Effective date: January 1, 2025 · Last updated: January 1, 2025
CashSheet ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
1. Information we collect
Information you provide
- Account information: Name, email address, phone number, and password when you create an account
- Organization details: Business name, subdomain, and industry when you set up your workspace
- Payment information: Credit card details and billing address, processed securely through Stripe — we never store your full card number
- Financial data: Transactions, invoices, bills, accounts, and other accounting data you enter into the platform
Information collected automatically
- Usage data: Pages visited, features used, actions taken, and time spent in the application
- Device information: Browser type, operating system, screen resolution, and IP address
- Cookies: Session cookies for authentication and preference cookies for your settings
2. How we use your information
- Provide, maintain, and improve our services
- Process transactions and send related billing information
- Send transactional emails (account verification, password resets, payment confirmations)
- Send product updates and feature announcements (you can opt out at any time)
- Monitor and analyse usage patterns to improve the platform
- Detect, prevent, and address technical issues and security threats
- Comply with legal obligations
3. How we protect your data
Your financial data is stored in isolated tenant database schemas — each organization has its own schema, completely separated from other customers. This is not row-level filtering; it is genuine database-level isolation.
All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. We enforce two-factor authentication, OTP-based email verification, and automated cleanup of inactive accounts. All authentication events are logged for audit purposes.
4. Data sharing and disclosure
We do not sell your personal information. We do not share your financial data with advertisers or data brokers. Period.
We may share information with:
- Service providers: Stripe (payment processing), email delivery services, and hosting providers — only to the extent necessary to provide our services
- Legal requirements: When required by law, subpoena, or court order
- Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
5. Data retention
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain certain records (e.g., billing records for tax purposes).
Inactive accounts without verified email addresses are automatically cleaned up after 7 days.
6. Your rights
You have the right to:
- Access your personal data at any time from your account settings
- Correct inaccurate information in your profile
- Export your data in standard formats (CSV, OFX)
- Delete your account and associated data
- Opt out of marketing communications
To exercise any of these rights, email [email protected].
7. Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising cookies. You can configure your browser to reject cookies, but some features of the platform may not function properly.
8. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of CashSheet after changes are posted constitutes acceptance of the updated policy.
9. Contact us
Questions or concerns about this Privacy Policy?