Privacy Policy

Last updated: May 11, 2026 — see Change history below.

The Promise

We don't sell your data. We don't show ads. Ever. We make money by being useful, not by exploiting your information.

What We Store

  • Your email address (for login and transactional emails)
  • Your name and business name (for personalization)
  • Your industry selection (for tailored COA + reports)
  • Your transaction data from bank connections or CSV uploads (descriptions, amounts, dates, categories)
  • Your bank's own transaction identifier for each row, when your bank provides one. This is an opaque reference your bank already has; we use it to prevent duplicate imports of the same statement. It adds no new information a subpoena of your bank couldn't already reveal.
  • Your subscription status and billing history

What We Don't Store

  • Bank credentials or login information (Plaid handles bank connections — we never see your login)
  • Credit card numbers (Stripe handles payments — we never see your card)
  • Social security numbers
  • Any data beyond what you connect or upload

Bank Connection via Plaid

PlainBooks uses Plaid to connect to your bank account. When you connect your bank:

  • You authorize access through Plaid's secure interface — we never see your bank login credentials
  • We receive transaction history and account balances
  • Data refreshes automatically once per day
  • You can disconnect your bank at any time from Settings
  • Plaid's privacy policy applies to data handled by Plaid: plaid.com/legal

What We Do With Your Data

  • Show you your cash flow position
  • Categorize your transactions
  • Send you transactional emails (receipts, reminders, alerts)

Improve categorization for everyone

Anonymized, aggregated transaction descriptions and category assignments are used to improve PlainBooks' rules-based categorization. The extraction is rules-based — no third-party AI models are trained on your data. Individual users are not identifiable in this analysis.

Improve document import templates

We may use document samples (bank statements, settlement statements you upload) to develop new parser templates. Samples are stripped of identifying information — account numbers, names, and any balance figures above the period total — before any internal review. Cleaned samples may become reference fixtures committed to our source code so future PlainBooks users with the same bank or format get automatic parsing.

What We Will Never Do

  • Sell your data to anyone
  • Show you ads
  • Share your data with third parties (except Supabase for storage, Stripe for payments, and Plaid for bank connections)
  • Use your data to train external AI models (third-party LLMs or ML services)
  • Contact you with marketing emails you didn't ask for

This is a business decision by the founder, not a feature we might change later.

Data Protection

  • Access control: Row Level Security (RLS) at the database level — you can only see your own data
  • In transit: HTTPS everywhere
  • At rest: Database encrypted (AES-256)
  • Passwords: Hashed (bcrypt), never stored in plain text
  • Sessions: Expire when you close the browser or after 30 minutes of inactivity

Your Rights

Export

Free and available from day 1. Works any time during an active subscription and for 30 days after cancellation.

Cancellation

Settings → Billing → Cancel → Done. One click. No retention offers. No phone calls. Access continues until end of your paid period. Data preserved for 30 more days after that.

Refund

30-day money-back guarantee on first payment. One refund per customer. 30 days to export data after refund.

Deletion

Settings → Account → Delete Account. Type "DELETE" to confirm. All data permanently destroyed within 24 hours. Cannot be undone.

Data Retention After Cancellation

  • Day 0: Account locked, data preserved
  • Day 20: Email reminder — "10 days left to export"
  • Day 28: Final reminder — "2 days left"
  • Day 30: Data permanently deleted, confirmation email sent

Opt out of contribution

By default, your anonymized patterns help us improve categorization for everyone and your cleaned document samples help us add new parsers. You can opt out at Settings → Privacy → Disable contribution. Opting out preserves full PlainBooks access and does not degrade categorization on your own account.

Children's Privacy

PlainBooks is designed for business owners. We do not knowingly collect data from anyone under 18.

Contact

Questions about privacy: [email protected]

Change history

  • May 11, 2026— Clarified our AI promise: we will never use your data to train external AI models (third-party LLMs or ML services). Added "Improve categorization for everyone" and "Improve document import templates" subsections under What We Do With Your Data — describing the rules-based aggregate pattern extraction and parser-development sample retention. Added a per-user opt-out commitment under Your Rights.
  • May 9, 2026 — Added a self-service GDPR data export endpoint (Settings → Data → Download my data). No new data collected; gives users a portable copy of everything we hold.
  • April 3, 2026 — Initial version.

© 2026 PlainBooks LLC, Missouri