Back to HomeSign In

Privacy Policy

Effective date: April 7, 2026

Accountant's Best Friend (“we”, “us”, or “our”) operates accountantsbestfriend.com. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the service you agree to the practices described here.

1. Information We Collect

Account information

When you sign up we collect your email address and a hashed password. We do not store plain-text passwords.

Financial / expense data

You upload CSV files and enter expense records. This data — dates, amounts, descriptions, IRS categories, and any notes — is stored in your account and is only accessible to you and any team members you explicitly invite.

Receipt files

Images, PDFs, and documents you attach to expenses are stored in encrypted cloud storage (Supabase Storage). Files are linked to your account and are not shared with other users.

Usage and technical data

We collect standard server logs including IP addresses, browser type, and pages visited. This data is used solely for security monitoring, abuse prevention, and debugging. We do not use it for advertising.

Payment information

Payments are processed by PayPal. We do not receive or store your credit card number or bank account details. PayPal may collect and process payment data under their own privacy policy.

2. How We Use Your Information

  • To provide, maintain, and improve the service.
  • To authenticate you and keep your account secure (including 2FA).
  • To send transactional emails — account confirmation, password reset, and signup alerts.
  • To enforce rate limits and prevent abuse (e.g., signup attempt limiting by IP).
  • To respond to support requests sent through the contact form.
  • To comply with legal obligations.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Storage and Security

Your data is stored on Supabase (PostgreSQL), hosted on infrastructure within the United States. We apply the following safeguards:

  • Passwords are hashed — we cannot recover them.
  • All traffic between your browser and our servers is encrypted via HTTPS/TLS.
  • Database access is controlled by Row Level Security (RLS) — you can only query your own data.
  • Receipt files are stored in private, access-controlled cloud buckets.
  • Two-factor authentication (TOTP) is available and required for new accounts.

No system is 100% secure. If we become aware of a breach affecting your data we will notify you by email within a reasonable timeframe.

4. Cookies and Tracking

We use session cookies to keep you signed in. We do not use third-party advertising trackers, analytics beacons, or fingerprinting scripts. The only third-party scripts loaded are the PayPal JS SDK (on checkout pages) and Google reCAPTCHA (on the contact form), each governed by their respective privacy policies.

5. Data Retention

  • Active accounts: your data is retained as long as your account is active or as needed to provide the service.
  • Deleted expenses: soft-deleted expenses are moved to a trash bin and permanently removed when you empty the trash or after 30 days of inactivity on the account.
  • Account closure: if you close your account, your data will be deleted within 30 days unless we are required to retain it by law.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data via your account settings.
  • Export your expense data at any time using the built-in export tools (CSV, Excel, QBO).
  • Request deletion of your account and all associated data.

To exercise any of these rights, contact us at vic@alpina.net.

7. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes we will notify active users by email. Continued use of the service after changes are posted constitutes acceptance of the revised policy.

8. Contact

Questions or concerns about this policy? Reach us at vic@alpina.net or use the contact form.