Privacy policy

Who we are

Privbooks (“we”, “us”) provides a browser-based accounting application with optional server features (signup, billing, Stripe). The operator deploying this software (“you” as deployer) is responsible for configuration, legal entity name, and support contacts shown to end users.

What runs where

Local ledger: Your books (chart of accounts, journal, invoices, contacts, exports) live primarily in a SQLite database in the browser (including OPFS when the site is cross-origin isolated). We do not receive that file unless you choose to send a backup to someone else.

Server: If enabled, the server may store your work email (and optional company name), billing records tied to Stripe, signup rate-limit data, and optional email verification tokens. Stripe processes payments under its own privacy policy.

Account access

Access may be passwordless: a session cookie is issued after signup or email verification (depending on deployment settings). Anyone who can complete that flow for an email address may use the product as that address until you add stronger controls.

Cookies and similar technologies

We use an httpOnly cookie to maintain your session. Stripe may set cookies when you use Checkout or the customer portal.

Data retention

Server-side signup and billing rows persist until deleted by the operator. Local SQLite data remains on the device until the user clears site data or replaces the database file.

Your choices

• Export your ledger from the Data tab when OPFS is available.
• Sign out to clear the session cookie (local data may remain until you delete it).
• Contact the operator to request deletion of server-stored signup or billing records.

International transfers

Where you host the app and database (e.g. US/EU regions) determines jurisdiction. Choose regions consistent with your obligations.

Contact

For privacy requests, contact the organization operating this Privbooks deployment (add email in your deployment documentation).