1. Introduction
This Privacy Policy explains how Reconcile (the "Service," available at reconcileonline.com and app.reconcileonline.com) collects, uses, and protects information when you access or use the platform. "You" refers to an individual user or an authorized user of a customer organization such as a small accounting firm or finance team.
Reconcile is a file-first reconciliation tool. You upload two files, confirm a match key, run a reconciliation, and receive a structured report. We follow privacy by design principles: we collect the minimum data needed to operate the Service and use it only for the purposes described in this policy.
If you have questions, contact us at privacy@reconcileonline.com.
2. Data We Collect
Account and Workspace Information.
Information you provide when creating an account: name, email address, workspace name, and basic profile details.
Uploaded Files.
Files you upload for reconciliation — CSV, Excel, or JSON. These files are processed for comparison only. We do not read, interpret, or analyze the contents of your files for any purpose beyond running your reconciliation. Uploaded files are deleted from our servers immediately after your report is generated. In all cases, files are hard-deleted within 24 hours of upload.
Reconciliation Results.
The outputs of your reconciliation — matched rows, unmatched rows, discrepancy summaries, and exportable reports. These are stored in your workspace according to your retention settings. You control how long they are kept.
Usage and Technical Data.
Basic technical information including IP address, device and browser type, timestamps, features used, and error events. This is used to operate the Service, diagnose issues, prevent abuse, and maintain reliability. We do not use any third-party analytics tools.
3. How We Use Your Data
We use the data above for these purposes only:
To provide and operate the Service.
To authenticate users, run reconciliations, generate results, deliver exports, and maintain your workspace.
Security, fraud prevention, and abuse protection.
To protect the Service and users, investigate suspicious activity, and prevent unauthorized access.
Customer support.
To respond to support requests about account access, billing, or reconciliation results.
Service reliability and improvement.
To understand how features are used, fix bugs, and improve performance. We do not sell this data or share it with third parties for marketing purposes.
We process personal data on the following legal bases: to perform our contract with you — providing the Service — for our legitimate interests in security and reliability, and to comply with legal obligations under UK law.
4. What We Never Do
These are firm, unconditional commitments:
- We never sell your data to any third party.
- We never share your data with advertisers.
- We never use your uploaded files or reconciliation results to train AI models or improve algorithms.
- We never store uploaded files beyond 24 hours under any circumstances.
- No member of the Reconcile team reads the contents of your uploaded files.
- We do not use any third-party analytics or tracking tools on the Service.
5. User Rights
Under UK GDPR and applicable UK data protection law, you have the following rights over your personal data:
Access and Portability.
You may request a copy of the personal data we hold about you in a portable format.
Deletion.
You may request deletion of your account and associated personal data. You can also delete individual reconciliation results at any time from within the Service. Uploaded files are deleted automatically and cannot be recovered after deletion.
Correction.
You may request correction of inaccurate personal information held in your account.
Restriction and Objection.
You may request restriction of certain processing activities or object to processing where permitted by applicable law.
Withdraw Consent.
Where we rely on consent as a legal basis, you may withdraw it at any time. This does not affect processing already performed.
To exercise any of these rights, contact privacy@reconcileonline.com. We will respond within 30 days. We may ask for reasonable information to verify your identity before acting on a request.
6. Security Measures
All connections to the Service use HTTPS with TLS encryption. All stored data is encrypted at rest using AES-256 encryption at the infrastructure level, with additional application-level encryption applied on top. Uploaded files are deleted immediately after processing and hard-deleted within 24 hours.
Access to customer data is restricted by role. No Reconcile team member can access the contents of your uploaded files. Reconciliation results stored in your workspace are accessible to support staff only at your explicit request and only for the purpose of resolving a support issue.
All payments are processed by Lemon Squeezy (Merchant of Record). Reconcile does not store payment card details.
If we become aware of a security incident affecting your personal data, we will notify affected users within 72 hours of becoming aware of the incident, as required under UK GDPR.
7. Data Retention
Uploaded files.
Deleted immediately after your reconciliation report is generated. A hard-delete process runs every 24 hours. No uploaded file remains on our servers for more than 24 hours under any circumstances.
Reconciliation results.
Retained in your workspace indefinitely by default. You can set an automatic deletion schedule of your choice, or delete results manually at any time. If automatic deletion runs and you have not downloaded your results, those results are permanently deleted. You will need to re-upload your files and run a new reconciliation to generate them again. New runs consume credits. Reconcile is not responsible for results deleted according to your own retention settings.
Account information.
Retained while your account is active and for 90 days after account deletion to support security and fraud investigations, after which it is permanently deleted.
Usage and technical logs.
Retained for 90 days for security monitoring and service reliability, then permanently deleted.
8. International Transfers
Reconcile processes all data within Europe using Oracle and Cloudflare R2 infrastructure located in European data centers. We do not transfer your data outside Europe for processing.
Where any third-party service provider processes data on our behalf outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved under UK GDPR.
Contact
For privacy questions or to exercise your rights, contact us at privacy@reconcileonline.com. We respond within 48 hours on business days and will resolve all data subject requests within 30 days.