Privacy Policy

Account data (your name, email and password hash); the chart-of-accounts and trial-balance data you upload; usage metadata (which pages you visit, errors that occur); payment metadata from LemonSqueezy (purchase amount, plan, last 4 of the card — we never see full card numbers). We do not collect any third-party tracking pixels or behavioral advertising data.

Strictly to operate the product: render financial reports, run AI account-mapping, send transactional emails (welcome, password reset, support replies), and process payments. We do not sell, share or rent your data.

Application data: PostgreSQL database hosted on Neon (sa-east-1, AWS). Application code: Vercel Edge Functions (multi-region). Email: Resend (transactional). Payments: LemonSqueezy (merchant of record). AI processing: Anthropic API (US/EU regions per their data-residency settings). The chart-of-accounts and balance data you upload is stored only in our PostgreSQL database — raw uploaded files are processed in serverless functions and never persisted to disk.

Every database query in the application is scoped by your organization id. There is no path in the product through which one customer can access another customer's data. Server-side authentication runs on every API route. Payment processing and webhook signatures are HMAC-verified.

When the auto-mapper runs, the account codes and names you uploaded are sent to Anthropic's API. We do not send the monetary amounts in those calls. Anthropic does not retain the prompts past the model's context window per their data policy. You can disable AI features per organization at any time by downgrading to a non-AI plan.

You can export your raw data at any time from any report (Excel/CSV). You can permanently delete your account and all associated data from Settings → Delete Account, or by emailing soporte@growsight.online; deletion is irreversible and propagates within 24 hours including database backups within 30 days. EU/UK users have additional rights under GDPR (access, rectification, erasure, portability, objection); to exercise them, email the same address.

We use one essential session cookie (NextAuth) to keep you signed in, and localStorage to remember your dashboard preferences (selected period per report, dismissed onboarding wizard). No third-party tracking cookies.

For any privacy-related question or to exercise any right above: soporte@growsight.online. We answer within 24 business hours.