Privacy Policy
Last updated: 13 June 2026
This Privacy Policy explains how ReconScribe(the “Service”, “we”, “us”), an accounts-payable automation application available at app.reconscribe.com, collects, uses, stores and protects your information, including data obtained from Google APIs. It applies to the ReconScribe application only. Our public website at reconscribe.com is covered separately.
ReconScribe is provided on an invitation basis to businesses and their finance teams. If you do not agree with this policy, please do not use the Service.
1. Information we collect
a. Account information
- Your name and email address (from Google sign-in or email/password registration).
- Your organisation and company memberships, role, and settings you configure.
b. Google user data (only if you connect Google)
If you connect a Google account, we request the minimum scopes needed for the features you use:
- Gmail (read and modify): to detect invoice emails in the mailbox you connect, read those messages and download their attachments for processing, and label or mark them as handled. We access only what is needed to process invoices.
- Google Drive (drive.file): to create a folder we own and store copies of your processed invoice documents that you choose to archive. We can only see and manage files the application itself creates.
- Basic profile/email: to sign you in and identify your account.
c. Business data you provide
- Vendor invoices (PDFs, scans, images) you forward or upload, and the data extracted from them.
- Master/reference files you upload (vendors, accounts, GST/HSN, locations, posting history).
- Corrections and approvals you make.
d. Technical data
- Operational logs and timestamps needed to run, secure and debug the Service.
2. How we use your information
- To read invoice emails/documents and extract structured invoice data.
- To match invoices to your master records and resolve accounting fields (G/L, GST, vendor, location, dimensions).
- To push prepared entries into the accounting system you connect (e.g. Microsoft Dynamics 365 Business Central) and to archive the source document to your Google Drive if enabled.
- To improve the accuracy of suggestions for your own organisation by comparing what we suggested against what you posted.
- To operate, secure, support and maintain the Service.
3. Google user data — Limited Use
ReconScribe’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We use Google data only to provide and improve the user-facing invoice-processing features described above.
- We do not sell Google user data, and we do not use it for advertising.
- We do not use the content of your Google data to train generalised or cross-customer AI/ML models. Any learning is limited to your own organisation’s mapping preferences.
- Humans do not read your Google data except where you explicitly ask for support, where required for security or to comply with the law, or in aggregated/anonymised form.
4. AI processing and sub-processors
To read and structure documents, the contents of your invoices (which may include data derived from connected Gmail messages) are sent to a third-party AI provider for extraction. You can choose your provider in settings. We rely on the following sub-processors, each only to deliver the Service:
- OpenAI (default), or Anthropic or Google if you select them — AI extraction of document data. These providers do not use API data submitted by us to train their models.
- Supabase — database, authentication and file storage, hosted in Mumbai, India (AWS ap-south-1).
- Google — Gmail/Drive access and sign-in, as described above.
- Vercel — hosting of the web application.
- A dedicated server we manage — runs the background processing worker.
5. Storage, location and security
- Your data is stored in Supabase’s Mumbai (India) region.
- Each organisation and company is isolated at the database level (row-level security), so one customer cannot access another’s data.
- Access is invitation-only and role-based. Connection secrets and tokens are restricted to server-side use and are not exposed to browsers.
- Data is encrypted in transit (TLS) and at rest.
6. Data retention and deletion
- We retain your invoice and account data for as long as your account is active, so the Service can function and your accounting records stay complete.
- If you enable it, source PDFs are removed from our active storage after a successful push (and kept in your own Google Drive archive).
- You can request export or deletion of your data, or deletion of your account, by contacting us (below). On account closure we delete or anonymise your data within a reasonable period, subject to any legal retention duties.
7. Sharing
We do not sell your data. We share it only with the sub-processors listed above, with the accounting system you choose to connect, and where required to comply with the law or protect the Service.
8. Your rights and choices
- Access, correct or delete your data by contacting us.
- Disconnect Google at any time inside the app, or revoke our access directly at myaccount.google.com/permissions. Revoking access stops further processing of your Gmail/Drive data.
- Withdraw consent or close your account at any time.
9. Children
The Service is for businesses and is not directed to children under 18.
10. Changes
We may update this policy. Material changes will be reflected by the “Last updated” date above and, where appropriate, notified in the app.

