Draft — not yet counsel-reviewed. Some values below are bracketed placeholders that resolve through environment variables. Set them in your production env and have an attorney review the Privacy copy before any paid customer is onboarded.
Privacy policy

How we handle your data

Last updated: 2026-07-10. This policy describes how ProofRows(“we”, “us”) processes financial documents for paying bookkeepers and accountants who use ProofRows. What follows is plain-English about what we collect, where it lives, and how to make it go away.

What we store

  • Your account: email + password hash, managed by our auth provider (Supabase Auth).
  • Clients you create: name, optional industry, contact, notes.
  • Statement PDFs you upload: stored encrypted-at-rest in private object storage, scoped to your account.
  • Extracted transactions: dates, amounts, descriptions, vendor + category guesses, and your edits.
  • Export logs: which file format you produced, when, and how many rows — for your own audit trail.

What we do NOT do

  • We do not train AI models on your statements or your edits.
  • We do not sell, rent, or share your data with marketers.
  • We do not bundle your data with other firms’ data.
  • We do not look at your statements except to operate the service or with your explicit support consent.

Third-party processors

  • Supabase (PostgreSQL + Storage + Auth) — your data lives here. Encrypted at rest, TLS in transit.
  • Mistral AI (OCR + extraction) — statement pages are sent to Mistral to read (OCR) and parse into structured transactions, under Mistral’s API terms. We do not train on customer data.
  • Vercel (hosting) — handles request routing; no statement bodies are persisted at this layer.
  • Resend / Postmark / [EMAIL_PROVIDER] — outbound transactional email (signup confirmation, password reset). Subject lines and recipient address only; statement contents are never emailed.
  • Sentry (optional) — runtime error reporting. Server-side scrubbing strips transaction values before any event is sent.

If we engage an additional processor we will list it here with the relevant data-processing addendum link.

Retention

  • Source PDFs auto-delete after the retention window set on each client (default 30 days). Extracted transactions you have already reviewed remain so the data isn’t lost.
  • Generated export files are deleted from server storage 24 hours after they are produced. The audit log row in export_logs is kept.
  • Account deletion is immediate and cascades through clients, statements, transactions, exports, and storage objects.

Your rights

  • Export: download any statement as CSV from the review screen.
  • Delete: Settings → Danger zone → Delete account removes everything.
  • Ask: privacy@proofrows.com for anything that isn’t in the UI, including data-access requests under GDPR/CCPA where applicable.

What we do NOT currently claim

  • SOC 2 — we are not SOC 2 attested. We’ll announce a roadmap before pursuing it.
  • HIPAA — we do not handle PHI; the service is not intended for that use.
  • “Bank-level security” — that phrase is marketing and we do not use it.
  • ISO 27001, PCI-DSS, FedRAMP — none.

We will state plainly when we earn any of the above. Until then, our terms describe what we currently offer.

Questions? privacy@proofrows.com