Privacy Policy

Introduction

writeoffs.ai (“we,” “us,” or “the Service”) is committed to protecting the privacy of our users. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data. By using writeoffs.ai, you agree to the practices described in this policy.

Information We Collect

Account Information: When you create an account, we collect your email address and authentication credentials. We use Supabase Auth for secure authentication and do not store passwords directly.

Financial Data: You may upload receipts, expense records, mileage logs, and other financial documents. This data is stored securely and is only accessible to you (and any administrators you authorize).

Uploaded Files: Receipt images, W-9 forms, and other documents you upload are stored in encrypted cloud storage (Amazon S3) and are associated with your account.

Usage Data: We may collect anonymized usage data such as pages visited and features used to improve the Service. We do not use third-party analytics trackers that profile individual users.

Device Information: We may collect basic device and browser information (e.g., browser type, operating system) to ensure compatibility and troubleshoot issues.

How We Use Your Information

We use your information solely to:

  • Provide and operate the Service, including receipt parsing, expense categorization, deduction estimation, and report generation
  • Process uploaded documents using AI and optical character recognition (OCR)
  • Send transactional emails (e.g., account verification, weekly digests) that you have opted into
  • Improve the accuracy and functionality of the Service
  • Respond to your support requests

We do not sell, rent, or share your personal or financial information with third parties for marketing purposes. We will never monetize your data.

AI Processing

The Service uses artificial intelligence (including third-party AI APIs) to parse receipts and categorize expenses. When your documents are processed:

  • Document content is sent to our AI processing pipeline for extraction only
  • We do not use your data to train AI models
  • AI providers we use are contractually prohibited from retaining or using your data beyond the immediate processing request

Data Storage and Security

Your data is stored in secure, encrypted databases hosted by Supabase (PostgreSQL) and Amazon Web Services (S3 for file storage). We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-level security (RLS) policies ensuring you can only access your own data
  • Secure authentication with session management
  • Regular security reviews of our infrastructure

Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all associated data (including receipts, documents, and financial records) within 30 days. Some anonymized, aggregated data may be retained for analytics purposes but cannot be traced back to you.

Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase: Database hosting and authentication
  • Amazon Web Services (S3): Secure file storage
  • Vercel: Application hosting
  • AI Providers: Document parsing and expense categorization (data is not retained by these providers beyond the processing request)

Each provider maintains their own privacy policies and security practices. We select providers that meet high standards for data protection.

Cookies

We use only essential cookies required for authentication and session management. We do not use advertising cookies, tracking cookies, or third-party cookies for behavioral profiling.

Your Rights

You have the right to:

  • Access your data at any time through the Service
  • Export your data using our built-in export features
  • Correct any inaccurate information in your account
  • Delete your account and all associated data by contacting us
  • Object to any processing you believe is not covered by this policy

If you are located in the European Economic Area (EEA), you have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

If you are a California resident, you have additional rights under CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information (which we do not do).

Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@writeoffs.ai.

Last updated: February 2026