Privacy Policy
Paarify ("we," "us," or "our") operates the Paarify mobile application and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.
By using Paarify, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your full name, email address, password (stored in hashed form — we never store or access your plaintext password), and optionally your business name, business type, and industry.
1.2 Financial and Business Data
When you use our Service, you may provide or we may process:
- Receipt and invoice data: Images you upload or scan, including merchant names, amounts, dates, line items, tax, tips, and payment methods extracted through OCR and AI processing.
- Expense and income records: Transaction descriptions, amounts, categories, dates, and notes.
- Inventory and cost data: Product names, quantities, costs, and COGS calculations.
- Financial analytics: Aggregated metrics and reports generated from your data.
1.3 Bank and Financial Account Data (via Plaid)
If you connect a bank account, we use Plaid, Inc. to securely access your financial institution. Through Plaid, we may collect account names and types, transaction history, account balances, and institution identifiers.
We do not collect or store your bank login credentials. Plaid handles authentication directly. Plaid's use of your data is governed by the Plaid End User Privacy Policy.
1.4 Accounting Software Data (via QuickBooks)
If you connect QuickBooks, we access data through Intuit's authorized OAuth integration, including chart of accounts, customers, vendors, transaction records, and invoice data. You can disconnect at any time.
1.5 Payment and Billing Data (via Stripe)
Payment processing is handled by Stripe, Inc. We do not store your full credit card number. Through Stripe, we receive card brand and last four digits, billing history, and subscription status. See the Stripe Privacy Policy.
1.6 Device and Usage Data
We automatically collect device type, OS, app version, crash reports (via Sentry), general usage patterns, and IP address. We do not use this data for advertising.
1.7 Camera and Photo Library Access
Paarify requests camera and photo library access solely for scanning receipts and invoices. We do not access your camera or photos for any other purpose.
2. How We Use Your Information
- Provide the Service: Process receipts, categorize transactions, generate reports, sync with connected accounts, manage your subscription.
- Improve accuracy: Our AI categorization learns from your corrections. This learning is specific to your account and not shared with others.
- Process payments: Manage billing through Stripe.
- Communicate: Send transactional emails and security alerts.
- Security: Detect and prevent fraud and unauthorized access.
- Legal compliance: Meet applicable regulatory requirements.
3. How We Share Your Information
We do not sell, rent, or trade your personal or financial information. We share data only with:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services | Cloud hosting, storage | All service data (encrypted) |
| Stripe | Payment processing | Email, name, payment details |
| Plaid | Bank connections | Account and transaction data |
| Intuit (QuickBooks) | Accounting sync | Financial records you authorize |
| OpenAI / Anthropic | AI receipt scanning | Receipt images (metadata-stripped; see below) |
| Sentry | Error tracking | Device info, anonymized errors |
3.2 AI-Powered Receipt and Document Processing
When you use Paarify's receipt scanning or document scanning features, the image you capture is sent to our AI processing partners (OpenAI and Anthropic) to extract text and financial data such as merchant names, dates, line items, and totals.
Before transmission, we automatically strip all image metadata, including GPS location data, device identifiers, and timestamps. However, information printed on the receipt itself (such as partial card numbers or merchant addresses) may be visible in the image.
Our AI partners process this data under Data Processing Agreements (DPAs) that contractually prohibit them from:
- Using your data to train their AI models
- Selling or sharing your data with third parties
- Retaining your data beyond 30 days (used only for safety and abuse monitoring, after which it is automatically deleted)
The extracted text and structured data are stored in your Paarify account. Raw AI processing responses are retained for up to 90 days for accuracy verification and dispute resolution, then automatically deleted. You can delete your account and all associated data at any time (see Section 6).
We may also disclose information when required by law, to protect our rights, prevent fraud, or in connection with a business transfer (merger, acquisition).
4. Data Security
We implement industry-standard security measures including:
- TLS encryption for all data in transit
- Field-level encryption for sensitive tokens and credentials
- Private S3 storage with time-limited signed URLs
- JWT authentication with token rotation and blacklisting
- Rate-limited login attempts and account lockout protection
- HSTS, CSRF protection, and CORS whitelisting
While we use commercially reasonable measures, no method of electronic transmission or storage is 100% secure.
5. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion, except where required by law.
- Receipt images: Stored until you delete them or your account.
- OCR raw processing data: AI processing responses are automatically deleted after 90 days. Your extracted receipt data (merchant name, amounts, categories, etc.) is retained separately.
- Payment history: Retained as required for financial compliance (typically 7 years).
- Anonymized analytics: May be retained indefinitely for product improvement.
6. Your Rights and Choices
You can access, correct, export (CSV/PDF), and delete your data at any time within the app. You can disconnect any third-party integration at any time. Account deletion is available under Settings.
Depending on your location, you may have additional rights under CCPA, GDPR, PIPEDA, or other privacy laws. Contact privacy@paarify.com to exercise these rights.
7. Children's Privacy
Paarify is not intended for individuals under 18. We do not knowingly collect data from children.
8. International Data Transfers
Paarify is hosted on AWS in Canada (Central). By using the Service from outside Canada, you consent to the transfer and processing of your information in Canada.
9. Changes to This Policy
We may update this policy and will notify you of material changes within the app. Continued use after changes constitutes acceptance.
10. Contact Us
Paarify
Email: privacy@paarify.com
Website: https://www.paarify.com