Legal
Privacy Policy
The short version. Reconifier helps you reconcile your accounts by reading the receipts and invoices in your inbox and matching them to your transactions. To do that we process your account details, your financial data, and — only if you connect them — the emails and documents you ask us to scan. We process everything on our own secure cloud infrastructure. We never sell your data, never use it for advertising, and never use the contents of your connected mailbox for anything other than providing the Reconifier service to you.
1. Who we are
Reconifier is a service operated by Accounts AI Limited, a company registered in England & Wales (company number 15207806), with its registered office at 25 Highfield Road, Selby, England, YO8 4FH (“Reconifier”, “we”, “us” or “our”).
We are the “data controller” for the personal data described in this policy, which means we are responsible for how it is handled. This policy explains what we collect, why, how we protect it, and the rights you have under the UK GDPR and the Data Protection Act 2018.
If you have any questions, contact us at support@accountsai.co.uk.
2. The information we collect
Information you give us
- Account details — your name, email address and password when you create an account.
- Workspace and company information — details about your business that you enter to help us categorise transactions, such as company name, accounting preferences and team members you invite.
- Receipts and documents — files you upload, and the information we extract from them (supplier, date, amount, tax, line items).
- Support and correspondence — messages you send us.
Information from connected accounts
- Financial / transaction data — transactions you import or that we ingest from sources you connect, and the reconciliation results we produce.
- Connected email (Google / Microsoft) — if, and only if, you connect a mailbox, we access it on a read-only basis to find receipts and invoices. See section 4 for exactly what this means and the strict limits we apply.
Information we collect automatically
- Technical and usage data — IP address, device and browser type, pages viewed and actions taken, collected to keep the service secure and working.
- Cookies — we use a small number of strictly necessary cookies (for sign-in sessions and security). See section 10.
Payment information
If you subscribe to a paid plan, your card details are collected and processed directly by Stripe, our payment provider. We do not see or store your full card number — we only receive limited information such as your plan, billing status and the last four digits of your card.
3. How and why we use your information
We use your information only where the law allows. The lawful bases we rely on under the UK GDPR are:
- To perform our contract with you — to create and run your account, ingest and reconcile your transactions, scan connected mailboxes you have authorised, and provide support.
- Our legitimate interests — to secure, maintain and improve the service, prevent fraud and abuse, and understand how the product is used (in a way that does not override your rights).
- Your consent — for optional features, such as connecting a Google or Microsoft mailbox. You can withdraw this at any time by disconnecting the account.
- Legal obligations — to comply with our tax, accounting and other legal duties.
4. Google and Microsoft connected accounts
Connecting a mailbox is entirely optional and is only ever started by you. When you connect Google or Microsoft, you are shown exactly which permissions are requested and you can decline or disconnect at any time.
We request read-only access, and we use it solely to identify and extract receipts, invoices and related financial documents so we can reconcile them against your transactions. Specifically, we commit that:
- We only access the messages and data needed to provide and improve the receipt-reconciliation features you use.
- We do not use your mailbox data for advertising.
- We do not sell or transfer your mailbox data to third parties, except as needed to provide the service, comply with the law, or as part of a business transfer.
- We do not allow humans to read your email, unless we have your explicit consent for specific messages, it is necessary for security or to comply with the law, or the data has been aggregated and anonymised.
- We process this data on our own secure cloud infrastructure and do not send the contents of your mailbox to any third-party artificial-intelligence service.
Reconifier’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data received from Microsoft Graph is handled on the same terms.
You can revoke our access at any time from Reconifier’s connectors settings, or directly in your Google account permissions or Microsoft account settings.
5. Who we share it with
We do not sell your personal data. We share it only with service providers (“sub-processors”) who help us run Reconifier, under contracts that require them to protect it and use it only on our instructions:
- Amazon Web Services (AWS) — cloud hosting, storage and databases (our core infrastructure).
- Supabase — authentication and account management.
- Stripe — subscription billing and payment processing.
- Google & Microsoft — only for mailboxes you choose to connect.
We may also disclose information if required by law, to enforce our terms, to protect our rights or the safety of others, or in connection with a merger, acquisition or sale of assets (in which case we will tell you).
6. Where your data is processed
We aim to process and store data within the UK or European Economic Area. Where a provider processes data outside the UK/EEA, we ensure appropriate safeguards are in place (such as UK-approved standard contractual clauses / the International Data Transfer Agreement) so your data receives an equivalent level of protection.
7. How long we keep it
We keep your personal data for as long as your account is active and for as long as needed to provide the service. If you close your account, we delete or anonymise your personal data within a reasonable period, except where we must keep certain records to meet legal, tax or accounting obligations, or to resolve disputes.
8. How we protect it
We use technical and organisational measures to keep your data safe, including encryption in transit and at rest, access controls, and least-privilege handling of connected-mailbox data. No system is completely secure, but we work hard to protect your information and to detect and respond to incidents.
9. Your rights
Under UK data protection law you have the right to: access a copy of your data; correct inaccurate data; erase your data; restrict or object to certain processing; port your data to another provider; and withdraw consent where we rely on it. To exercise any of these, email us at support@accountsai.co.uk. We will respond within the timeframes required by law.
If you are unhappy with how we have handled your data, you can complain to the UK’s Information Commissioner’s Office (ICO) at ico.org.uk — though we would appreciate the chance to put things right first.
10. Cookies
We use only strictly necessary cookies that are essential for the service to work — for example, to keep you signed in and to protect against cross-site request forgery. We do not use advertising or third-party tracking cookies. Because these cookies are essential, they do not require consent, but you can block them in your browser (though the service may not work properly).
11. Children
Reconifier is a business tool and is not intended for anyone under 18. We do not knowingly collect data from children.
12. Changes to this policy
We may update this policy from time to time. If we make significant changes, we will let you know by email or through the app. The “last updated” date at the top shows when it last changed.
13. Contact us
Accounts AI Limited
25 Highfield Road, Selby, England, YO8 4FH
Email: support@accountsai.co.uk