BookKeeper Pro

Privacy Policy for AI Agents

Information Collection and Processing

Data We Collect

Financial Information: Our AI agents extract and process financial data from your organization's systems solely for the purpose of completing requested tasks. This includes:

  • Account statements and transaction records
  • Tax preparation documents and supporting materials
  • Financial reports and analytical data
  • Client financial information (for CPA firms)
  • Banking and payment processing data

Usage Information: We may collect minimal metadata necessary for system functionality:

  • Session timestamps and duration
  • Feature utilization patterns (aggregated and anonymized)
  • Error logs and system performance metrics
  • Authentication and access control records

Data Collection Principles

Our AI agents operate under strict data minimization principles:

  • Purpose Limitation: Data is accessed only for the specific task requested
  • Minimal Access: Agents request only the minimum data required to complete the task
  • Real-Time Processing: Information is processed in-memory during active sessions
  • No Permanent Storage: Financial data is never stored in persistent databases

Zero Data Retention (ZDR) Policy

Core ZDR Implementation

Upon session termination, all extracted financial information is immediately and permanently deleted from our systems. This includes:

  • Complete removal of all financial data from temporary memory
  • Deletion of processed outputs containing sensitive information
  • Clearing of any cached or temporary files
  • Purging of conversation history containing financial details
Security and protection of any data or report downloaded by the user from the AI agent is the responsibility of the user.

Technical Safeguards

  • Ephemeral Processing Architecture: All sensitive data processing occurs in temporary, encrypted memory spaces
  • Automated Deletion Protocols: System-enforced deletion routines execute immediately upon session termination
  • Verifiable Non-Retention: Technical controls prevent any permanent storage of financial data
  • Audit Trail: Deletion events are logged for compliance verification (metadata only, no financial content)

Third-Party LLM Provider Compliance

Provider Data Handling

  • Enterprise-grade SOC 2 Type II compliance
  • Seven-day file retention with automatic deletion
  • No use of client data for model training

LLM Integration

  • Standard 30-day backend deletion for API users
  • Zero Data Retention (ZDR) agreements available

Model Training Restrictions

We contractually ensure that:

  • No client financial data is used for training AI models
  • Third-party providers maintain equivalent data protection standards

Security Measures

Technical Safeguards

Data Encryption:

  • AES-256 encryption for all data in transit and at rest
  • End-to-end encryption for sensitive financial communications
  • Encrypted secure channels for all AI agent interactions

Access Controls:

  • Multi-factor authentication for all system access
  • Role-based access controls with principle of least privilege
  • Session monitoring and automatic timeout protocols
  • Privileged access management (PAM) systems

Data Subject Rights and Controls

Individual Rights

Access and Transparency:

  • Right to know what financial information is required by the AI agent
  • Clear explanations of AI agent decision-making processes

Control Mechanisms

  • Session termination controls to trigger immediate data deletion
  • Granular permissions for data access by AI agents

Policy Updates and Modifications

Effective Date: August 15th, 2025
Last Updated: August 15th, 2025

Privacy PolicyEULA

© 2024 BookKeeper Pro. All rights reserved.