Privacy Policy

Last updated: March 12, 2026

1. Our Commitment to Your Privacy

Accomptant is built on the principle that your financial data belongs to you. We treat all customer data as strictly confidential. We will never sell, rent, license, or share your financial data with any third party for their own purposes. Your company's financial information is protected with the highest level of security available.

2. Information We Collect

We collect only the information necessary to provide the Service:

  • Account Information: Name, email address, company name, and password when you register. Passwords are cryptographically hashed and never stored in plaintext.
  • Financial Data: Financial records, transactions, chart of accounts, general ledger entries, and reports you upload or sync through integrations. This data is processed solely to deliver the Service to you.
  • Usage Data: How you interact with the Service, including features used, pages visited, and queries made. This is used only to improve the Service.
  • Payment Information: Billing details are processed exclusively through Stripe. Accomptant does not store credit card numbers, CVVs, or full payment credentials on our servers.

3. How We Use Your Information

We use the information we collect strictly for the following purposes:

  • Provide, operate, and maintain the Service
  • Process your financial data through our AI engine to generate insights for your use only
  • Process payments and send billing-related communications
  • Send essential technical notices, security alerts, and support messages
  • Respond to your support requests and inquiries
  • Detect, prevent, and address security threats and technical issues

We do NOT use your information to: sell or share with advertisers, build marketing profiles, target you with third-party ads, or for any purpose unrelated to delivering the Service.

4. AI Data Processing and Protections

Our Service uses artificial intelligence to analyze your financial data and generate insights. We are committed to the following AI data protections:

  • No Model Training on Your Data: Your financial data is never used to train, fine-tune, or improve general-purpose AI or machine learning models. Your data is used exclusively to generate outputs for your organization.
  • Isolated Processing: Each customer's data is processed in strict isolation. Your financial information is never commingled with, accessible to, or visible by any other customer or organization.
  • No Data Retention by AI Providers: When we use third-party AI infrastructure to process queries, we ensure that your data is not retained, logged, or stored by the AI provider beyond the immediate processing of your request.
  • AI Output Confidentiality: All AI-generated insights, forecasts, and analyses derived from your data are treated as your confidential information and are accessible only to authorized users within your organization.
  • Human Oversight: AI Outputs are generated automatically but are subject to the limitations described in our Terms of Service. We do not guarantee accuracy of AI-generated content.

5. Data Security

We implement rigorous security measures to ensure your company's financial data remains protected:

  • Encryption in Transit: All data transmitted between your browser and our servers is protected with 256-bit TLS/SSL encryption.
  • Encryption at Rest: All stored data, including financial records and account information, is encrypted at rest using AES-256 encryption.
  • Multi-Tenant Isolation: Each organization's data is logically isolated at the database level. No cross-tenant data access is possible through the application.
  • Access Controls: Role-based access controls (RBAC) ensure that only authorized personnel within your organization can access your data. Accomptant employees access customer data only when required for support and with your consent.
  • Authentication Security: All passwords are hashed using bcrypt with industry-standard salt rounds. Sessions are managed via cryptographically signed JWT tokens with expiration.
  • Infrastructure Security: Our infrastructure is hosted on enterprise-grade cloud providers with physical security controls, network firewalls, and intrusion detection systems.

6. Data Sharing — Strict Limitations

We do not sell, rent, or trade your personal information or financial data. Period. We may share limited information only in these narrow circumstances:

  • Essential Service Providers: With a minimal number of vetted vendors strictly necessary to operate the Service (e.g., cloud hosting, payment processing via Stripe, email delivery). These providers are contractually bound to confidentiality and may only use your data to perform services on our behalf.
  • Legal Requirements: When required by law, subpoena, court order, or government regulation. We will notify you of such requests where legally permitted and will challenge overly broad requests.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data would be transferred subject to the same privacy protections described in this policy. You will be notified of any such transfer.
  • With Your Consent: We may share information when you explicitly authorize us to do so (e.g., enabling a third-party integration).

We will never share your financial data with: advertisers, data brokers, analytics companies, competitors, or any party seeking to use your data for their own commercial benefit.

7. Data Retention and Deletion

We retain your data only for as long as your account is active and as needed to provide the Service. Our retention practices include:

  • Active Accounts: Your data is retained for the duration of your subscription and for 30 days after account closure to allow for reactivation.
  • Deletion Requests: You may request complete deletion of your account and all associated data at any time by contacting us. We will process deletion requests within 30 days.
  • Permanent Deletion: When data is deleted, it is permanently removed from our production systems. Encrypted backups containing deleted data are purged within 90 days.
  • Legal Holds: We may retain certain data longer if required by law or for legitimate legal purposes, such as resolving disputes.

8. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of all personal and financial data we hold about you
  • Correction: Request correction of any inaccurate or incomplete data
  • Deletion: Request permanent deletion of your account and all associated data
  • Export: Export your data in a standard, portable format at any time
  • Restriction: Request that we limit processing of your data in certain circumstances
  • Objection: Object to processing of your data for specific purposes
  • Opt-Out: Opt out of all non-essential communications at any time

To exercise any of these rights, contact us at privacy@accomptant.io. We will respond to all requests within 30 days.

9. Cookies and Tracking

We use only essential cookies required to operate the Service (authentication, session management). We do not use third-party advertising cookies or cross-site tracking pixels. Optional analytics cookies, if enabled, collect only anonymized usage patterns to help us improve the Service. You can control cookie preferences through your browser settings.

10. Third-Party Integrations

When you choose to connect third-party services (such as QuickBooks), we access only the data necessary to provide the requested functionality. We do not store third-party credentials on our servers — authentication is handled via secure OAuth protocols. You may disconnect any integration at any time, after which we will cease accessing data from that service.

11. International Data Transfers

Your data may be processed on servers located in the United States. If you are located outside the United States, you consent to the transfer and processing of your data in the United States. We ensure that appropriate safeguards are in place to protect your data regardless of where it is processed.

12. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will delete it promptly.

13. Breach Notification

In the unlikely event of a data breach affecting your personal or financial information, we will notify affected users within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, the data affected, steps we are taking to address it, and recommended actions you can take to protect yourself.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days in advance via email and by posting the updated policy on this page. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@accomptant.io