Privacy Policy

• Account credentials: email address and bcrypt-hashed password.
• Stripe restricted API key: encrypted at rest with AES-256-GCM. Decrypted only at sync time; never logged or transmitted in plaintext.
• Stripe transaction data: balance transactions, charges, payouts, refunds, and fees imported from your Stripe account into our database.
• IP address: used for rate limiting on public endpoints. Not stored long-term.
• Usage metadata: report generation timestamps, sync timestamps. No behavioral tracking or session recordings.

• Card numbers, bank account details, or payment credentials of any kind.
• PII of your customers. We see transaction descriptions from Stripe, not customer records.
• Write access to your Stripe account. The restricted key we store is read-only.
• Third-party advertising or marketing pixels (no Facebook Pixel, Google Ads tags, etc.).

• To sync your Stripe transactions daily and categorize them using AI.
• To generate and email your monthly profit & loss report.
• To power your AutoPNL dashboard (transactions, review queue, reports).
• To send transactional emails (account verification, broken-key alerts, monthly reports). No marketing emails without consent.
• To enforce rate limits and prevent abuse.

Account data and imported transactions are retained as long as your account is active. You may request deletion of your account and all associated data at any time by emailing support@autopnl.com. We will process deletion requests within 14 days.

• Access: request a copy of all data we hold about you.
• Deletion: delete your account and all data (dashboard, Settings, Delete, or email support).
• Export: download your transaction history as CSV from the Reports page at any time.
• Correction: contact us to correct inaccurate account data.