Privacy Policy

Last updated: May 3, 2026

1. Introduction

LedgerPilot ("we", "our", "us") is an AI-powered accounting automation platform. This Privacy Policy explains how we collect, use, and protect information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and organization details through our authentication provider (Clerk).

QuickBooks Online Data

With your explicit authorization via OAuth, we access your QuickBooks Online data including: chart of accounts, journal entries, trial balance, profit & loss reports, balance sheets, invoices, bills, payments, and expense transactions. This data is accessed read-only and is used solely to perform the accounting analysis you request.

Google Workspace Data

With your explicit authorization via OAuth, we request the following Google scopes. Each is used only for the specific functionality described.

  • Gmail — read messages (gmail.readonly): read the bodies, headers, and attachments of email messages that match a Gmail search query you configure on an agent (for example, from:vendor@acme.com subject:invoice). Used to trigger agent runs when matching mail arrives and to ingest receipts and invoices that an agent processes. We do not read messages outside the scope of a query you have configured.
  • Gmail — send messages (gmail.send): send email messages on your behalf when an agent step you have configured requires it (for example, sending a close summary to a client). We do not send mail without an agent step explicitly requesting it.
  • Google Sheets — per-file Drive (drive.file): read and write cell values in spreadsheets that you explicitly authorize for this app, either by selecting them in the Google Picker dialog or by having an agent create them. Used to read inputs (such as a vendor list) and write outputs (such as a categorized transaction report). We can only access spreadsheets you have actively chosen for this app — never your wider Drive.
  • Basic profile (email): read the email address of the connected Google account so we can label it in the connection list and verify ownership for trigger validation.

Usage Data

We collect information about how you use our service, including agent configurations, run history, and feature usage for improving the product.

3. How We Use Your Information

  • To perform AI-powered accounting analysis on your QuickBooks data
  • To execute the agents you configure against your connected Google Workspace, QuickBooks, and bank accounts
  • To generate month-end close reports, checklists, and client communications
  • To authenticate and manage your account
  • To improve our service and develop new features

4. Limited Use of Google User Data

LedgerPilot's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We use Google user data only to provide and improve the user-facing features described above (executing agents you configure).
  • We do not transfer Google user data to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data except (a) with your explicit consent for specific messages, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data is aggregated and anonymized for internal operations such as capacity planning.
  • We do not use Google user data to train, develop, or improve generalized or non-personalized AI/ML models. Email and spreadsheet content from your Google account is processed only to execute the specific agent run you initiated.

5. Data Protection

Encryption

QuickBooks and Google OAuth tokens are encrypted at rest using Fernet symmetric encryption with per-organization key derivation (HKDF). This ensures that compromising one organization's data does not expose others.

PII Obfuscation

Before sending QuickBooks accounting data and bank transaction data to AI models for analysis, we obfuscate personally identifiable information (PII) including names, email addresses, phone numbers, Social Security numbers, bank account numbers, and tax identifiers. The AI model never sees the raw sensitive data for these sources. Output is de-anonymized before presenting results to you. Email content, spreadsheet content, and receipt-attachment content are not currently obfuscated and are sent to AI providers as-is when an agent run requires them.

Data Retention

QuickBooks data is accessed in real-time during agent execution and is not permanently stored. Google email content is fetched on demand for the specific agent run that requires it; we do not maintain a copy of your mailbox. We do persist short identifiers (Gmail message and history IDs) so that agent triggers do not fire twice on the same message. Spreadsheet cells you bind to an agent are read or written only at execution time. Agent run records — which contain the agent's analysis output and, for runs triggered by an incoming email, the triggering message's subject and a truncated copy of its body (up to 64 KB) so the audit trail is complete — are retained for your reference. You can delete your account and all associated data at any time.

6. Third-Party Services

  • Google Gemini— AI provider for accounting analysis and agent execution. QuickBooks and bank transaction data are sent to Gemini with PII obfuscation applied (entity names, contact information, account numbers, and similar fields are replaced with opaque tokens before transmission, and we de-tokenize Gemini's response before presenting results to you). When an agent run you have configured includes a step that processes Gmail messages, Google Sheets content, or receipt attachments, the relevant content is sent to Gemini for that run only. Per Google's paid Gemini API terms, prompts and responses are not used to train Google's models.
  • Intuit QuickBooks Online — Accounting data source. Connected via OAuth with your explicit authorization.
  • Google Workspace (Gmail, Sheets) — Connected via OAuth with your explicit authorization. See sections 2 and 4 for usage details.
  • Clerk — Authentication and user management.
  • Google Cloud Platform — Infrastructure hosting (Cloud Run, Cloud SQL, Secret Manager).

7. Your Rights

You have the right to:

  • Access the data we hold about you
  • Disconnect your QuickBooks Online account at any time
  • Disconnect your Google account at any time from within LedgerPilot, which stops all Gmail and Sheets access and clears the stored OAuth tokens
  • Delete your account and all associated data
  • Revoke our access to your QuickBooks data through Intuit's app management
  • Revoke our access to your Google data at myaccount.google.com/permissions

8. Contact Us

For questions about this Privacy Policy, contact us at support@epsdevsolutions.com