Privacy Policy
Last updated July 9, 2026
1. Overview
Recon Pilot ("we", "us") provides an AI-assisted reconciliation tool for accounting teams. This policy explains what we collect, how we use it, and the controls you have. We designed the product so your financial data stays private to your account.
2. Data we collect
- Account data: your name, email, and company, provided at sign-up and used to authenticate you and operate your account.
- Reconciliation data: the files and ledgers you upload, the transactions extracted from them, matches, exceptions, questions, and audit events. This is stored only under your account.
- Preferences: vendor aliases, acronym expansions, and your approve/reject decisions that personalize matching for you.
3. How we use your data
We use your data to run reconciliations, generate match recommendations, maintain your audit trail, and improve the accuracy of matching for your account. We do not sell your data. We do not use the contents of your ledgers, statements, amounts, dates, or documents to serve other customers.
4. Per-account isolation
Every record is scoped to the account that created it. Each database query is filtered by your user ID, so one customer can never read another customer's data. Administrators can view aggregated, anonymized product analytics and support feedback, never your reconciliation contents or ledgers.
5. Opt-in learning contributions
If, and only if, you join the Founding Tester program, anonymized matching patterns from your usage may improve the shared matching engine. What is contributed is limited to normalized description text, vendor alias equivalences, acronym expansions, and approve/reject decisions with a confidence score.
What is never contributed: amounts, dates, account numbers, counterparty identities, company names, file contents, or any identifier of who submitted a signal. Signals are aggregated before anyone sees them.
You can withdraw consent at any time in Account & data. Withdrawing also removes your past contributions from the shared dictionary.
6. Data retention
By default we retain your data until you delete it. You can set an automatic retention window (1, 2, or 7 years) in your settings, after which non-locked reconciliations are purged automatically. Locked, signed-off reconciliations are retained as audit evidence and are exempt from automatic purging until you reopen or delete them.
7. Your rights and controls
- Access & portability: download a complete copy of your data as JSON at any time.
- Deletion: permanently delete your account and all associated data from your settings.
- Consent: opt in or out of learning contributions whenever you like.
- Retention: choose how long we keep your data.
Manage all of these in Account & data.
8. Security
Data is encrypted in transit (TLS) and at rest at the infrastructure level (our database and hosting providers). We follow least-privilege access practices and scope every data query to the owning account.
9. Sub-processors
We rely on infrastructure providers to run the service, including our database host and application hosting platform, and AI model providers used to extract and match transactions. These providers process data on our behalf under their own security and privacy commitments.
10. Contact
Questions about this policy or your data? Reach us through the in-app feedback option, or open a support request. For business customers handling their own clients' financial data, see our Data Processing Agreement.