Privacy at ReturnBooks

What ReturnBooks is

ReturnBooks organizes records you upload — receipts, statements, invoices, income notes, and expense notes — so you can keep clean books for yourself and your accountant. Connecting a bank is optional and read-only. ReturnBooks does not move, hold, transfer, or process money, does not file taxes, and does not run payroll. Payroll features, where present, are recordkeeping only.

What we collect

• Account data: your email, your sign-in identifier, your company name, and basic profile data you provide.
• Files you upload: receipts, statements, invoices, payroll documents, and any other files you choose to upload as records.
• Records you create: expense notes, income notes, invoice line items, statement transaction reviews, categorizations, and other metadata.
• Operational logs: technical logs needed to operate the service, debug issues, and detect abuse.

We do not ask for and do not want your bank account credentials, routing numbers, full card numbers, or government ID numbers in free-text fields. Please do not upload protected health information (PHI) or material covered by HIPAA — ReturnBooks is not intended for that data.

How we use your data

• To show your records back to you and your teammates.
• To run AI-assisted and OCR extraction on documents you upload, so suggested fields can be shown to you for review before anything is saved as a record.
• To operate, secure, debug, and improve the service.
• To communicate with you about your account, billing (when billing is connected), and material changes.

We do not sell your business records. We do not use the contents of your uploaded documents to advertise to you.

AI and OCR processing

When you upload a receipt, statement, or invoice, ReturnBooks may send the file or text extracted from it to a third-party AI or OCR provider to suggest fields such as vendor, date, amount, or transactions. Suggestions are shown to you for review and are not auto-saved as records without your action.

We try to minimize what is sent — for example, by sending only what is needed for the extraction step. We do not train public AI models on your business records. We will list the providers we use here as the product matures.

Storage and security

Files you upload are stored in a private storage bucket and are scoped to your company. Other companies cannot read your files. Public links are not created for uploaded files. When you open a file in the app, the app generates a short-lived signed URL so that only your authenticated session can view it.

See the Security page for more detail on access controls, row-level security, and what ReturnBooks does not do.

Bank connections and data retention

Connecting a bank is optional. If you choose to connect one, ReturnBooks uses Plaid to import transactions on a read-only basis. ReturnBooks never receives or stores your bank login credentials — Plaid handles the sign-in and gives ReturnBooks a limited, read-only access token, which we store encrypted on our servers and never send to your browser. ReturnBooks does not move, hold, transfer, or process money.

• You can disconnect a bank connection at any time. When you disconnect, ReturnBooks asks Plaid to remove our access (Plaid item/remove) where supported, deletes the stored access token, and marks the connection disconnected.
• Disconnecting stops future bank transaction syncing and import for that connection.
• Transactions you already imported — and any expense or income records you created from them — may remain in your account for your business recordkeeping unless you delete them, using the in-app controls or by contacting support.
• We keep your data only as long as needed to provide the service, comply with legal obligations, resolve disputes, prevent abuse, and maintain the business records you have asked us to keep.
• You can request account or data deletion through support at any time.

What ReturnBooks does not do

• Connects to your bank only if you opt in, and only for read-only transaction import.
• Does not hold, move, transfer, or process money.
• Does not file taxes on your behalf.
• Does not run payroll or send payments to employees.
• Does not replace your accountant.
• Does not sell or rent your records to third parties.

Sharing with third parties

We use a small set of third-party infrastructure providers that process data on our behalf so the product can function:

• Supabase — authentication, database, and encrypted file storage for the records you upload. Your data is scoped to your company via row-level security.
• Stripe — subscription billing. When you start a subscription, Stripe collects your card details on a Stripe-hosted page and tells us only opaque IDs and your subscription status. ReturnBooks never sees your card number.
• Resend (via Supabase Auth) — transactional email such as signup confirmation and password reset.
• AI / OCR providers — used to suggest fields from documents you upload (see the AI and OCR section above). Names of the specific providers will be listed here as the product matures.

We do not sell your records to advertisers and do not share them with third parties for their own marketing.

We may share information when required by law, to protect the safety of users, or to investigate abuse of the service.

What we never ask for inside the app

ReturnBooks does not request bank routing numbers, full bank account numbers, Social Security numbers, or card numbers inside the app. If a screen, email, or person ever asks you to paste those into ReturnBooks, treat it as suspicious and report it. Card capture for subscription billing happens only on Stripe's hosted pages — not on ReturnBooks pages.

Your choices

You can delete individual records from inside the app. If you want a full export or a full account deletion, contact support and we will help. We are still building self-serve export and deletion flows and will update this page as those land.

Contact

Privacy questions, deletion requests, and data-related concerns: support contact will be added before public launch. In the meantime, please use the Support page for next steps.