Privacy Policy

This Privacy Policy describes how UppaGo ("we," "us," "our") collects, uses, shares, and protects information when you use our platform and services (the "Service"). We are committed to handling your data responsibly, transparently, and only in ways that serve your use of the Service.

This policy is incorporated by reference into our Terms of Service. By using the Service, you agree to the data practices described here.

We may update this policy from time to time. Material changes will be communicated via email or in-product notification at least thirty (30) days before they take effect.

We collect information you provide directly when you use the Service:

• Account information — name, email address, password (hashed), profile picture
• Organization information — company name, industry, size, address, contact details
• Customer Content — invoices, receipts, CSV imports, vendor records, transactions, bank-feed data, notes, corrections, and any other documents or data you upload to or generate within the Service
• Communications — support requests, feedback, survey responses, and any other messages you send to us
• Payment information — handled entirely by Stripe; we do not store card numbers, bank account details, or billing addresses on our systems (we receive only a Stripe customer identifier and metadata about your subscription state)

We also collect certain information automatically:

• Usage data — pages visited, features used, actions taken, agent-pack invocations, processing timestamps
• Device and browser information — browser type and version, operating system, screen resolution, language preferences
• Log data — IP address, request timestamps, request paths, response codes, error traces (used for debugging, security, and service improvement)
• Cookies and similar technologies — authentication tokens (required), preference storage (e.g., persisted view modes, dark-mode preference), and minimal analytics for product improvement. We do not use third-party advertising trackers.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process Customer Content through OCR, AI extraction, and intelligence pipelines you have requested
• Manage your account, subscription, and billing
• Send service-related communications (transactional emails, security alerts, billing notices, support replies)
• Send product communications you have opted into (digests, notifications, weekly summaries)
• Detect, prevent, and respond to fraud, abuse, security incidents, and policy violations
• Aggregate anonymized usage data to debug, optimize, and improve the Service
• Comply with legal obligations and enforce our agreements

We do not sell your personal information, and we do not share it with third parties for their own marketing purposes.

UppaGo uses AI models — including third-party large-language models and embedding models — to extract, classify, and analyze your Customer Content. Our policies on AI and your data:

• We do not train AI models on your Customer Content. Your documents, transactions, vendor records, and any data you submit to UppaGo are not used to train, fine-tune, retrain, or otherwise improve any general-purpose AI model — neither ours nor any third-party provider's.
• Third-party AI processors operate under no-training contracts. Where we send extracts of your Customer Content to AI providers (for OCR, embedding generation, and similar processing tasks), we contract with those providers under data-processing terms that prohibit them from using your data to train their own models.
• Tally's intelligence is per-tenant by design. The vendor profiles, baselines, autonomy levels, and reviewer memory that personalize Tally's suggestions are computed exclusively from your own Customer Content and are scoped to your account.
• Cross-tenant aggregation requires explicit business reasons. Where firm-level intelligence is offered (on certain plans where a single firm pays for multiple tenants), aggregation is performed only at the firm-tenant level and only in aggregate form (e.g., counts, percentages, distributions) — never row-level data sharing across distinct Customers.
• Embeddings stay in our infrastructure. Vector embeddings used for semantic search (Ask Tally) are stored in your tenant-scoped database row and never shared with other Customers or external services.

We share information only as necessary to operate the Service or as required by law:

• Service providers (sub-processors) — trusted vendors who process data on our behalf to operate the Service across cloud hosting and infrastructure, database and storage, authentication, AI processing, payment processing, transactional email delivery, bank-account connectivity, and accounting-system integrations. Each sub-processor is contractually bound to confidentiality and security obligations consistent with this policy. A current list of sub-processors is available upon written request at privacy@uppago.com.
• Bookkeepers and team members — as configured by your access settings. You control who has what level of access (view, review, or full) to your account's Customer Content.
• Legal compliance and safety — to law enforcement or regulators when compelled by valid legal process, to comply with applicable law, or to protect the rights, safety, and property of UppaGo, our users, or third parties.
• Business transactions — in connection with a merger, acquisition, financing, or sale of assets, your data may be transferred to the successor entity, subject to terms at least as protective as this policy.

When you use the bank-feed feature, we connect to your bank through Plaid's secure infrastructure. Plaid retrieves transaction data on your behalf using credentials you provide directly to Plaid (we do not see your bank login credentials).

Bank-feed transactions imported into UppaGo are stored in your tenant-scoped database and used for reconciliation matching, vendor recognition, cash-flow visibility, and reporting. Per our Terms of Service, bank-feed transactions are not used to train Tally's autonomy engine.

Plaid's collection and handling of your bank credentials and transaction data is governed by Plaid's end-user privacy policy, which you accept when you first connect a bank account through Plaid Link.

We retain your account information and Customer Content for as long as your account is active. If you cancel your Subscription or close your account:

• Customer Content is retained while your account is active. You can request deletion of your account and Customer Content by emailing privacy@uppago.com. Each request is reviewed and approved by UppaGo’s founders and processed manually. We are working toward customer-initiated deletion controls.
• When we delete an account at your request the following is removed or anonymized: documents and their extracted data, vendor records, bank-feed transactions, learned approval patterns specific to your workspace, and your profile fields.
• Our deletion workflow includes QuickBooks and Plaid provider-revocation steps. Provider revocation, hosted-record removal, and account anonymization run as an audited deletion workflow once a request is approved. Approval requires a second admin’s co-approval and explicit founder authorization; live customer deletions are not initiated automatically. We have verified the audited deletion workflow end-to-end on a disposable test workspace.
• Before a deletion can be executed, any active paid subscription must be canceled. If you have a paid plan, please cancel via your Stripe Customer Portal before submitting a deletion request — otherwise the request is paused at approval until billing is in a canceled or free state. Subscription cancellation alone does not delete your data; deletion is a separate request.
• Some records are retained for legal compliance, even after deletion. Security audit logs of actions taken on your account are kept as required by law — we maintain a faithful record of what happened for compliance and security purposes. 1099 forms generated through UppaGo are retained per IRS tax-record obligations, with the recipient’s name, tax identification number, and address redacted at the time of deletion. Stripe retains its own billing records for finance and tax obligations, independent of UppaGo. We sever UppaGo’s local link to the Stripe customer record during approved deletion; we do not delete records inside Stripe.
• A few things sit outside what we can delete on our end: files you have already downloaded — CSVs, PDFs, reports — live on your own devices and cloud-storage accounts. Deleting your UppaGo account does not reach those copies; please remove them from your devices yourself. See our Data Security page for the latest on what we delete and what is retained.
• Aggregate usage statistics derived from anonymized data may be retained indefinitely.

We use industry-standard administrative, technical, and operational safeguards to protect your data:

• Encryption in transit — all communication between your browser and the Service uses TLS (HTTPS)
• Encryption at rest — Customer Content stored in our database and object-storage layer is encrypted at rest by our infrastructure providers
• Encrypted credential storage — passwords are hashed via industry-standard algorithms (we never store passwords in plaintext); third-party OAuth tokens (for example, Plaid and QuickBooks Online) are encrypted at the application layer using AES-256-GCM before being persisted
• Tenant isolation — every database query that touches Customer Content is filtered by your tenant identifier at the application layer. Row-level security policies are also enabled at the database layer as a defense-in-depth backstop against accidental anonymous-key access
• Limited internal access — access to production systems is restricted to authorized personnel who are subject to confidentiality obligations
• Ongoing review — we review our codebase, third-party dependencies, and infrastructure configuration on an ongoing basis as part of our development process

No system is perfectly secure, and we make no guarantee that the safeguards above will prevent every conceivable incident. If you become aware of any actual or suspected security incident affecting your account, contact us immediately at support@uppago.com.

Depending on your jurisdiction, you may have the following rights with respect to your personal information. We honor these rights regardless of jurisdiction where reasonably possible:

• Access — request a copy of the personal information we hold about you
• Correction — update or correct inaccurate or incomplete information through your account settings or by contacting us
• Deletion — request deletion of your Customer Content and account, subject to retention obligations described above
• Portability — export your data in a machine-readable format (CSV download is available in-product; bulk export by request)
• Objection — object to specific processing activities, where applicable
• Withdrawal of consent — withdraw consent for processing that requires consent (e.g., opt out of non-essential email communications via your notification preferences)
• Complaint — lodge a complaint with your local data protection authority

To exercise these rights, contact us at privacy@uppago.com. We will respond to verified requests within thirty (30) days.

We use a minimal set of cookies and local-storage entries that are essential to the Service:

• Authentication tokens (required for sign-in)
• User-preference storage (e.g., persisted view modes, dark-mode preference, default landing tab)
• CSRF protection tokens
• Anonymous analytics for product improvement

We do not use third-party advertising trackers, retargeting pixels, or behavioral advertising identifiers. We do not sell or share data for advertising purposes.

Your information may be processed and stored in any country where UppaGo or our service providers operate, including (without limitation) Canada, the United States, and the European Union. By using the Service, you acknowledge that your information may be transferred to and processed in countries with data-protection laws different from those of your country of residence.

Where required by law (for example, for transfers of personal data subject to European data-protection regulations), we rely on appropriate safeguards such as Standard Contractual Clauses with our sub-processors.

The Service is intended for use by businesses and is not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us at privacy@uppago.com and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, our service offerings, or applicable law. The "Last updated" date at the top of this page reflects the most recent revision. For material changes, we will provide at least thirty (30) days' advance notice via email or in-product notification.

If you have questions about this Privacy Policy or our data practices, contact us:

• Privacy and data requests: privacy@uppago.com
• General support and security reports: support@uppago.com