Privacy Policy

1. What we collect

Account data. When you sign up, we collect your email address and, if you provide it, your name and company name. This is stored in our database (Supabase, hosted on AWS).

Financial memo data. When you generate a variance memo, we process your trial balance data to produce the memo. We store the output (the structured memo, P&L summary, variance rows, and narrative) — not the raw trial balance rows you uploaded. Your raw CSV or QuickBooks data is processed in memory and discarded immediately after the memo is generated.

QuickBooks connection. If you connect QuickBooks Online, we store OAuth tokens (access token and refresh token) to enable re-authentication. We use read-only access scopes and never write to your QuickBooks account. Tokens are stored server-side and never exposed to the browser.

Usage data. We log memo generation events, view counts on shared memos, and email delivery records (for the Monday brief). We do not use third-party analytics trackers.

Payment data. Billing is handled by Stripe. We store your Stripe customer ID and subscription ID. We never see or store your credit card number.

2. How we use your data

We use your data to: provide and improve the Pariom service; send the Monday morning brief (if you opt in); send transactional emails (memo delivery, billing receipts); respond to support requests; and detect abuse or security issues.

We do not sell your data. We do not use your financial data to train AI models. We do not share your data with third parties except as described below.

3. Third-party services

We use the following sub-processors:

• Supabase — database and authentication (AWS us-east-1). SOC 2 Type II certified.
• Anthropic — AI memo generation. Your financial data is sent to Anthropic's API to produce the memo narrative. Anthropic's API does not use API inputs to train models by default. See Anthropic's privacy policy at anthropic.com/privacy.
• Stripe — payment processing. PCI DSS compliant.
• Resend — transactional email delivery.
• Intuit — QuickBooks Online OAuth. Read-only access only.
• Vercel — application hosting.

4. Data retention

We retain your account data and generated memos for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days. You can request deletion at any time by emailing ask@pariom.ai.

Raw trial balance data (CSV uploads, QuickBooks transaction data) is never persisted — it exists only in server memory during memo generation and is discarded immediately after.

5. Security

We implement the following security measures:

• All data in transit encrypted via TLS
• Database encrypted at rest (Supabase/AWS)
• Row-level security on all database tables — users can only access their own data
• OAuth tokens stored server-side only, never in the browser
• Read-only QuickBooks access — we cannot modify your books
• Built on SOC 2-certified infrastructure

6. Your rights

You have the right to access, correct, or delete your personal data at any time. To exercise these rights, email ask@pariom.ai. We will respond within 30 days.

If you are located in the European Economic Area, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

7. Cookies

We use only essential cookies: an authentication session cookie (set by Supabase Auth) and a short-lived OAuth state cookie (for QuickBooks connection). We do not use advertising or tracking cookies.

8. Children

Pariom is not directed at children under 13. We do not knowingly collect data from children.

9. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email. Continued use of Pariom after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Email ask@pariom.ai.