Skip to main content
ReconShift Back to home
Legal

Privacy Policy

Last updated:

ReconShift ("we", "us", or "our") operates reconshift.com and provides Stripe-to-bank reconciliation software (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By using ReconShift, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account information

When you create an account we collect your email address, name, and a hashed password (or OAuth token if you sign in with Google). This information is used solely to authenticate you and personalise your experience.

Financial data you provide

ReconShift processes bank statement CSV files and Stripe transaction data that you upload or connect. This data is used exclusively to perform reconciliation matching and is stored in your account. We do not sell, share, or use your financial data for any purpose other than delivering the Service to you.

Stripe API credentials

If you connect your Stripe account via a restricted API key, that key is encrypted at rest using AES-256-GCM before being stored. The key is decrypted only at the moment we need to fetch your transaction data, and is never logged or transmitted to third parties.

Usage data

We collect standard server logs including IP address, browser type, pages visited, and timestamps. This data is used to monitor service health and diagnose errors. Logs are retained for 30 days.

Cookies

We use a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate you and protect your account
  • Send transactional emails (reconciliation completion notifications, receipts) that you can opt out of in Settings
  • Respond to support requests
  • Comply with legal obligations

We do not use your data for advertising, sell it to third parties, or use it to train machine learning models.

3. Data Storage and Security

Your data is stored on servers provided by Supabase (hosted on AWS in the US). We implement industry-standard security measures including:

  • Encryption in transit via TLS 1.2+
  • Encryption at rest for sensitive credentials
  • Row-level security policies ensuring users can only access their own data
  • Regular automated backups

No method of electronic storage is 100% secure. While we use commercially reasonable protections, we cannot guarantee absolute security.

4. Data Retention

We retain your account data and reconciliation history for as long as your account is active. If you delete your account, all associated data including reconciliations, uploads, and audit logs is permanently deleted within 30 days. You can delete your account at any time from Settings → Delete Account.

5. Third-Party Services

ReconShift uses the following third-party services to operate:

  • Supabase — database, authentication, and file storage
  • Stripe — payment processing for subscriptions
  • Resend — transactional email delivery

Each of these providers has their own privacy policy governing their handling of data. We share only the minimum data necessary for each service to function.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Correction — update incorrect or incomplete information via Settings → Profile
  • Deletion — delete your account and all associated data via Settings → Delete Account
  • Portability — export your reconciliation data as CSV from any reconciliation report
  • Objection — opt out of non-essential communications via Settings → Notifications

To exercise any right not covered by self-service settings, contact us at privacy@reconshift.com.

7. GDPR and International Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract performance — processing necessary to provide the Service you signed up for
  • Legitimate interests — security monitoring, fraud prevention, and service improvement
  • Consent — optional email notifications, which you can withdraw at any time

Data is transferred from the EEA to the United States under Standard Contractual Clauses (SCCs) as implemented by our infrastructure providers.

8. Children's Privacy

ReconShift is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date above. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at:

ReconShift
privacy@reconshift.com