Privacy Policy

This Privacy Policy explains what information VendorRecon collects, how we use it, and the choices you have. We aim to collect only what we need to provide the service.

Information we collect

Account information — your name and email, handled by our authentication provider (Clerk) when you sign in.
Reconciliation data — the vendor statements and ledger files you upload, and the results generated from them.
Usage data — basic logs needed to operate and secure the service.

How we use it

We use your data solely to provide and improve the reconciliation service, to operate billing, to communicate with you (e.g. reconciliation-complete and exception alerts you opt into), and to keep the service secure. We do not sell your data.

Storage and security

Uploaded files are encrypted at rest and stored in object storage (Cloudflare R2). Data is transmitted over encrypted connections (HTTPS). Access is restricted to your account/company via row-level security.

Service providers

We share data with vetted processors only as needed to run the service: Clerk(authentication), Paddle (payments / Merchant of Record), Resend(transactional email), Anthropic (AI-assisted extraction, used only on the Pro plan for hard-to-parse files), and our hosting providers (Railway, Vercel, Cloudflare). These providers process data on our behalf under their own terms.

Data retention and deletion

You can delete your uploaded data and reconciliation history at any time from your account settings. When you delete data or close your account, we remove the associated files from storage.

Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data. To exercise these, contact us at the address below.

Cookies

We use essential cookies for authentication and session management. We do not use advertising cookies.

Contact

Privacy questions or requests? Email info@vendorrecon.org.