Privacy Policy

Last updated: November 21, 2025

At CleanSheet, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal information.

🛡️ Data Privacy Promise

We Do Not Store Your Files

Files are processed in memory and immediately discarded after extraction.

Google Does Not Train on Your Data

Our Google AI API agreement prohibits using your data for model training.

GDPR Compliant

Delete your account = all your data is permanently deleted within 30 days.

Zero-Knowledge Processing

We can't access your original files - they're encrypted during upload.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Profile photo (if you sign in with Google/Apple)
  • Payment information (processed securely by LemonSqueezy)

1.2 Usage Data

We automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Actions taken (file uploads, exports)

1.3 Document Data

When you upload documents, we store:

  • The original file (temporarily, for processing)
  • Extracted data (date, merchant, amount, category)
  • File metadata (name, size, upload date)

2. How We Use Your Information

We use your data to:

  • Provide our service: Process documents, manage your account, handle payments
  • Improve our AI: Analyze extraction accuracy (we never share your financial data)
  • Send notifications: Credit warnings, feature updates (you can opt out)
  • Prevent fraud: Detect abuse and protect our platform
  • Comply with law: Meet legal obligations (e.g., tax reporting)

3. Data Security

Bank-Level Security

Your data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use industry-standard security practices and regularly audit our systems.

4. Data Sharing

We never sell your personal data. We only share data with:

  • Clerk: Authentication provider (email, name)
  • LemonSqueezy: Payment processor (billing info)
  • Google Gemini: AI service (document images, temporarily)
  • Vercel: Hosting provider (server logs)

5. Your Rights

Under GDPR and CCPA, you have the right to:

  • Access: Request a copy of your data
  • Delete: Request account and data deletion
  • Correct: Update inaccurate information
  • Export: Download your data in JSON format
  • Opt-out: Unsubscribe from marketing emails

To exercise these rights, email us at support@cleansheet.digital

6. Data Retention

  • Original Files (Zero Storage): We process your uploaded files (PDFs, Images) entirely in-memory. They are immediately discarded after extraction and are never saved to our servers or cloud storage.
  • Extracted Data: The extracted financial text (e.g., amounts, dates, suppliers) is retained for 90 days to allow you to view history and re-export reports. After 90 days, this data is automatically and permanently deleted from our system.
  • Deleted Accounts: If you delete your account, all associated data is purged immediately.
  • Payment records: Retained for 7 years (tax compliance)

7. Cookies

We use cookies for:

  • Authentication: Keep you logged in (Clerk session)
  • Analytics: Track usage (Vercel Analytics)
  • Preferences: Remember your settings (dark mode)

8. Changes to This Policy

We may update this policy. Major changes will be notified via email 30 days in advance.

9. Contact Us

Questions? Contact us:

← Back to Home