← Back to Cooked Books

Privacy Policy

Last updated: April 2026

1. Who We Are

Cooked Books ("we", "us", "our") is an AI-powered bookkeeping platform operated by Josh Holtz. This policy explains how we collect, use, and protect your information when you use our service at cookedbooks.ai.

2. Information We Collect

Account Information

• Email address (used for authentication and notifications)
• Organization name

Financial Data

• Bank and credit card transactions (imported by you or synced via Plaid)
• Account balances
• Invoices, contacts, and journal entries you create
• Categorization rules and bookkeeping preferences

Third-Party Integration Data

• Plaid: bank account transaction history and balances (with your explicit authorization via Plaid Link)
• Stripe: payout and charge metadata for enriching bank transactions (with your explicit connection)

Usage Data

• Pages visited, features used, and interactions within the application
• Error logs for debugging (via Sentry — no financial data included in error payloads)

3. How We Use Your Information

• Provide the service: Import, categorize, and reconcile your financial transactions. Generate reports. Match payments to invoices.
• AI features: When enabled, we send transaction descriptions to Anthropic's Claude API for categorization suggestions. We do not send account numbers, balances, or personally identifiable information to AI providers.
• Improve the service: Understand usage patterns to improve features and fix bugs.
• Communicate: Send import completion emails, reminder notifications, and account-related updates.
• Billing: Process subscription payments via Stripe.

4. Consent

By creating an account and using Cooked Books, you consent to the collection and processing of your data as described in this policy. For third-party integrations:

• Plaid: You explicitly authorize data access through Plaid's consent flow (Plaid Link) before any bank data is accessed.
• Stripe: You explicitly connect your Stripe account before any payment data is accessed.
• AI: AI categorization is controlled by your automation settings and can be disabled at any time.

You can withdraw consent by disconnecting integrations, disabling AI features, or deleting your account.

5. Data Sharing

We do not sell your data. We share data only with:

• Plaid: To sync your bank transactions (only when you connect via Plaid Link)
• Stripe: To process your subscription payments and enrich transaction data (only when you connect)
• Anthropic (Claude): Transaction descriptions only, for AI categorization (only when AI features are enabled)
• Fly.io: Our hosting provider — processes data on our behalf
• Neon: Our database provider — stores data on our behalf
• Sentry: Error monitoring — receives application error logs (no financial data)

6. Data Security

• All data transmitted over HTTPS (TLS 1.2+)
• Third-party credentials (Plaid tokens, API keys) encrypted at rest at the application level
• Database encrypted at rest at the storage level (Neon managed PostgreSQL)
• Multi-tenant data isolation — your data is never accessible to other organizations
• Passwordless authentication via magic link (no passwords stored)
• Optional TOTP-based multi-factor authentication
• Full audit trail of all financial data changes

7. Data Retention

• Your financial data is retained for as long as your account is active
• Session tokens expire after 60 days
• Magic link tokens expire after 15 minutes
• If you delete your account, your data is removed within 30 days
• Integration credentials are wiped immediately when you disconnect

8. Your Rights

You have the right to:

• Access: Export your data at any time via the Export page
• Correct: Edit any financial data through the application
• Delete: Request account deletion by contacting us
• Disconnect: Remove third-party integrations at any time
• Opt out of AI: Disable AI features in Settings → Automation Level → Manual

9. Cookies

We use essential cookies only:

• Session cookie for authentication
• Remember-me cookie for persistent login
• CSRF token for security

We do not use tracking cookies, analytics cookies, or advertising cookies.

10. Children

Cooked Books is not intended for children under 18. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this policy as our service evolves. We will notify users of material changes via email. Continued use after changes constitutes acceptance.

12. Contact

For privacy questions or data requests:
privacy@cookedbooks.ai