B
BookstackAI

Privacy Policy

Effective date: March 31, 2026

1. Introduction

BookstackAI (“we,” “us,” or “our”) provides AI-powered bookkeeping services for US tech startups. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website and services. By using BookstackAI, you agree to the practices described in this policy.

2. Information We Collect

Account Information

When you register, we collect your name, email address, company name, and billing information processed securely through Stripe.

Financial Data

To deliver bookkeeping services, we connect to your bank and credit card accounts via Plaid, a licensed financial data aggregator. We receive transaction data including merchant names, amounts, dates, and account balances. We do not store your bank credentials — all authentication is handled directly by Plaid.

Usage Data

We collect standard server logs, page views, and feature interaction data to improve the service. This includes IP addresses, browser type, and session duration.

3. How We Use Your Information

  • To categorize your financial transactions using AI (Claude by Anthropic) and present GAAP-compliant reports
  • To route low-confidence categorizations to our licensed CPA team for review
  • To generate P&L statements, balance sheets, and burn-rate metrics
  • To process payments and manage your subscription via Stripe
  • To communicate with you about your account, reports, and service updates
  • To detect fraud, prevent abuse, and ensure platform security

4. AI Processing

Transaction data is sent to Anthropic’s Claude API for categorization. We send only the information necessary for classification (merchant name, amount, and date). We do not send personally identifiable information beyond what appears in your transaction data. Anthropic’s data handling is governed by their Privacy Policy.

5. Information Sharing

We do not sell your personal or financial data. We share data only with:

  • Plaid: To connect to your financial institutions and retrieve transaction data
  • Stripe: To process subscription payments and manage billing
  • Anthropic: To categorize transactions via the Claude API
  • Licensed CPAs: Members of our internal review team who are bound by professional confidentiality obligations
  • Legal authorities: Where required by law, court order, or to protect our legal rights

6. Data Retention

We retain your financial data and generated reports for a minimum of seven (7) years to comply with standard accounting record-keeping requirements. You may request deletion of your account data at any time; however, we may retain records required for legal or regulatory compliance.

7. Data Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest. Access to financial data is restricted to authenticated personnel on a need-to-know basis. We do not store bank credentials. Despite these measures, no system is completely secure — please contact us immediately if you suspect unauthorized access to your account.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your data (subject to retention obligations above)
  • Disconnect your bank accounts via Plaid at any time through your account settings
  • Export your financial reports in PDF or CSV format

To exercise any of these rights, email us at founder@bookstackai.com.

9. Cookies

We use session cookies required for authentication and security. We do not use third-party advertising cookies or tracking pixels.

10. Changes to This Policy

We may update this policy periodically. We will notify you of material changes by email or by displaying a notice in your dashboard at least 14 days before changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy questions or requests: founder@bookstackai.com