Privacy Policy.
Last Updated: May 7, 2026
now. ("we," "our," or "us") provides a bookkeeping and financial management application ("Service") that helps business owners track transactions, manage accounts, generate financial reports, reconcile bank accounts, close accounting periods, track inventory, and organize their business finances. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
Account Information
When you create an account, we collect:
Email Address: Used for account authentication, account recovery, and essential service communications.
Password: Stored securely using industry-standard hashing performed by our authentication provider. We never store passwords in plain text.
One-Time Passwords (OTPs): Sent to your email address to verify account creation, sign-in, and password reset. OTPs are short-lived and not retained after verification.
Business Profile Information
To provide bookkeeping functionality, we collect information about your business, including:
Business Name
Business Email Address
Business Phone Number
Business Address (street address, city, state, postal code)
Entity Type (e.g., Sole Proprietorship, LLC Single-Member, LLC Multi-Member, S-Corp, C-Corp, Partnership)
Industry Type (Product-based or Service-based)
Fiscal Year Start Month
Profile Image: If you set a profile picture, it is uploaded to our secure file storage for cross-device access. Images are resized and compressed to JPEG format and stored in user-scoped paths ensuring isolation between users.
Financial Data via Plaid
When you connect a bank account or credit card through Plaid, we access:
Account Information: Account name, account type (checking, savings, credit), masked account numbers (last 4 digits only), and current balances.
Transaction Data: Transaction date, amount, merchant name, transaction description, and posted/pending status. Only posted transactions are imported.
Institution Information: Bank or financial institution name and identifier.
Sync Metadata: Incremental sync cursors, the start date you select for transaction import, and historical-load completion timestamps used to efficiently retrieve new transactions and to know when an institution has finished delivering historical data.
Important: We do not collect, store, or have access to your bank login credentials (username, password, multi-factor codes, or security questions). Plaid securely handles authentication directly with your financial institution and returns to us only an encrypted access token, which is stored encrypted at rest on our servers.
Transaction and Bookkeeping Data
As you use the Service, we store:
Categorized Transactions: Account assignments, vendor or customer associations, categorization status, AI categorization results (suggested accounts, payees, and confidence scores), and Plaid-derived signals such as personal-finance-category hints used to improve categorization.
Journal Entries: Double-entry bookkeeping records created when you categorize transactions, record payments, create transfers, adjust inventory, or close accounting periods, including line-level details (accounts, amounts, debit/credit designation, payees, memos, and dates).
Customers: Customer names, email addresses, phone numbers, addresses, and bank-transaction descriptions previously associated with each customer.
Vendors: Vendor names, email addresses, phone numbers, addresses, and bank-transaction descriptions previously associated with each vendor.
Invoices: Customer information, invoice details, line items, sales-tax amounts and rates, payment history, and amounts.
Bills: Vendor information, bill details, line items (including inventory item lines), purchase-tax amounts and rates, payment history, and amounts.
Products and Services: Product or service names, descriptions, SKUs, prices, default unit costs, associated income/expense/inventory accounts, and (for inventory-tracked items) quantity-on-hand and weighted-average inventory value.
Inventory Movements: An audit trail of every change to a tracked product's quantity and value, including movements caused by bills, invoices, manual adjustments, and reversals.
Reconciliation Records: Account reconciliation history, statement balances, dates, and reconciled transaction identifiers.
Transfer Records: Internal transfer pairings between your accounts.
Chart of Accounts: Your bookkeeping account structure, including account names, numbers, types, subcategories, and parent/sub-account relationships. The default chart includes system accounts such as Sales Tax Payable (a liability for sales tax you collect from customers) and Sales Tax Paid (an expense for purchase tax on bills).
Financial Reports: Balance Sheet, Profit & Loss, Trial Balance, and General Ledger calculations.
Closing Period Records: Accounting period close dates, net income calculations, and lock dates that prevent modifications to closed periods.
Transaction Attachments
You may attach receipt or check images to transactions. When you do:
Image Files: JPEG images (resized and compressed) are uploaded to our secure file storage.
Attachment Metadata: File name, MIME type, byte size, storage path, and association with the corresponding transaction.
Storage Path: Images are stored in user-scoped paths ensuring isolation between users.
Attachments are protected by the same row-level security policies as all other user data.
Subscription Data
When you subscribe to the Service, we store:
Subscription Status: Whether your subscription is active or inactive.
Product Identifier: The subscription plan you selected.
Expiration Date: When your current subscription period ends.
Apple Transaction Identifiers: Used to verify subscription ownership and prevent unauthorized sharing of subscriptions across accounts.
Voice Interaction Data ("Hey Eon")
The Service includes an optional voice assistant ("Eon") that can be invoked by tapping the voice button or, while voice mode is open, by saying the wake phrase "Hey Eon."
Microphone Audio: When voice mode is active, your device microphone captures audio so it can be transcribed.
Wake-Word Detection: While voice mode is open, we use Apple's
SFSpeechRecognizerto listen for the phrase "Hey Eon" so the assistant can respond hands-free. Wake-word detection runs only while voice mode is on screen and stops when you dismiss it.Speech-to-Text: Your spoken question is converted to text using Apple's Speech Recognition framework. Apple's framework may perform recognition on-device or transmit audio buffers to Apple's servers for processing, depending on language and device support. Audio is never transmitted to our servers.
Voice Queries: Once converted to text, the transcript of your question is sent to our servers and to OpenAI for response generation.
Conversation Context: Recent conversation history (up to 20 messages) is temporarily retained in memory to provide contextual responses within a session.
Voice Responses: Text-to-speech audio is generated server-side using OpenAI's TTS API and delivered to your device. Apple's on-device text-to-speech is used as a fallback.
Read-Only: Eon is informational only. It can answer questions about your data but cannot post, modify, or delete journal entries, invoices, bills, or any other records.
Voice query text and conversation history are processed in real time and are not stored permanently after your session ends. We do not retain raw audio. Neither Apple nor OpenAI use API audio or text data sent through the Service to train their models, per their published API data policies.
How AI Processes Your Data
Transaction Categorization
Our AI bookkeeper processes your transactions as follows:
Deterministic Matching: First checks for exact or normalized description matches against your previously categorized transactions, and checks vendor/customer records for known bank descriptions.
Cross-User Merchant Matching: Next checks an anonymized aggregate of how all users have categorized the same well-known merchant (see "Anonymized Aggregate Data" below).
AI Analysis: If no deterministic or aggregate match is found, transaction descriptions, amounts, and your chart of accounts are sent to OpenAI's API for categorization. The AI identifies vendors or merchants, suggests appropriate expense or income categories, and may create new vendor or customer records.
Confidence Threshold: Only categorizations with 95% or higher confidence are applied automatically. Lower-confidence results are skipped.
User Priority: If you manually categorize a transaction while the AI is processing it, your categorization takes precedence.
AI categorization runs automatically as transactions are imported and cannot be turned off, but you remain in control of your books — you can manually categorize any transaction and modify any AI-suggested categorization at any time.
Eon Voice Assistant
The Eon voice assistant:
Receives your spoken questions as text after speech recognition.
Accesses your current account balances, recent transactions, vendors, customers, invoices, bills, inventory, and financial summaries to provide accurate responses.
Sends the question text and the relevant financial context to OpenAI for response generation.
Generates text-to-speech audio using OpenAI's TTS API.
Does not provide tax, legal, or investment advice.
Does not execute transactions or make changes to your data — it only reports information.
OpenAI processes data sent through its API according to its enterprise data policies and does not use API data to train its models. We do not use your financial data to train AI models.
Anonymized Aggregate Data (Cross-User Merchant Statistics)
To improve auto-categorization for everyone, we maintain a separate anonymized table that records, for each well-known merchant, how the user base as a whole has categorized that merchant. When a transaction in your account becomes categorized, an entry is added to this table consisting of:
A normalized merchant name (e.g., "STARBUCKS"), with payment-processor prefixes, store numbers, locations, and dates stripped out.
The general business type from your business profile (e.g., "S-Corp"), if set.
The chart-of-accounts category you assigned (e.g., "Meals & Entertainment").
A counter of how many distinct users and how many total transactions match this combination.
This table does not contain your user ID, transaction ID, journal-entry ID, dollar amount, customer or vendor name, raw bank description, or any other identifier that could be tied back to you. Rows are only consulted by the AI worker once enough distinct users have categorized the same merchant the same way (a minimum-user threshold). The table is internal-only and is not shared, sold, or surfaced to other users.
Operational Data
To maintain the security and reliability of the Service, we collect:
Audit Log: Records of significant account actions (such as account creation, data modifications, and deletions) are retained for up to one year for compliance purposes.
Usage Tracking: Daily counts of API requests and AI processing usage per user, retained for up to 90 days for cost monitoring and abuse prevention.
Rate Limit Data: Temporary request counters used to enforce usage limits and prevent abuse, automatically cleaned on a regular basis.
Crash and Performance Data: Apple may collect aggregated, anonymized crash reports and performance metrics from devices that have opted in to share with developers via iOS settings. We use this data only to diagnose stability and performance issues. We do not collect crash or performance data outside of Apple's standard developer reports.
Local Device Storage
We store the following data locally on your device:
Profile Image Cache: If you set a profile picture, a copy is cached locally on your device for performance. The image is also uploaded to our secure file storage for cross-device access (see Business Profile Information above).
Biometric Lock Preference: Your choice of whether to require Face ID, Touch ID, or Optic ID to open the app.
Session Preferences: Basic app state preferences such as paywall display status.
Subscription Recovery Data: If a subscription purchase cannot be immediately verified with our servers, temporary claim details (product identifier and transaction reference) are stored locally for up to 7 days to retry verification. This data is automatically removed once verified or expired.
Speech Recognition Buffers: Temporarily processed by Apple's Speech Recognition framework during a voice session and discarded immediately after transcription.
Bank Login Credentials: We never access, receive, or store your bank usernames, passwords, multi-factor codes, or security questions.
Social Security Numbers or Tax Identification Numbers: We do not collect government identification numbers.
Precise Location Data: We do not collect or track your geographic location.
Contacts or Call Logs: We do not access your device contacts or call history.
Photo Library Contents: We do not read, browse, or scan photos in your photo library. Our use of the photo library is "save only" — we ask permission only to save invoice images that you choose to export.
Biometric Data: Face ID, Touch ID, and Optic ID checks are performed entirely on your device by Apple's LocalAuthentication framework. No biometric template ever leaves your device, and we do not receive, store, or process it.
Raw Audio Recordings: We do not store audio recordings of your voice on our servers. Audio is processed only as needed to convert speech to text and is then discarded. (Note that Apple's Speech Recognition framework may transmit audio buffers to Apple's servers for processing — see "Voice Interaction Data" above.)
Cross-App Tracking Data: We do not track you across apps and websites owned by other companies. We do not use any third-party advertising SDKs. The app's Privacy Manifest declares
NSPrivacyTracking = false.
Behavioral Advertising Identifiers: We do not collect the Identifier for Advertisers (IDFA), and we do not present the App Tracking Transparency prompt because we do not track you.
We use the information we collect to:
Provide the Service: Enable bookkeeping functionality, transaction categorization, invoice and bill management, inventory tracking, bank reconciliation, period closing, and financial reporting.
Connect Financial Accounts: Facilitate secure connections to your bank accounts and credit cards through Plaid.
AI-Powered Features: Automatically categorize transactions using artificial intelligence. Provide AI-powered responses through the Eon voice assistant about your financial data. Generate text-to-speech audio responses.
Generate Reports: Create Balance Sheets, Profit & Loss statements, Trial Balances, and General Ledger reports.
Store Attachments: Securely store receipt and check images you attach to transactions for your bookkeeping records.
Account Management: Authenticate your identity, maintain your account, process subscriptions, and communicate essential service information.
Security and Integrity: Enforce rate limits, validate inputs, verify webhook signatures, maintain audit trails, and prevent abuse.
Improve the Service: Maintain the anonymized cross-user merchant aggregate described above and use diagnostic data from Apple to fix bugs and improve performance.
We use the following third-party services to operate the Service. Each operates under its own privacy policy.
Plaid
Plaid provides secure bank account connectivity. When you connect a bank account:
Plaid authenticates directly with your financial institution using its own secure interface (Plaid Link).
Plaid transmits account and transaction data to us via its API.
We receive an encrypted access token (not your credentials) that allows continued data access. The token is stored encrypted at rest.
You choose a transaction start date when connecting; only transactions on or after that date are imported.
Plaid delivers historical transactions in stages; we track when historical loading is complete so we can compute opening balances against the full dataset.
You can revoke Plaid access at any time through the Service or by contacting us.
Upon account deletion, all Plaid access tokens are revoked via Plaid's API.
For more information, see Plaid's Privacy Policy.
Supabase
Supabase provides our backend infrastructure, including:
User authentication and session management.
PostgreSQL database storage with row-level security.
Server-side Edge Functions.
File storage for transaction attachments (receipt and check images) and profile images.
Your data is stored on Supabase's infrastructure with row-level security policies ensuring you can only access your own data. For more information, see Supabase's Privacy Policy.
OpenAI
OpenAI provides AI capabilities for:
Transaction categorization (GPT-class models).
Voice assistant responses (GPT-class models).
Text-to-speech audio generation (TTS model).
Transaction descriptions, amounts, and your relevant financial context (for the voice assistant, also the text of your question) are sent to OpenAI for processing. OpenAI processes data sent through its API according to its enterprise data policies and does not use API data to train its models. For more information, see OpenAI's Privacy Policy.
Apple
We use Apple's frameworks and services for:
StoreKit for subscription and in-app purchase processing.
Speech Recognition for voice transcription and wake-word detection.
On-device Text-to-Speech as a fallback for voice responses.
MapKit for address autocomplete when entering vendor, customer, or business addresses (search queries are processed by Apple).
LocalAuthentication for optional biometric app lock (Face ID, Touch ID, Optic ID).
Standard developer crash and performance reports for users who opt in via iOS settings.
Apple handles payment processing and identity per its own privacy practices. For more information, see Apple's Privacy Policy.
Superwall
Superwall manages paywall presentation and subscription gate display. Your user identifier is shared with Superwall for paywall configuration. For more information, see Superwall's Privacy Policy.
We retain your data as follows:
Account Data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations.
Financial Data: Retained while your account is active. Transaction history, journal entries, inventory movements, and financial records are maintained to provide continuous bookkeeping functionality.
Transaction Attachments: Receipt and check images are retained while your account is active and deleted upon account deletion.
Subscription Data: Retained while your account is active for subscription verification purposes.
Voice Data: Processed in real time and not retained after your session ends.
Audit Log: Retained for up to one year for compliance purposes.
Usage Tracking: Retained for up to 90 days for operational monitoring.
Rate Limit Data: Temporary and automatically cleaned on a regular basis.
Anonymized Merchant Aggregate: Retained indefinitely in anonymized form. It contains no user-identifying data.
If you delete your account, your personal data is removed from our active systems immediately and cannot be recovered. We do not retain account-restorable backups. We may retain a minimal amount of information only where required by law or regulation (for example, certain audit-log entries kept for up to one year for compliance purposes).
You can delete your account at any time using the Delete Account option in Settings. The deletion process:
Requires you to type "DELETE" as confirmation.
Revokes all Plaid access tokens, disconnecting your linked bank accounts.
Deletes your data from all database tables, including transactions, journal entries, ledger entries, inventory and inventory movements, invoices, bills, customers, vendors, products and services, accounts, reconciliations, closing periods, transaction attachments, and all associated records owned by you.
Removes all receipt and check images from our file storage.
Removes any profile images from our file storage.
Deletes your authentication account from our identity provider.
Removes locally stored data (profile image cache, preferences) from your device.
This process complies with Apple App Store Guideline 5.1.1(v).
We implement industry-standard security measures to protect your information, including:
Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL.
Encryption at Rest: Sensitive data, including Plaid access tokens, is encrypted when stored.
Row-Level Security: Database-level policies ensure each user can only access their own data.
Access Controls: Access to your data is restricted to authenticated sessions using secure JWT tokens.
Multi-Layer Rate Limiting: API requests are rate-limited at both the IP level and per-user level to prevent abuse, with daily usage caps for cost-sensitive operations.
Webhook Verification: Incoming webhooks from third-party services are verified using cryptographic signatures before processing.
Input Validation: All inputs are validated against strict schemas, including type checking, length limits, and pattern matching. Strings are sanitized to prevent injection and cross-site scripting attacks.
Atomic Operations: Critical financial operations use database-level transactions with row-level locking and idempotency keys to prevent data corruption and duplicate entries.
Secure Authentication: Passwords are hashed using secure algorithms by our authentication provider. We never store passwords in plain text.
Financial Precision: All monetary amounts are stored using precise decimal types (not floating-point) to prevent rounding errors.
Attachment Security: Receipt, check, and profile images are stored in user-scoped storage paths with access policies that restrict each user to their own files.
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
Access and Portability
You can access your financial data at any time through the Service. Financial reports (Balance Sheet, Profit & Loss, Trial Balance, General Ledger) are available within the app and can be exported as image files. Invoice images can be saved to your device photo library. If you would like a structured export of your underlying data, please contact us.
Correction
You can update your business profile information, customer and vendor records, products and services, and transaction categorizations at any time through the Service.
Deletion
You can request deletion of your account and associated data by using the Delete Account option in Settings or by contacting us. Upon deletion:
All Plaid access tokens will be revoked, disconnecting your bank accounts.
Your account and authentication data will be removed.
Your business profile, transactions, journal entries, ledger entries, inventory data, invoices, bills, customers, vendors, products and services, and all associated financial data will be deleted from our servers.
All transaction attachments (receipt and check images) will be removed from our file storage.
Profile images will be removed from our file storage.
Locally stored data (profile image cache, preferences) will be removed from your device.
Certain data may be retained if required for legal or regulatory compliance.
Revoke Bank Access
You can disconnect your linked bank accounts at any time through the Service. This will stop new transaction data from syncing but will not delete previously synced transactions.
AI Features
Automatic transaction categorization is part of the core Service and cannot be turned off, but you can manually categorize any transaction and modify any AI-suggested categorization at any time. Use of the Eon voice assistant is optional — you may simply choose not to invoke it.
California Residents
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:
The right to know what personal information is collected, used, shared, or disclosed.
The right to delete personal information we have collected from you.
The right to correct inaccurate personal information.
The right to opt out of the sale or sharing of personal information.
The right to limit the use of sensitive personal information.
The right to non-discrimination for exercising these rights.
We do not sell or share your personal information for cross-context behavioral advertising, and we do not use sensitive personal information for purposes that would trigger the right to limit. To exercise your rights, please contact us at the address below.
The Service may request the following device permissions:
Face ID / Touch ID / Optic ID (
NSFaceIDUsageDescription): Used for optional biometric app lock to protect your financial data. Biometric data is processed entirely on your device and never leaves it.Microphone (
NSMicrophoneUsageDescription): Required for the Eon voice assistant to capture speech for transcription and to detect the "Hey Eon" wake phrase while voice mode is on screen.Speech Recognition (
NSSpeechRecognitionUsageDescription): Used to transcribe your voice queries and detect the "Hey Eon" wake phrase via Apple's Speech Recognition framework.Photo Library — Add Only (
NSPhotoLibraryAddUsageDescription): Used to save exported invoice images to your photo library. We do not request "read" access and do not browse, scan, or import your existing photos.
No other device permissions (camera, full photo library access, location, contacts, calendar, reminders, health, etc.) are required.
The Service is intended for business owners and is not directed to children. We do not knowingly collect personal information from children under the age of 13. The Service is also not intended for use by individuals under the age of 18, who generally cannot enter into a binding contract. If we learn that we have collected personal information from a child without verifiable parental consent, we will delete that information promptly. If you believe we may have collected information from a child, please contact us immediately at the address below.
We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this document and, where appropriate, by providing additional notice through the Service. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and in any country where our service providers operate. By using the Service, you consent to this transfer.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at support@officialnow.app or visit officialnow.app.
We will respond to your inquiry within 30 days.
