glacialbooks
FeaturesPricingAbout
Sign inStart free →

Privacy Policy

Effective: May 11, 2026. Last updated: May 18, 2026.

Information We Collect

We collect information you provide directly, including your name, email address, organization details, billing details, support messages, and the bookkeeping data you manage in the service. We collect usage and security data such as IP address, browser details, pages visited, session events, device and sign-in signals, and interaction patterns. When you connect financial providers, payroll providers, payment processors, or tax products, we receive the data required to support those workflows.

How We Use Your Information

We use your information to operate GlacialBooks, provide bookkeeping workflows, categorize transactions, support reconciliations, produce reports, send service communications, protect accounts, manage subscriptions, meet legal obligations, respond to support requests, and improve reliability. We do not sell your personal information.

Data Storage and Security

Your data is stored in Microsoft Azure. Access to production data is restricted, logged, and governed by role based controls. Application traffic uses TLS 1.2 or better. Customer data stored in managed databases, blob storage, and backups is encrypted at rest. Operational controls are described in the Information Security Policy and Access Controls Policy.

Third Party Services

We use third party providers to support specific workflows, including Plaid for financial account connections, Stripe for payments, Azure for cloud infrastructure and email delivery, and payroll or tax providers when you connect them. Each provider has its own privacy terms and operating practices.

Consent

Account registration requires acceptance of the Terms of Service and this Privacy Policy. Financial account connections require your action through the provider connection flow, and GlacialBooks requires multi factor authentication before that flow is opened. Marketing email requires opt in and can be disabled from notification settings.

Data Retention

Account deletion has a fixed 30-calendar-day grace period and is normally completed within 31 calendar days of the request. Bookkeeping records, accounting source evidence, receipts, payroll postings, and financial audit logs are retained for 7 years after organization closure or contract termination. Production PostgreSQL backups are retained for 35 days, production blob soft delete is retained for 30 days, and production operational telemetry is retained for 90 days. The full schedule is in our Data Retention and Deletion Policy.

Your Rights

You may request access to, correction of, export of, or deletion of your personal data. You may also opt out of non-essential communications. We respond to privacy requests within 30 calendar days unless a legally permitted extension applies. To exercise these rights, contact us at [email protected].

Contact

For privacy-related questions, contact us at [email protected].