Privacy Policy
Effective July 2, 2026
Who we are
SmallBooks (“we”, “us”) provides bookkeeping software at getsmallbooks.com. This policy describes what information we collect, why, and the choices you have. If you have questions, contact [email protected].
Information we collect
- Account information: your email address, name if you provide it, and authentication data managed by our identity provider (Supabase).
- Financial data you connect or upload: bank transactions retrieved through Plaid with your explicit authorization, statements you import, receipts and invoices you upload, and records you enter (invoices, bills, budgets, notes).
- Usage data: basic operational logs (requests, errors, audit events) needed to run and secure the service.
How we use it
- To provide the service: syncing transactions, reading receipts, generating reports and documents you request.
- To secure the service: authentication, access control, audit logging, abuse prevention.
- To communicate with you about your account (invites, sign-in links, important changes).
We do not sell your data, share it with advertisers, or use your financial data to train AI models.
Service providers
We rely on a small set of processors, each receiving only what their function requires:
- Plaid: connects your bank accounts. Your bank credentials are entered directly with Plaid, never with us. See Plaid's privacy policy at plaid.com/legal.
- Supabase: hosts our database and manages authentication.
- Cloudflare: runs our API and stores uploaded files in private storage.
- Anthropic: processes receipt images and statement PDFs you upload, solely to extract their contents. Anthropic does not train on this data.
- Vercel: hosts the web application.
Data retention & deletion
Your data is retained while your account is active. Deleting an organization permanently removes its transactions, documents, files, and disconnects its bank connections. To delete your entire account, email [email protected] and we will complete the deletion within 30 days.
Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal information. You can exercise most of these directly in the app (Settings, report exports, organization deletion) or by contacting us.
Security
Data is encrypted in transit and sensitive credentials are encrypted at rest; tenant isolation is enforced at the database layer. See our Security page for details.
Changes
If we make material changes to this policy we will notify you by email or an in-app notice before they take effect.