Privacy Policy

1. Introduction

Reconify (“Reconify,” “we,” “our,” or “us”) operates a payment reconciliation platform available as a cloud service, a CLI tool, and an enterprise self-hosted deployment. This Privacy Policy applies to the Reconify website, the cloud platform, and any associated services we operate.

If you use the open-source CLI tool on your own infrastructure, that tool does not transmit data to Reconify servers. This policy does not apply to that deployment model except where you choose to contact us for support.

By using the Reconify website or cloud service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following categories of information:

Account information

When you create a Reconify account, we collect your name, email address, and company name. You may optionally provide a job title and phone number. This information is used to identify your account and communicate with you about the service.

Payment information

Subscription billing is handled by Paddle. Reconify does not store your full credit card number, CVV, or raw bank account details. We receive a payment token, last four digits, card brand, and billing address from Paddle for record-keeping. Your payment data is governed by Paddle’s Privacy Policy.

Usage and activity data

When you use the Reconify cloud platform, we collect data about your activity, including reconciliation run history, workspace configurations, exception review actions, and audit log events. This data is necessary to deliver the service and is stored in your account.

Technical and device data

We collect standard web server logs and analytics data when you visit our website or use the platform, including:

• IP address and approximate geographic location
• Browser type and version
• Operating system
• Referring URL and pages visited
• Session duration and interaction events
• Device type and screen resolution

Support and communications

If you contact us by email or through the contact form, we retain the contents of that communication and your contact details to respond to your inquiry and improve our support.

3. Information We Do Not Collect

Reconify is designed to reconcile payment data. We want to be explicit about what we do not do with that data:

• We do not sell your data to third parties under any circumstances.
• We do not use your reconciliation data for advertising or to train machine learning models without explicit written consent.
• We do not collect raw financial transaction records for our own purposes. Transaction files you process through the cloud platform are used solely to run the reconciliation workflow you configured. Self-hosted deployments never transmit transaction data to Reconify servers.
• We do not collect sensitive personal data such as Social Security numbers, government IDs, or health records as part of the core service.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: Running reconciliation workflows, managing workspaces, generating exception reports, and maintaining your audit trail.
• Billing and account management: Processing payments, issuing invoices, handling plan changes, and enforcing subscription limits.
• Security and fraud prevention: Detecting unauthorized access, investigating anomalies, and protecting the integrity of the platform.
• Customer support: Responding to your questions and resolving issues with your account or reconciliation runs.
• Product improvement: Understanding how the platform is used to prioritize features and fix reliability issues.
• Legal compliance: Meeting obligations under applicable law, including responding to lawful requests from government authorities.

5. How We Share Your Information

We share personal data only in the following limited circumstances:

• Payment processors: Paddle processes all subscription payments on our behalf.
• Cloud infrastructure: Our cloud platform runs on AWS and GCP infrastructure. Customer data is stored in encrypted form within these environments under applicable data processing agreements.
• Analytics: We use Google Analytics to understand how the website and platform are used. Analytics data is aggregated and does not include your reconciliation data.
• Legal requirements: We may disclose information when required by law, court order, or government request, or when necessary to protect the rights and safety of Reconify, our users, or the public.
• Business transfers: If Reconify is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you before your data is subject to a materially different privacy policy.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

6. Data Retention

We retain personal data for as long as necessary to provide the service and comply with legal obligations:

• Active account data is retained for the duration of your subscription and for 90 days after account deletion, to allow for recovery if the deletion was unintentional.
• Reconciliation and audit logs are retained for 12 months following the run date unless you configure a longer retention period under an Enterprise plan.
• Billing records are retained for 7 years to comply with tax and accounting requirements.
• Anonymized analytics may be retained indefinitely in aggregated form.

You may request deletion of your personal data at any time (see Section 8). Deletion requests are processed within 30 days, subject to legal retention obligations.

7. How We Protect Your Data

Reconify implements industry-standard technical and organizational security measures:

• Data at rest is encrypted using AES-256. This includes reconciliation inputs, outputs, and account data stored on our cloud infrastructure.
• All data in transit between your browser, our API, and connected data sources is encrypted using TLS 1.2 or higher.
• Access to production systems is restricted to authorized personnel only, controlled through role-based access policies and multi-factor authentication.
• Workspace data is isolated at the tenant level; your reconciliation results are not accessible to other Reconify customers.
• We maintain security monitoring and incident response processes. In the event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of it, as required by applicable law.

For a complete description of our security controls, see our Security page.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request an export of your account and reconciliation data in a machine-readable format.
• Objection and restriction: Object to or request restriction of certain processing activities.
• Opt-out of marketing: Unsubscribe from marketing communications at any time using the link in any email we send, or by contacting us directly.

To exercise any of these rights, contact us at privacy@reconify.com. We will respond within 30 days. If you are located in the European Economic Area, you also have the right to lodge a complaint with your local supervisory authority.

9. Cookies and Tracking

We use cookies and similar tracking technologies on our website and platform:

• Essential cookies are required for the platform to function, including session authentication and CSRF protection. These cannot be disabled.
• Analytics cookies (Google Analytics) help us understand how the website is used. You can opt out by using the Google Analytics opt-out browser add-on or by enabling “Do Not Track” in your browser settings.
• Preference cookies remember settings such as your display preferences and dismissed banners.

We do not use cookies for advertising or cross-site behavioral tracking.

10. Children’s Privacy

Reconify is a business-to-business service not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us at privacy@reconify.com and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days’ notice by email or through a prominent notice in the platform before the change takes effect. The “Last updated” date at the top of this page reflects when the policy was most recently revised. Continued use of the service after the effective date of any changes constitutes acceptance of those changes.

12. Contact Us

If you have questions about this Privacy Policy or how your data is handled, contact us at: