Skip to main content

Privacy Policy

Last updated: November 2024

Our Commitment to Privacy

TraceEntry is built with privacy at its core. We understand that financial transaction data is sensitive, and we've designed our service to process your data without retaining it. This policy explains what information we collect, how we use it, and how we protect your privacy.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a secure hash, never in plain text)
  • Payment information (processed by Stripe, we don't store card details)

Processing Metadata

When you process files, we store metadata (NOT transaction data):

  • File name
  • Transaction count
  • Unique vendor count
  • Processing timestamp
  • Industry template selected
  • Processing duration

User Preferences

We store your preferences to improve your experience:

  • Custom chart of accounts
  • Default industry settings

Information We Do NOT Collect or Store

  • Transaction descriptions
  • Transaction amounts
  • Transaction dates
  • Vendor names
  • Account numbers or bank identifiers
  • Uploaded files (deleted immediately after processing)
  • Categorization results (only retained during active session)

How We Handle Your Data

During Processing

When you upload a file, your transaction data is processed in-memory. The data is temporarily stored in Redis (an in-memory data store) while you review your results. This data exists only until you export your file or until 4 hours elapse, whichever comes first.

AI Processing

We use AI to categorize transactions. When processing, we send only the normalized vendor name (e.g., "Chevron" not "CHEVRON #12345 BOISE ID 83702") to the AI. We do not send amounts, dates, or other transaction details. The AI provider does not use this data to train their models.

Data Deletion

Immediate deletion after export: When you download your categorized file, your transaction data is immediately and permanently deleted from our servers. This is a core privacy feature of TraceEntry.

Automatic expiration: If you don't export within 4 hours, your transaction data is automatically deleted. You can also manually clear your session at any time.

Account deletion: You can request full account deletion in your settings, which removes all saved preferences and processing history.

Cookies and Analytics

We use minimal cookies necessary for the service:

  • Session cookie: Required to maintain your login state
  • Theme preference: Stores your light/dark mode preference

We do not use third-party analytics or tracking cookies.

Data Security

We protect your data through:

  • HTTPS encryption for all data in transit
  • Encrypted storage for account information
  • Secure password hashing (bcrypt)
  • Regular security audits
  • Access controls and logging

Your Rights

You have the right to:

  • Access your account information
  • Export your saved preferences (custom accounts)
  • Delete your account and all associated data
  • Request information about what data we hold

To exercise these rights, contact us at privacy@traceentry.com

Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing (Privacy Policy)
  • Railway: Hosting infrastructure

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will send an email notification.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us at:

privacy@traceentry.com