Privacy Policy

Last Updated: March 31, 2026

Ringbook ("we," "our," or "us") respects your privacy and is committed to protecting your personal and financial information. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our accounting software platform, including our artificial intelligence ("AI") features (collectively, the "Services"). This policy is written in plain language to help you understand your rights and our obligations.

1. Information We Collect

We collect and process the following categories of personal information:

a. Identity and Contact Data

• Account Information: Name, email address, phone number, billing address, and other information provided when creating an account.
• Authentication Credentials: Username, password, and information from third-party authentication providers (e.g., Google OAuth) used to verify your identity.

b. Financial and Business Data

• Uploaded Content: Invoices, receipts, bank statements, tax records, and other financial documents or data you upload to our platform.
• Transaction Data: Financial transactions, account balances, and payment details processed through our Services.
• Generated Data: Reports, financial statements, audit-ready documents, and AI-generated insights created through our platform.

c. Technical and Usage Data

• Device Information: IP address, browser type, operating system, device identifiers, and approximate location.
• Usage Data: Information about how you access and interact with our Services, including pages visited, features used, session duration, analytics data, cookies, and log files.

d. Third-Party Data

If you integrate our Services with third-party platforms (e.g., banks, accounting software, or payment processors), we may receive data from those services with your authorization. We process this data solely for the purposes described in this policy.

2. How We Use Your Information

We process your information on the basis of contractual necessity, legitimate interest, legal obligation, or your consent, for the following purposes:

• To provide, maintain, and improve our Services, including processing your uploads and preparing financial statements.
• To power AI-assisted features such as document recognition, data extraction, categorization, anomaly detection, and financial insights (see Section 3 for details).
• To ensure security, prevent fraud, and monitor for unauthorized access.
• To communicate with you regarding your account, service updates, or support inquiries.
• To comply with legal obligations, such as audit, tax, or regulatory requirements.
• To analyze usage patterns and improve the performance and reliability of our platform.
• To create anonymized, aggregated statistical data for trend analysis, service improvement, and new feature development. Such anonymized data cannot be used to identify you.

3. Artificial Intelligence and Automated Processing

Our Services incorporate AI and machine learning technologies to enhance your accounting workflows. We are committed to transparency about how these technologies operate and how your data is used in connection with them.

a. How We Use AI

• Document Processing: AI is used to extract, classify, and organize data from invoices, receipts, bank statements, and other financial documents you upload.
• Financial Insights: AI may analyze your financial data to provide categorization suggestions, identify anomalies, and generate summaries or reports.
• Search and Retrieval: AI-powered search helps you find relevant documents and information across your data.

b. AI Training and Data Use

• We may use anonymized and aggregated data to improve our AI models and develop new features. Your personally identifiable financial data is not used to train general-purpose AI models without your explicit consent.
• We may use third-party AI service providers (e.g., large language model providers) to process your data. These providers are bound by data processing agreements that prohibit them from using your data for their own training purposes or any purpose other than providing the service to us.

c. Automated Decision-Making and Human Oversight

AI-generated outputs in our Services (such as categorization suggestions, data extraction results, or financial insights) are provided as recommendations to assist you. They do not constitute financial, tax, or legal advice.

• You retain full control over all final decisions regarding your financial data. AI outputs are intended to support, not replace, your professional judgment.
• We do not use automated processing to make decisions that produce legal effects or similarly significantly affect you without human involvement.
• You have the right to request meaningful information about the logic involved in any automated processing, to express your views, and to contest automated outputs.
• You may opt out of specific AI features where technically feasible by contacting us at the details provided below.

4. How We Share Your Information

We do not sell your personal or financial information. We do not share your data for third-party advertising purposes. We may share your data only in the following limited circumstances:

a. Service Providers and Processors

We share data with trusted third-party service providers who assist us in delivering our Services, including cloud hosting, AI processing, payment processing, and customer support. These providers are bound by data processing agreements requiring them to process your data only on our instructions and to maintain appropriate security measures.

b. Legal and Regulatory Compliance

We may disclose your information where required by law, regulation, court order, or governmental request, or where we reasonably believe disclosure is necessary to protect the rights, safety, or property of Ringbook, our users, or the public.

c. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change and ensure the receiving party is bound by privacy commitments no less protective than this policy.

d. With Your Consent

We may share your information with third parties when you have given us express consent to do so, for example when you authorize an integration with a third-party accounting or banking service.

5. Data Security

We implement reasonable physical, technical, and organizational safeguards designed to protect your personal and financial information, including:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest using industry-standard encryption protocols.
• Access Controls: Role-based access controls and multi-factor authentication to ensure only authorized personnel can access sensitive data.
• Regular Audits: Periodic security assessments and vulnerability testing to identify and address potential risks.
• Data Minimization: We collect and retain only the data necessary for the purposes described in this policy, and anonymize data where possible.
• Incident Response: We maintain procedures for detecting, reporting, and responding to data breaches in accordance with applicable law.

6. Data Retention

We retain your personal and financial data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Account data is retained for the duration of your account and for a reasonable period thereafter to comply with legal and regulatory requirements.
• Financial records may be retained for up to seven (7) years in accordance with applicable accounting and tax regulations.
• Technical and usage data is retained for a limited period for analytics and security purposes.

When your data is no longer required, we securely delete or anonymize it in accordance with our data retention schedule. You may request early deletion subject to our legal and regulatory obligations.

7. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data. We will respond to your requests within the timeframes required by applicable law.

a. General Rights

• Access: Request access to the personal data we hold about you and obtain a copy.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal and contractual retention requirements.
• Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to the processing of your data, including for direct marketing or automated decision-making.
• Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

b. European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, we process your personal data as a data controller under the General Data Protection Regulation (GDPR). The legal bases for our processing include:

• Performance of a contract (providing and maintaining the Services).
• Legitimate interests (improving our Services, security, fraud prevention), balanced against your rights and freedoms.
• Legal obligations (tax, accounting, and regulatory compliance).
• Your consent (where required for specific processing activities such as marketing communications or optional AI features).

You have the right not to be subject to decisions based solely on automated processing which produce legal effects or similarly significantly affect you. You may request human intervention, express your point of view, and contest such decisions.

c. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: Request information about the categories and specific pieces of personal information we have collected, used, disclosed, or sold.
• Right to Delete: Request deletion of your personal information.
• Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a clear opt-out mechanism.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information to what is necessary to provide the Services.
• Automated Decision-Making: You have the right to opt out of the use of automated decision-making technology for significant decisions affecting you, and to request meaningful information about the logic and likely outcome of such processing.
• Non-Discrimination: We will not discriminate against you for exercising these rights.

d. Hong Kong Residents (PDPO)

If you are located in Hong Kong, we comply with the Personal Data (Privacy) Ordinance (Cap. 486) and the guidance issued by the Office of the Privacy Commissioner for Personal Data ("PCPD"), including the Model Personal Data Protection Framework for Artificial Intelligence. You have the right to:

• Request access to and correction of your personal data held by us.
• Be informed when your personal data is used for AI processing, including training, customization, or automated decision-making.
• Request an explanation of AI-generated outputs in plain language.
• Request human review of decisions substantially influenced by AI.

8. International Data Transfers

Ringbook is based in Hong Kong. If you access our Services from outside Hong Kong, your data may be transferred to and processed in jurisdictions with different data protection laws.

• For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms to ensure your data receives an adequate level of protection.
• We ensure that any third-party service providers who process your data in other jurisdictions are bound by appropriate data protection agreements.

9. Third-Party Integrations

Our Services may integrate with third-party platforms, including banking APIs, accounting software, and other financial services. When you authorize an integration, data may be shared between our platform and the third-party service. We are not responsible for the privacy practices of third-party services, and we encourage you to review their privacy policies before enabling integrations.

Third-party developers who access our API are prohibited from using data obtained through our platform to train or fine-tune any AI or machine learning models without our express written permission.

10. Cookies and Tracking Technologies

We use cookies and similar technologies (such as local storage and analytics tools) to enhance your experience, analyze usage, and maintain security. You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services.

11. Children's Privacy

Our Services are intended for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will promptly delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date and, where required by law, by providing direct notice (e.g., via email). Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your data, please contact us:

For complaints relating to our handling of personal data under the PDPO, you may also contact the Office of the Privacy Commissioner for Personal Data, Hong Kong. For GDPR-related inquiries, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.