Skip to main content

Privacy Policy

Effective date: March 1, 2026

1. Introduction

LobsterBooks (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when you use our AI-powered bookkeeping platform.

2. Information We Collect

Account Information

When you create an account, we collect your email address, password (hashed), company name, entity type, country, tax identification number (optional), and region.

Financial Data

To provide bookkeeping services, we process data you upload or enter, including transactions, invoices, bills, receipts, journal entries, customer and supplier information, and chart of accounts data.

Receipt Images

When you upload receipts, we process the images using AI to extract vendor, amount, date, and category information. Receipt images are stored securely and associated with your account.

Usage Data

We collect anonymized usage analytics including pages visited, features used, and general interaction patterns to improve the Service.

Payment Information

Payment details (credit card numbers, billing addresses) are collected and processed directly by Stripe. We do not store your full payment card details on our servers.

3. How We Use Your Information

  • Provide the Service: Process your financial data, generate reports, categorize transactions, and manage invoices and bills
  • AI Processing: Use your transaction data and receipt images for automated categorization and data extraction
  • Account Management: Authenticate your identity, manage your subscription, and communicate about your account
  • Improve the Service: Analyze usage patterns to enhance features and user experience
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: Fulfill legal obligations and respond to lawful requests

4. Third-Party Services

We use the following third-party services to operate LobsterBooks:

Supabase — Authentication and database hosting. Your account data and financial records are stored in Supabase-managed PostgreSQL databases with row-level security (RLS) ensuring tenant isolation.
Stripe — Payment processing for subscriptions. Stripe handles all payment card data per PCI DSS standards. See Stripe's Privacy Policy.
Anthropic (Claude AI) — Powers our AI features including transaction categorization, receipt OCR, and the AI assistant. Financial data sent to Claude is processed per Anthropic's Privacy Policy and is not used to train their models.
PostHog — Anonymized product analytics to understand how features are used and improve the Service. No financial data is sent to PostHog.
Plaid (Coming Soon) — Bank account linking and transaction synchronization. When available, Plaid will connect directly to your financial institutions to import transactions. See Plaid's Privacy Policy.

5. Data Storage & Security

Your data is stored in Supabase-managed infrastructure. We implement multiple layers of security:

  • Tenant isolation: Row-level security policies ensure each user can only access their own data
  • Encryption: Data is encrypted in transit (TLS) and at rest. Sensitive fields like SMTP passwords use AES-256-GCM encryption
  • Authentication: JWT-based authentication with secure token handling
  • Access controls: API endpoints enforce authentication and authorization on every request

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal and financial data within 30 days, except where retention is required by law (e.g., tax records, legal obligations).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of your personal data
  • Export: Download your financial data at any time using the built-in export feature
  • Correction: Update or correct inaccurate data through your account settings
  • Deletion: Request deletion of your account and associated data
  • Portability: Receive your data in a machine-readable format (CSV export)

To exercise these rights, contact us at privacy@lobsterbooks.com.

8. Cookies & Tracking

We use essential cookies for authentication and session management. Our analytics provider (PostHog) may use cookies or similar technologies to collect anonymized usage data. We do not use cookies for advertising or sell your data to advertisers.

9. Children's Privacy

LobsterBooks is not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The “Effective date” at the top indicates when the policy was last revised.

11. Contact

For privacy-related questions or concerns, contact us at privacy@lobsterbooks.com.