Privacy Policy

Last Updated: 4/28/2026

1. Introduction

We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and the ePrivacy Directive. This policy explains how we collect, use, and share your data.

2. The Data We Collect

We may collect, use, store and transfer different kinds of personal data about you:

• Identity & Contact Data: Name, email address.
• Financial Data: Uploaded financial documents (invoices, receipts, ledgers) necessary for our AI extraction service. Payment details are processed securely via Stripe.
• Technical Data: IP address, login data, browser type and version, and cookies (subject to your consent).

3. How We Use Your Data

We use the information we collect to provide and maintain our services. The lawful basis for this processing is typically the performance of a contract with you, or our legitimate interests in operating and improving the platform securely.

4. Third-Party Sub-Processors

To provide our AI accounting services, we share necessary data with trusted third parties who act as sub-processors under GDPR Article 28:

• Google Cloud & Gemini AI: For hosting infrastructure and AI ledger extraction.
• Supabase: For secure database management and user authentication.
• Stripe: For processing subscription payments securely.

5. Google User Data Policy

MsyeAI uses Google APIs to export your invoice data to Google Sheets. Our application requests the https://www.googleapis.com/auth/spreadsheets scope solely to programmatically create new spreadsheets in your Google Drive and populate them with your accounting ledger data.

• Limited Access: We only create new, specific spreadsheets for your exports. We do not read, view, or modify any other files or folders in your personal Google Drive outside of the ones we create.
• Data Usage: The data populated into these spreadsheets strictly originates from the invoices you explicitly upload or email to your dashboard.
• Data Sharing: We DO NOT share any Google User Data with third-party tools or external AI models. Your Google Auth tokens are ephemeral, sent directly from your browser to our secure backend, and are never persisted or stored in our database.

6. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including any legal, regulatory, or reporting requirements. Upon account deletion, uploaded financial documents are permanently purged.

7. Your Legal Rights (GDPR)

Under EU and UK data protection laws, you have the right to:

• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data (Right to be Forgotten).
• Object to or request restriction of processing your personal data.
• Request transfer of your personal data (Data Portability).
• Withdraw consent at any time (e.g., for optional cookies).

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at: