Privacy Policy

1. Introduction

Vouchap ("we," "us," or "our") is a service provided by Adaven Consulting, Inc., located in Winnipeg, Manitoba, Canada. We are committed to protecting the privacy and security of your financial data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application and website ("Service").

2. Data Collection

2.1 Information You Provide

• Account Information: Name, email address, password, and company details required for registration.
• Service Data (Financial): Images of receipts, invoices, and bank transaction details you upload for processing.
• QuickBooks Integration: If you link your QuickBooks account, we access data strictly defined by your authorization (e.g., Chart of Accounts, Vendors) to facilitate synchronization.

2.2 Automatically Collected Information

• Device Information: Device model, OS version, and unique identifiers (for debugging and security).
• Usage Logs: Interaction data to help us improve user experience and system performance.

3. How We Process Your Data (OCR & AI)

We use Artificial Intelligence (AI) and Optical Character Recognition (OCR) technologies to extract data from your uploaded documents.

• **Data Processing:** Uploaded images are processed to extract dates, amounts, vendors, and line items.
• **Third-Party Processing:** We may utilize secure third-party AI providers (e.g., Azure AI, OpenAI Enterprise) for this purpose. We have strict agreements ensuring your data is NOT used to train their foundational models.
• **Human Review:** Vouchap personnel do not access your specific financial documents unless explicitly authorized by you for customer support or debugging purposes.

4. Data Storage & Security

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Storage Location: Our primary database and storage (Supabase) providers adhere to high security standards. We strive to store data within North America.
• Access Control: Strict role-based access controls (RBAC) are implemented to limit internal access to your data.

5. QuickBooks Data Compliance

Vouchap adheres to the Intuit Developer Terms. Specifically regarding your QuickBooks data:

• We only access data necessary to perform the sync function you requested.
• We do not sell, rent, or trade your QuickBooks financial data to any third parties.
• Data received from Intuit APIs is used solely to provide the Vouchap service to you.

6. Data Sharing & Third Parties

We share data only with essential sub-processors required to run our service:

• Supabase: Database and Authentication services.
• Stripe: Payment processing (we do not store credit card numbers).
• Vercel: Web hosting and deployment.

We will comply with lawful requests from public authorities, including to meet national security or law enforcement requirements.

7. Your Rights (PIPEDA & GDPR)

Under Canadian PIPEDA and EU GDPR, you have the right to:

• **Access:** Request a copy of the personal data we hold about you.
• **Correction:** Request correction of inaccurate data.
• **Deletion ("Right to be Forgotten"):** Request deletion of your account and associated data.
• **Portability:** Export your service data in a machine-readable format.

To exercise these rights, please contact our Privacy Officer at: privacy@vouchap.com. We will respond to verified requests within 30 days.

8. Data Retention

We retain your data only as long as your account is active. Upon account cancellation, your data will be marked for deletion and permanently removed from our active databases within 60 days, unless a longer retention period is required by tax law or legal obligations.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at: