Privacy Policy
Last updated: 2026-04-30
ibookk-OS (“ibookk”, “we”, “us”) provides AI-native accounting, payroll, and tax-strategy software for US small businesses. This page explains what data we collect, how we use it, and the rights you have over it.
1. What we collect
- Account data: email address, password (hashed), business name, EIN, entity type, state of formation, role.
- Financial data you provide: bank transactions imported via Plaid, uploaded receipts, invoices, IRS notices, tax-profile inputs (income, dependents, filing status, retirement contributions).
- Usage data: pages visited, actions taken, IP address, device type, and timestamps. Used to monitor security and improve the product.
- Inferred data: AI-generated transaction categorizations, tax-savings estimates, and IRS-notice analyses derived from the above.
2. How we use it
Strictly to operate the service for you: classify transactions, surface tax strategies, analyze IRS notices, generate response-letter drafts, and run reports. We do not sell your data and we do not use it to train third-party AI models.
3. Subprocessors
- Supabase — primary database and authentication provider (US region).
- Anthropic Claude API — used for receipt OCR, IRS-notice analysis, and response-letter drafting. Claude does not retain inputs for training under our API agreement.
- Google AI (Gemini) — used for short tax-strategy summaries when the free-tier provider is selected.
- Plaid — bank connection and transaction sync (when you opt in).
- Stripe — payment processing for paid plans.
- Cloudflare — DNS, CDN, and DDoS protection.
4. Your rights
You can export your data, delete your account, or withdraw any data-processing consent at any time by emailing [email protected]. California residents have the additional rights described under the CCPA (right to know, right to delete, right to opt-out of sale — though we do not sell data). EU/UK residents have GDPR rights including data portability and access requests.
5. Data retention
We retain your account and financial data for as long as your account is active and for up to 7 years afterward to satisfy IRS recordkeeping requirements. You can request earlier deletion via the email above.
6. Security
Data is encrypted in transit (TLS 1.2+) and at rest (Supabase AES-256). Row-Level Security (RLS) policies isolate every business's data. Service-role access is restricted and logged. See Security for additional detail.
7. Children
ibookk is not intended for users under 18.
8. Changes
We will update this page when our practices change and notify active customers by email for material changes. The “Last updated” date above always reflects the current version.