TrainedBooks

Privacy & your data

Plain language, because this is your financial data. Here's exactly what happens to it.

What we collect

Your account details (name, email, business), the financial data you upload or connect (transactions, bank/QuickBooks exports), the categorizations and corrections you make, and your plan/subscription status. We don't ask for more than the product needs.

Your financial data is sensitive — we treat it that way

Bank and accounting data is some of the most sensitive data you have. We process it only to run TrainedBooks for you — categorizing transactions, building your close, and improving accuracy for your business. We never sell it, and we don't use it to advertise to you.

Bank & accounting connections

If you connect a bank or accounting tool, that connection is handled through a reputable financial-data provider. We receive transaction data needed to do your books; we don't see or store your banking login credentials.

How we use AI

We send your transaction details to OpenAI's API to categorize them and to power the in-app assistant. This is inference only — OpenAI does not train its models on data sent through its API, and we never use your QuickBooks or bank data to train any model. The AI drafts; you review and approve. Your corrections only improve how TrainedBooks categorizes for your own business — they aren't used to expose your data to anyone else.

Sub-processors — who we share it with

Only the named service providers that make the product work, each receiving only what it needs: OpenAI (categorizes your transactions and powers the assistant — inference only, no training on your data); Plaid (secure bank-feed connections, if you connect a bank — we receive transaction data, never your bank login); Intuit / QuickBooks Online (read-only import of your accounting data when you connect it — your access tokens are encrypted and we never see your Intuit login); Stripe (subscription billing — we never store your full card number); Resend (transactional email); and Vercel (hosting) plus Neon (encrypted database). We don't sell or share your personal information as defined by the CCPA/CPRA, and we don't share your data with anyone else unless the law requires it.

Cookies & product analytics

We use essential cookies to keep you signed in. Our product analytics are first-party: which pages and features get used, and which clicks lead to a signup — kept on our own systems to improve the product. Once you're signed in, this analytics is tied to your account rather than fully anonymous, and a browser-local identifier and the ad/campaign that brought you here (e.g. a Google `gclid`) are stored for that purpose. Inside the app and your console, we don't record the text of what you click or type — only structural details like which button or page, never transaction descriptions, amounts, or anything you've written. One scoped exception for advertising measurement: we use Google's conversion tag (Google Ads), which sets a cookie and tells Google when a visit becomes a signup or subscription (the event, plan price for subscriptions, and Google's own click identifier) so we can measure whether our ads work. It never receives your books, transactions, or anything you type — and we still don't sell your personal information or share it with any other ad network.

Security

Your data is encrypted in transit and at rest, and we limit access to what's needed to operate the service. No system is perfectly secure, but we rely on reputable infrastructure and keep your financial data tightly scoped.

How long we keep it & your control

We keep your data only while your account is active and for as long as we need it to run the service. You can delete individual records or your entire account from within the app at any time. Account deletion removes your data from our active systems within 30 days, and any residual copies in encrypted backups roll off within 90 days. If you connected a bank, disconnecting it stops further collection and deletes the stored access token. Prefer we handle it? Email us and we'll erase your account and data. This retention and deletion practice complies with applicable privacy laws (e.g. GDPR and CCPA) and is reviewed at least annually.

Your rights

You can access, export, correct, or delete your data. Depending on where you live (e.g. the EU/UK or California), you may have additional rights over your personal information — email us and we'll honor them.

Changes & contact

We may update this policy as the product evolves; material changes get a new effective date. Questions or requests: umer.bukhari@gmail.com.

Effective June 30, 2026. See also our Terms of Use.