Privacy Policy - How we secure and protect your information.

Effective Date: 2025-01-31

This Privacy Policy (“Policy”) describes how Stargately, Inc. (“Company” or “we” or “our”) treats information collected or provided in connection with an end user’s (“you” or “your” or “user”) use of the services available via Company’s website at beancount.io (“Site”) and/or our mobile application (“App”, and collectively with the Site, the “Service”). Please note that your use of the Service constitutes your acceptance of this Policy as set forth below:

1. Effective Date; Changes Made To This Privacy Policy.​

This Policy applies to all information collected by or provided to us in connection with the Service. Should we make any material changes to this Policy, we will change the Effective Date above and inform you by email sent to the address associated with your Service account and/or through the Service the next time you log in. We will treat your continued usage of the Service following such notice as your acceptance of the changes.

2. Third-Party Links And Offers.​

We may offer through our Service or send to registered users links to or offers from third party vendors. This Policy does not apply to any information that you may provide to or that may be collected by those third parties. We encourage you to request such third parties to provide their applicable privacy policies and other terms and conditions for you before you engaging with or making a purchase from such third parties.

3. Collected Information.​

Information You Submit. When you log-in to or create an account with the Service, we collect the information you provide in the applicable form. This information includes personally identifiable information such as your name, username, e-mail address, password, and phone numbers. Information you submit to the Service also includes content that you create, update, and publish on the Service, which will include such personally identifiable information as you may choose to include. When we refer to “personally identifiable information” (PII) in this Policy, we mean information that we can directly associate specifically with a person or an entity without additional information. Should you decline to share certain personally identifiable information with us, we are not able to provide some or all of the features and functionalities found on the Service.

Information Collected Automatically. When you use the Service, we automatically gather some non-personally identifiable information from you. This includes usage information of the Service, such as information on when, how often and for how long you use the Service and the content you submit and view. This also includes server log data such as the IP address, device type, or operating system, or the webpage you were visiting before you came to our Service. As described below, we collect this information via a number of means, including server logs, cookies and other online tracking mechanisms. We may associate such non-personally identifiable information with the personally identifiable information that you provide in connection with the Service. But if we do so, we will treat the combined information as personally identifiable information.

Analytics Services. We use certain third-party services to assist us in analysis, auditing, research, and reporting regarding the Service. These third parties may use web logs or web beacons, and they may set and access cookies on your computer or other device. In particular, we use Google Analytics to help collect and analyze certain information for the purposes discussed in this Policy. You may opt out of the use of cookies by Google Analytics on the Site at https://tools.google.com/dlpage/gaoptout.

AI Services. We use artificial intelligence services provided by Anthropic Inc. ("Anthropic"), a third-party AI company headquartered in the United States, to power optional features of our Service. You only trigger AI processing when you actively choose to use these features. AI-powered features include:

• AI Chat Assistant: When you use the chat feature, we send your chat messages, ledger file contents, and repository information to Claude API (Anthropic's AI service, using model claude-sonnet-4-5-20250929) to provide conversational assistance with your accounting data.

• Smart File Import: When you upload financial documents (CSV, PDF, images, Excel files, etc.) and choose AI-powered parsing, we send the file contents to Claude API for intelligent parsing and transaction extraction.

• Auto-Categorization: When you request AI categorization suggestions, we send your transaction details and existing account structure to Claude API to generate categorization recommendations.

Important Notice - Your Choice: AI features are entirely optional. If you do not use AI-powered features, no data is sent to Anthropic. By actively using AI features, you consent to the data processing described in this section.

Third-Party Processing: Claude API requests are routed through BlockEden, a third-party API proxy service located in the United States. Both Anthropic and BlockEden process your data in accordance with their respective privacy policies:

• Anthropic Privacy Policy: https://www.anthropic.com/privacy
• Anthropic Commercial Terms: https://www.anthropic.com/legal/commercial-terms

Specific Data Sent to AI Services:

• Ledger file contents (complete accounting records including accounts, transactions, balances)
• Transaction details (dates, payees, descriptions, amounts, account classifications)
• Uploaded financial documents (full file contents or file URLs)
• Chat conversation history (all messages in your AI chat sessions)
• Account structure and chart of accounts
• Repository access credentials (authentication tokens for accessing your ledger repository)
• User preferences and language settings

International Data Transfer (GDPR Notice): If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please note that Anthropic and BlockEden are located in the United States. Your data will be transferred to and processed in the United States, which may not provide the same level of data protection as your jurisdiction. By using AI features, you consent to this international data transfer. We rely on Anthropic's Standard Contractual Clauses and security measures to protect your data during international transfers.

California Consumer Privacy Act (CCPA) Disclosure: If you are a California resident, please note that using AI features constitutes "sharing" of personal information under CCPA/CPRA. The categories of personal information shared include: identifiers, financial information, commercial information, internet/electronic activity, and inferences. You may opt out of this sharing by choosing not to use AI-powered features.

Data Retention by AI Provider: According to Anthropic's Commercial Terms (as of January 2025), API inputs and outputs are retained for up to 30 days for trust and safety monitoring, after which they are deleted from Anthropic's systems. We do not enable Extended Data Retention.

Legal Basis for Processing (GDPR): Our legal basis for processing your data through AI services is: (a) your consent, given by actively choosing to use AI features; and (b) contract performance, as processing is necessary to deliver the AI features you request.

AI Service Limitations: AI-generated suggestions are provided for convenience only and may contain errors, inaccuracies, or hallucinations. AI suggestions do not constitute financial, accounting, tax, or legal advice. You are solely responsible for reviewing and verifying all AI-generated content before relying on it for financial decisions or incorporating it into your accounting records.

Third Party Account Information. We may allow you to link your Service account with your WeChat, Blockstack, Google, Microsoft, LinkedIn, IoTeX, or other service account. When you do this, the services will provide us with access to certain information that you have provided to such service (such as your emails), and we will use, store and disclose such information in accordance with this Policy. Please remember that the manner in which a service uses, stores and discloses your information is governed by the terms and conditions and privacy policies of the applicable service, and not the Company.

Online Tracking and Cookies. The Service may use web beacons, cookies and other online tracking mechanisms to collect information. "Beacons" (also often referred to as "pixels") are tiny graphics on a web page designed to track when a page is viewed. Beacons also can be inserted into emails in order to track certain information, including whether an email has been opened. "Cookies" are small text files containing a string of alphanumeric characters that are downloaded by your web browser or mobile device when you visit a website. We may use both session cookies and persistent cookies when you access and use the Service. Cookies may be used, for example, to remember your user account information and your preferences, to customize the interface of the Service for you and to assist us in measuring and analyzing Service traffic. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Service. Persistent cookies can be removed. Please review your browser's documentation to learn the best way to remove cookies and to modify your cookie settings. You can take steps to limit tracking by erasing cookies from your computer's hard drive and by setting your browser to block all cookies or warn you before a cookie is stored. We partner with certain third parties to collect non-personally identifiable information. These third parties may use web logs, web beacons or other online tracking mechanisms, and they may set and access cookies on your computer or other device. Means of opting out of this third-party data collection are discussed below in Section 8.

4. Use of Information.​

We use the personally identifiable and non-personally identifiable information that we collect about you as follows:

• We will use submitted information for the purposes for which you provided the information, including, for example, to create and maintain a Service account for you or respond to a question that you e-mail to us. We also use submitted information and collected information as necessary to provide the features and functionality of the Service to you.

• We may send you e-mails regarding updates or modifications to the Service.

• We use submitted information and collected information to personalize the content that you and others see based on personal characteristics or preferences.

• We may analyze collected information relating to your use of the Service in order to help us improve the Service.

• We use AI services (Claude API from Anthropic) to provide intelligent features including chat assistance, document parsing, and transaction categorization. This processing may involve sending your ledger data, transactions, and uploaded files to Anthropic's servers.

• We may use submitted information and collected information to help troubleshoot problems, provide you with required notices, enforce our Terms of Use or to alert you to changes in our policies or agreements that may affect your use of the Service.

• We may combine personally identifiable information collected through the Service with other information that we collect about you in other contexts — such as our communications with you via email, phone or postal mail. We will handle such combined information in accordance with this Policy.

5. Disclosure of Information.​

We do not sell or distribute your information to third parties for their own purposes, in any form except as provided in this Section. We disclose the personally identifiable and non-personally identifiable information that we collect about you as follows:

• Your information may be viewable by other Service users in accordance with the Service’s functionality, including in connection with you expressly authorizing other Service users to view certain of your information, including data obtained from sources described in this Policy, such as data from public sources and services you connect to the Service.

• We may uses contractors and third-party service providers to provide the Service to our users and help us understand the use of the Service. These contractors and third-party service providers may collect information sent through the Service for use on our behalf.

• We may report aggregated, de-identified data relating to activity on the Service to third parties or the general public. We may combine such data with data obtained from third party sources in order to generate such reports.

• AI Service Providers (Optional Features Only): When you actively choose to use AI-powered features, we share your data with third-party AI service providers, including:

  • Anthropic Inc. (San Francisco, CA, USA) - Provides Claude API for AI chat assistance, document parsing, and transaction categorization
  • BlockEden (USA) - API proxy service that routes requests to Anthropic

  These providers process your ledger data, financial transactions, uploaded files, and chat messages solely to provide the AI features you request. Processing is governed by their respective privacy policies and commercial terms:

  • Anthropic Commercial Terms: https://www.anthropic.com/legal/commercial-terms
  • Anthropic Privacy Policy: https://www.anthropic.com/privacy

  IMPORTANT - No DPA Currently: While we use Anthropic's services under their standard commercial terms, we do not currently have a separate Data Processing Agreement (DPA) with Anthropic. EU users should review Anthropic's privacy practices before using AI features.

  CCPA/CPRA Disclosure - "Sharing" of Personal Information: California residents should note that using AI features constitutes "sharing" of personal information as defined by CCPA/CPRA. We share the following categories of personal information with AI service providers for the business purpose of providing AI-powered features:

  • Identifiers (user IDs, account names, email addresses)
  • Financial information (transaction records, account balances, ledger data)
  • Commercial information (transaction history, spending patterns)
  • Internet or electronic network activity (chat messages, file uploads, feature usage)
  • Inferences (transaction categorization patterns, user preferences)

  You may opt out of this sharing by choosing not to use AI-powered features. We do not "sell" personal information as defined by CCPA.

• We will use and disclose information where we, in good faith, believe that the law or legal process (such as a court order, search warrant or subpoena) requires us to do so; to investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our terms and conditions; or in other circumstances where we believe is necessary to protect the rights, safety or property of Company, our users, and third parties.

6. Viewing and Amending Information.​

You can log into your Service account and view or amend your user account information at any time. Please note that while changes to your account information are reflected promptly in active user databases, our servers may retain previously provided information. Note that changes to, or deletion of, your Service account user information does not affect any other information collected by us, which we may retain and continue to use or disclose in accordance with this Policy. We may delete your account if you are deceased or for other reasons in our discretion.

7. Choices Regarding Promotional Content.​

To the extent we send you promotional e-mails, we will give you the ability to opt-out of receiving such e-mails in accordance with applicable law. We will not provide your personally identifiable information to third parties for their own marketing purposes.

8. Security.​

The personally identifiable information we collect about you is stored in limited access servers.

We will maintain reasonable safeguards to protect the security of these servers and your personally identifiable information. However, no security measures are 100% effective and we cannot guarantee the security of your personally identifiable information.

9. Transfer as Corporate Asset.​

In the event of a merger, sale of capital stock or assets, reorganization, consolidation or similar transaction involving the Company, the information we possess (including personally identifiable information) shall be transferred as a corporate asset to the acquiring entity, provided that such entity will continue to handle such information in accordance with this Policy.

10. Transfer to the U.S. or other Countries.​

The Company is established in and uses facilities in the United States. Your information will be stored and processed in the United States or other countries where Company has facilities. By using the Service, you consent to the transfer of information outside of your country, even if your country has more rigorous data protection standards.

11. AI Features and Data Retention.​

AI Service Providers. Our Service offers optional artificial intelligence features powered by Claude API, an AI service provided by Anthropic Inc., a company headquartered in San Francisco, California, USA. AI features include chat assistance, document parsing, and transaction categorization. These features are entirely optional—you are never required to use them.

When AI Processing Occurs. Your data is only sent to Anthropic when you actively choose to use AI features by:

• Starting a chat conversation with the AI assistant
• Uploading a file and selecting AI-powered parsing
• Requesting AI categorization suggestions for transactions

If you do not use these features, no data is sent to Anthropic or BlockEden.

Anthropic Data Retention. According to Anthropic's Commercial Terms (as of January 2025):

• API inputs (your prompts, ledger data, uploaded files) and outputs (AI responses) are retained for up to 30 days for trust and safety monitoring
• After 30 days, data is permanently deleted from Anthropic's systems
• We do not enable "Extended Data Retention" on your behalf
• Anthropic may retain data longer if required by law or for safety/abuse prevention

Our Data Retention. We may retain records of AI interactions (chat history, categorization suggestions) in your account for your convenience and service improvement. You can delete chat history through your account settings. Deletion from our systems does not automatically delete data from Anthropic's 30-day retention period.

BlockEden Proxy. AI requests are routed through BlockEden, a third-party API proxy service located in the United States. BlockEden may temporarily cache requests for performance, reliability, and billing purposes. We recommend reviewing BlockEden's privacy practices independently.

International Data Transfers (GDPR/UK/Swiss Users): If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please be aware that:

• Your data will be transferred to and processed in the United States by Anthropic and BlockEden
• The United States may not provide the same level of data protection as your home jurisdiction
• We rely on Anthropic's security measures, Standard Contractual Clauses (if applicable), and your consent (by choosing to use AI features) as the legal mechanism for international data transfers
• Currently, we do not have a separate Data Processing Agreement (DPA) with Anthropic beyond their standard Commercial Terms. We are working to establish formal DPAs. EU users should carefully review Anthropic's privacy policy before using AI features.
• You have the right to withdraw consent at any time by discontinuing use of AI features

Your Rights Regarding AI-Processed Data:

For All Users:

• Right to choose not to use AI features (opt-out by default)
• Right to request deletion of your AI chat history from our systems
• Right to know what data was sent to AI providers (available via account activity logs)

For California Residents (CCPA/CPRA):

• Right to know what personal information was shared with AI providers
• Right to opt out of sharing personal information with AI providers (by not using AI features)
• Right to request deletion of personal information shared with AI providers
• Right to non-discrimination for exercising your privacy rights

For EU/UK/Swiss Residents (GDPR):

• Right to access data processed by AI services
• Right to rectification of inaccurate AI-processed data
• Right to erasure ("right to be forgotten") of AI-processed data
• Right to restrict processing (by not using AI features)
• Right to data portability (export your AI chat history)
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with your data protection authority

To exercise any of these rights, please contact us at [email protected] with the subject line "AI Data Privacy Request."

Security Measures. Data transmitted to AI providers is encrypted in transit using TLS. Anthropic employs industry-standard security measures to protect data at rest. However, no method of transmission or storage is 100% secure. Repository access credentials are transmitted securely but you should use time-limited tokens when possible.

Important Notice - No Financial Advice. AI-generated content may contain errors, inaccuracies, or hallucinations. AI suggestions do not constitute financial, accounting, tax, or legal advice. You are solely responsible for reviewing and verifying all AI-generated categorizations, transaction entries, and recommendations before incorporating them into your accounting records. Do not rely solely on AI suggestions for financial decisions.

Changes to AI Services. Anthropic may modify, suspend, or terminate their AI services at any time. We will notify you of material changes to AI data processing practices via email or through the Service.

12. California Privacy Rights (CCPA/CPRA).​

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.

Categories of Personal Information We Collect:

• Identifiers (name, email, username, IP address)
• Financial information (transaction records, account balances, ledger data)
• Commercial information (transaction history, purchase records, spending patterns)
• Internet or electronic network activity (usage data, feature interactions, chat messages)
• Inferences (transaction categorization patterns, user preferences)

Categories of Personal Information We Share: When you use AI-powered features, we share the categories listed above with:

• Anthropic Inc. (AI service provider)
• BlockEden (API proxy service)

This sharing is for the business purpose of providing AI-powered features you request and does not constitute a "sale" of personal information.

Your California Privacy Rights:

1. Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties we share it with.
2. Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
3. Right to Correct: You can request correction of inaccurate personal information.
4. Right to Opt-Out of Sharing: You can opt out of sharing your personal information with third parties by choosing not to use AI-powered features.
5. Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
6. Right to Limit Use of Sensitive Personal Information: If we use sensitive personal information beyond what is necessary to provide services, you may limit such use.

How to Exercise Your Rights: To exercise your California privacy rights, please:

• Email us at: [email protected] with subject "California Privacy Request"
• Include your name, email, and specific request
• We will verify your identity before processing your request
• We will respond within 45 days (may extend by 45 days if needed)

Do Not Share My Personal Information: To opt out of sharing your personal information with AI service providers, simply do not use AI-powered features (chat assistant, AI file parsing, AI categorization). If you have previously used AI features and wish to request deletion of shared data, please contact us at the email above.

Authorized Agent: You may designate an authorized agent to make requests on your behalf. The authorized agent must provide proof of authorization, and we may require you to verify your identity directly with us.

Data Retention: We retain personal information as described in Section 6 (Viewing and Amending Information) and Section 11 (AI Features and Data Retention). AI service providers retain data for up to 30 days as described in Section 11.

13. Children Under 13.​

The Company does not knowingly collect information from children under 13 and the Service is intended for adults over the age of 18. If you are a parent and believe that your child under the age of 13 has used the Service and provided personally identifiable information to us through the Service, please contact us at [email protected] and we will work to delete that Service account and any such personally identifiable information.