Noah's Accounting
Back to App
Back to App

Privacy Policy

1. Introduction

Noah's Accounting ("we", "us", "our") respects your privacy and is committed to protecting your personal and financial data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

By using Noah's Accounting, you consent to the data practices described in this policy.

2. Data We Collect

2.1 Information You Provide

CategoryExamplesPurpose
Account DataName, email, password, business name, phone numberAccount creation and identification
Financial DocumentsReceipts, invoices, bank statements (images, PDFs uploaded via dashboard)Parsing and journal entry generation
QuickBooks DataChart of accounts, historical transaction history (up to 12 months prior), financial reports (via OAuth)Initial system calibration, journal entry posting, and report generation
Communication DataSupport messagesCustomer support

2.2 Information Generated by the Service

CategoryExamplesPurpose
System OutputsParsed receipt data, journal entries, financial classificationsService delivery
Dashboard DataFinancial reports, health scores, cash runway calculationsFinancial monitoring
Audit LogsTimestamps of actions, IP addresses, access recordsSecurity and compliance

2.3 Automatically Collected Data

CategoryExamplesPurpose
Usage DataPages visited, features used, session durationService improvement
Device DataBrowser type, OS, screen resolutionCompatibility and debugging
CookiesSession tokens, preferencesAuthentication and user experience

3. How We Use Your Data

We use your data solely for the following purposes:

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data based on:

5. Data Sharing

5.1 We Share Data With

RecipientPurposeData Shared
QuickBooks Online (Intuit)Journal entry posting and financial data syncFinancial transactions, account mappings
SupabaseDatabase hosting and authenticationAccount data, financial records, session tokens
CloudflareContent delivery and securityStatic website assets (no financial data)
RailwayServer hostingProcessed data for responses
Google (Vertex AI)Receipt parsing and classificationReceipt images, invoice documents (for parsing only)

5.2 Document Processing & Google Vertex AI

Receipt and invoice documents are temporarily transmitted to Google Vertex AI (Enterprise) for parsing and classification. This transmission is governed by Google's Cloud Data Processing Addendum (CDPA).

Google does not use, store, or analyze your data for its own purposes:

⚠️ IMPORTANT: This data protection guarantee applies because we use Google's Enterprise-grade Vertex AI. Free tier tools (like Google AI Studio) do not offer these protections. We do not use free or consumer-grade tools under any circumstances.

5.3 System Learning & Service Improvement

We use technology that improves over time through the following learning mechanisms:

What we learn from:

What we NEVER use for learning:

How we protect learning data:

Your right to opt out:

5.4 We Do NOT

5.5 Sub-processor Changes

We will notify users at least 30 days before adding or replacing sub-processors that handle personal data. A current list of sub-processors is available upon request by contacting noooa004@gmail.com.

5.6 Data Processing Agreements

All third-party service providers are bound by data processing agreements that require:

6. International Data Transfers

6.1 Transfer Scenarios

Your data may be transferred to and processed in countries other than your country of residence, including:

6.2 Safeguards

We ensure appropriate safeguards for international transfers through:

7. Data Security

7.1 Technical Measures

7.2 Organizational Measures

7.3 QuickBooks Authorization Security

7.4 Limitations

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your data.

8. Data Retention

Data TypeRetention PeriodDeletion Method
Account DataDuration of subscription + 90 daysAutomated deletion
Financial DocumentsDuration of subscription + 90 daysAutomated deletion
System-Generated OutputsDuration of subscription + 90 daysAutomated deletion
Audit Logs24 monthsAutomated deletion
Email Communications12 monthsAutomated deletion
Session/Cookie DataSession end or 30 daysAutomatic expiration

Post-Cancellation:

9. Your Rights

9.1 General Rights

9.2 GDPR-Specific Rights (EEA Users)

9.3 CCPA-Specific Rights (California Users)

9.4 Exercising Your Rights

Contact us at noooa004@gmail.com. We will respond to requests within 30 days.

10. Cookies & Tracking

10.1 Essential Cookies

CookiePurposeDuration
Session tokenAuthenticationSession
CSRF tokenSecuritySession
PreferencesDashboard settings30 days

10.2 Analytics (If Enabled)

We may use privacy-respecting analytics that do not track individual users across sites. Analytics are disabled by default and require your consent.

10.3 Third-Party Cookies

QuickBooks Online OAuth may set cookies during the authorization flow. These are governed by Intuit's privacy policy.

11. Children's Privacy

Our Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will delete it promptly.

12. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms:

13. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be notified via:

Continued use after the effective date constitutes acceptance of the updated policy.