Privacy Policy

Last updated: March 8, 2026

1. Information We Collect

Account information. When you create an account, we collect your email address, name, and authentication credentials via Clerk.

Financial data. When you use our service, you may provide transaction data including amounts, descriptions, dates, and categories. If you connect a bank account via Plaid, we receive transaction history, account balances, and account identifiers (last 4 digits only).

Entity information. Business details you provide such as legal name, tax ID, address, industry, and uploaded documents.

Usage data. We collect information about how you interact with our service, including AI message counts, voice recordings (stored temporarily for transcription), and feature usage.

2. How We Use Your Information

  • Provide, maintain, and improve the Qomprehensive service
  • Power AI-driven transaction classification, reports, and financial insights
  • Process payments and manage subscriptions via Stripe
  • Send service-related notifications (usage limits, document expirations, invite updates)
  • Enforce plan limits and usage quotas
  • Detect and prevent abuse or unauthorized access

3. Plaid Disclosure

We use Plaid Technologies, Inc. ("Plaid") to connect your financial accounts to our service. By connecting your bank account through Plaid, you acknowledge and agree to Plaid's End User Privacy Policy, available at https://plaid.com/legal/#end-user-privacy-policy.

When you connect a bank account via Plaid, we receive your account and routing numbers (masked), account balances, and transaction history. We store Plaid access tokens in encrypted form. We do not store full account numbers, Social Security numbers, or login credentials for your financial institutions.

4. Data Retention

Active accounts. Your data is retained for the lifetime of your account. Transaction data and chat logs are preserved as a permanent audit trail.

Deleted data. When you delete an entity or your account, data enters a 30-day archive period followed by a 7-day pending deletion window (37 days total). After this period, data is soft-deleted. Transaction records are never hard-deleted. You may request immediate deletion by contacting support.

5. Data Security

  • All data transmitted over TLS 1.2+
  • Plaid access tokens encrypted at the application layer before database storage
  • Private networking between application and database (no public database access)
  • Role-based access control enforced per API route
  • Only masked account identifiers (last 4 digits) are stored or displayed

6. Third-Party Services

We use the following third-party services to operate Qomprehensive: Clerk (authentication), Stripe (payments), Anthropic and OpenAI (AI processing), Plaid (bank connections), Cloudflare R2 (file storage), and Railway (infrastructure). Each service processes data according to their own privacy policies.

7. Your Rights

  • Access: You can view all your data through the Qomprehensive dashboard at any time
  • Deletion: You can delete entities from Account Settings or request full account deletion by contacting support
  • Disconnect: You can disconnect linked bank accounts at any time from Entity Settings
  • Export: You can export your transaction data and reports at any time

8. Contact Us

For privacy-related questions or requests, contact us at [email protected].