptographic erasure to ensure data cannot be recovered.

Infrastructure Security: Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 Type II compliance, regular security audits, and 24/7 monitoring.

Access Control: Employee access to production data is strictly limited, logged, and requires multi-factor authentication. No employee can access the content of your uploaded files.

We do not sell, rent, or trade your personal information or financial data to any third party.

We share data only with the following service providers, strictly necessary for operating the Service:

• Supabase — Database hosting, authentication, and file storage (SOC 2 Type II compliant)

• Stripe — Payment processing (PCI DSS Level 1 compliant)

• Railway — Application hosting and infrastructure

We may disclose information if required by law, subpoena, or court order, or to protect the rights, property, or safety of FastStatement, our users, or the public.

Access: You can access your account data, usage history, and plan details through your dashboard settings at any time.

Correction: You can update your display name and account settings through the settings page.

Deletion: You can request complete account deletion through the settings page. This permanently removes your profile, usage history, and any stored files.

Data Portability: You can export your conversion history and processed data in standard formats (CSV, Excel, JSON) before account deletion.

Opt-out: You can opt out of non-essential cookies and analytics. Essential cookies required for authentication and security cannot be disabled.

GDPR Rights: If you are in the European Economic Area, you have additional rights under GDPR including the right to restrict processing, object to processing, and lodge a complaint with a supervisory authority.

CCPA Rights: California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information (we do not sell personal information).

Uploaded Files: Automatically deleted after 24 hours (Free, Starter, Professional plans) or 48 hours (Business, Enterprise plans). Users with applicable plans can choose between 24 or 48 hour retention.

Account Data: Retained as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days.

Usage Logs: Anonymized usage statistics may be retained for up to 12 months for service improvement. These logs contain no personally identifiable information or file contents.

Billing Records: Transaction records are retained as required by tax and accounting regulations (typically 7 years) but contain only subscription metadata, not file contents.

We use essential cookies for authentication session management and security. These cookies are strictly necessary for the Service to function and cannot be disabled.

We use Supabase Auth cookies to maintain your login session securely across page navigations.

We do not use third-party advertising cookies, tracking pixels, or social media trackers.

Device fingerprinting is used only for anonymous free-tier users to prevent abuse. Authenticated users are identified by their account and no fingerprinting is applied.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

For privacy-related questions, data access requests, or to exercise your rights, contact our privacy team at contact@ruleforty.com.

Data Protection Contact: contact@ruleforty.com