Privacy & Data Handling

Accounting Bridge is built for finance teams handling confidential data. This page explains exactly what happens with your data at every stage.

File processing

All uploaded files (CSV, Excel, PDF, OFX) are processed entirely in server memory. No file content is written to disk, stored in any database, or transmitted to third parties. Files exist only for the duration of your active session and are discarded when the session ends.

What we store

We store only your client configuration: column mappings, account rename rules, currency settings, and period-over-period summaries (aggregated account totals, not row-level data). This allows returning users to skip setup and track trends across periods. No source file content, no individual transactions, no personally identifiable financial records.

Data isolation

Each authenticated user's data is isolated at the database level using row-level security (RLS) policies. Your client profiles, period summaries, and notes are accessible only to your account. Other users cannot query, view, or modify your data. Unauthenticated visitors see only the demo dataset.

Infrastructure

• Database: Supabase (managed PostgreSQL). Data hosted in AWS US-East-1. Encrypted at rest (AES-256) and in transit (TLS 1.2+).
• Application hosting: Streamlit Cloud. All traffic served over HTTPS.
• No advertising pixels, no data sold or shared with third parties. We use Cloudflare Web Analytics for cookie-free, privacy-preserving page view counts. No personal data is collected.

AI-generated summaries

When enabled, a narrative summary is generated using Anthropic's Claude API. Only aggregated totals (revenue, expense counts, entity names) are sent - never row-level data or source files. You can disable AI features per-session from the results view. The consolidation engine itself is fully deterministic - no AI touches the data pipeline.

Data retention and deletion

You can delete any client profile and its associated period data at any time from within the application. Deletion is immediate and permanent. To request complete account deletion, including authentication records, email wietze.suijker@gmail.com.

Compliance

SOC 2 Type II certification is on our roadmap. Current controls include: row-level security, encryption at rest and in transit, audit logging of all data operations, and no persistent storage of source files. We are happy to complete vendor security questionnaires on request.