← Back to dashboard
⚠ DRAFT — Pending legal review
This policy has not been reviewed by legal counsel. Do not distribute externally until approved.
Before publishing: fill in all [bracketed placeholders], remove this banner, and update the effective date.
Privacy Policy
Effective date: [DATE — update before publishing] ·
Version: 2026-04-26-draft
This Privacy Policy describes how [Organization Name] ("we", "us", or "our") collects, uses, and shares information when you use the Financial Statement Reader application.
1. Who We Are
[Organization Name]
[Street Address]
[City, State, ZIP]
Contact: [privacy@yourorg.com]
2. What Data We Collect
We collect the following categories of data:
- Account information: username, email address (optional), role assignment, login timestamps
- Financial data: uploaded financial statements, general ledger entries, revenue and expense figures, activity and cost-center breakdowns. This data is provided by your organization and is not collected directly from end-consumers.
- Usage data: session tokens (HttpOnly cookies), IP address, browser user-agent, page interaction events
- Annotations and feedback: notes, flags, and feedback messages you submit within the application
3. How We Use Your Data
- Displaying KPI dashboards, financial drill-downs, and executive summaries
- Generating AI-assisted variance narratives (see Section 4)
- Access control and audit logging
- Sending report notifications via email (if configured)
4. AI Processing Disclosure
When you click Generate AI Narrative, summarized financial data — including revenue figures, expense breakdowns, general ledger activity, and period-over-period variances — is transmitted to an external AI service to produce an executive narrative.
The AI service used may include providers such as Google (Gemini), Anthropic (Claude), or others depending on system configuration. Data transmitted is limited to the financial summary context needed to generate the narrative; personally identifiable information is not included in AI requests.
[Before publishing: confirm which AI provider(s) are active and link to their data processing terms here.]
Your right to opt out: You may disable AI narrative generation at any time in
Settings → Privacy within the application. When disabled, no financial data is transmitted to an external AI service. Disabling does not affect any other features.
Narrative results are cached server-side for up to 72 hours (final statements) or 2 hours (draft statements) to reduce external API calls.
5. Third-Party Services
- AI narrative provider (Google Gemini, Anthropic Claude, or similar) — financial summary data, as described in Section 4
- Email delivery provider (if email notifications are configured) — recipient address and notification content only; no financial data is included in notification emails
- Hosting provider — [Name of VPS or cloud hosting provider] hosts the application and its database; all data remains within the hosted environment
6. Your Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information is collected and how it is used
- Delete your personal information (contact your administrator)
- Opt out of the sharing of personal information with AI services (use Settings → Privacy)
- Non-discrimination — exercising these rights will not affect your access to the application
7. Data Retention
We retain data for the following periods:
- Financial statement data — retained for 7 years from the date of upload, consistent with standard accounting record-keeping requirements. [Adjust to match your organization's record-keeping policy before publishing.]
- Account data — retained for the duration of your active account, plus 90 days after account deactivation to allow for reactivation or audit. Permanently deleted upon written request to your administrator.
- Audit logs — retained for 2 years to support operational accountability and security review.
- Annotations and notes — retained for the life of the associated financial period's data unless deleted by an authorized user.
- Session tokens — expire after inactivity (role-dependent: 15–60 minutes) and are invalidated on logout.
8. Security
We use industry-standard security measures including bcrypt password hashing, HttpOnly session cookies with SameSite protection, role-based access control, and TLS encryption in transit.
9. Changes to This Policy
We will notify users of material changes to this policy. Continued use of the application after changes take effect constitutes acceptance of the updated policy.
10. Contact
For privacy-related questions or requests, contact: [privacy@yourorg.com]