Bookkeep Privacy Policy

Last updated: Nov 1 2022

Bookkeep.com Inc. (“Bookkeep”) provides business owners with an accounting software application that automatically posts daily sales summary financials to accounting platforms and reconciles the payment deposits (collectively with any website that links to this Privacy Policy, our “Services”). This Privacy Policy describes how we handle personal information in connection with providing and marketing our Services.

We provide additional information for data subjects in the EEA, Switzerland and the UK (collectively, “Europe”) below.

This Privacy Policy is intended to inform you of Bookkeep’s policies and practices regarding the collection, use and disclosure of any personal information that we process in connection with the Services. Where Bookkeep processes this personal information on behalf of our business customers, as a service provider and / or data processor, the terms of our agreement with those business customers will govern.

Personal Information We Collect

Information you provide to us, such as:

Contact and account data,such as your first and last name, email address, business role, phone number, and plan tier.
Payment and transaction data. This information is collected and processed by our payment service provider, Stripe, in accordance with its privacy policy, available at https://stripe.com/privacy. We do not have access to payment card numbers.
Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us or our user community online.
Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.
Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third party sources. We may combine personal information about you with personal information we obtain from other sources, such as:

Third parties, such as data providers, third-party advertisers, and others.
Integrated services, such as Square, Shopify, and other services you choose to connect to your Bookkeep accounting application.
Public sources, such as social media platforms.

Automatic data collection. We our service providers, and our advertising partners may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:

Device data,such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
Online activity data,such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We use the following tools for automatic data collection:

Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising. For more information about our cookie usage, please visit our cookie policy at https://Bookkeep.com/cookiepolicy/.
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How We Use Personal Information

We use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery. We use your personal information to:

Provide, operate, maintain, secure and improve our Services;
Fulfill transactions initiated by you;
Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages;
Understand your needs and interests, and personalize your experience with our Services and our communications; and
Respond to your requests, questions and feedback.

Research and development. To continue to operate and improve our Services, and to create new features and capabilities for our users, we may create and use aggregated, de-identified or other anonymous data from personal information we process.

Marketing and advertising. We may use personal information for marketing and advertising purposes, including:

Direct marketing.We or our advertising partners may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via email. You may opt out of our marketing communications as described in the Opt-out of marketing communications section below.
Interest-based advertising.We engage our advertising partners, including third party advertising companies and social media companies, to advertise our Services. We and our advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the Automatic data collection section above) over time across the web, our communications and our corporate website, and use that information to serve online ads. You can learn more about your choices for limiting interest-based advertising in our cookie policy.

Compliance and protection. We may use personal information to:

Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
Audit our internal processes for compliance with legal and contractual requirements and internal policies;
Enforce the terms and conditions that govern our website and Services; and
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

How We Share Personal Information

We may share your personal information with:

Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers. Companies and individuals that provide services on our behalf or help us operate our Services or our business (such as hosting, information technology, customer support, email delivery, and website analytics services).

Google and other authentication services. You may be given the option to access or register for the Services through the use of your user name and password provided by Google or other companies offering authentication services (each, an “Authentication Service”). By doing so, you may authorize us to access and store information from the Authentication Service — including, without limitation, your name, email address(es), and URL — and to use and disclose it in accordance with this Privacy Policy. To control what information is shared with us, please check your privacy settings on each Authentication Service and make changes as appropriate.

Advertising and marketing partners. When you visit our corporate website, third party advertising companies may use automated technologies to collect information for interest-based advertising purposes described above. We do not allow advertising partners to collect this data from our web application after you log into your Bookkeep account.

Marketing partners. Other companies that provide business services that may be of interest to you.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Bookkeep or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Please keep in mind that whenever you voluntarily make your personal information available for viewing by third parties or the public on or through our Services, that information can be seen, collected and used by others. We are not responsible for any use of such information by others.

How You May Direct Us to Share Personal Information Through our Services

To provide additional versatility, you may direct us to share some personal information associated with your account (e.g. summary and order level data) with third parties.

In all such situations, we share personal information that the third party requires to provide the services that you requested, and we have implemented reasonable confidentiality and security measures to help protect your information that we transmit. Some of these third parties may notify us of the details and/or status of the service that you have requested so we that can improve your experience with Bookkeep.

Your Choices

Access, update, or delete your information. If you have registered for an account with us, you may review and update certain personal information in your account profile by emailing us [email protected]. You may also request that we access, update or delete your information by contacting us at the information provided below. Please note that we will need to verify that you have the authority to update, correct, or delete the account and certain activity generated prior to deletion may remain stored by us and may be shared with third parties as detailed in this Privacy Policy and permitted by applicable law.

Opt out of marketing communications. You may opt out of marketing-related communications by following instructions contained in the marketing communications we send you.

Update your Authentication Service settings. To stop sharing your information with Google or other Authentication Services with whom Bookkeep permits you to connect your account, please modify your privacy settings on those platforms.

Online tracking opt-out. There are a number of ways to limit online tracking, which we have summarized in our cookie policy.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Processing Personal Information in the US

We have personnel and use service providers located in the United States. To provide our Services and operate our website, it is necessary for us to process personal information in the United States.

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Data Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

Children

The Services are not intended for use by children under 13 years of age. If we learn that we have collected personal information through our Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to Contact Us

You can reach us by email at [email protected] or at the following mailing address:

Bookkeep.com Inc.

Attn: Privacy

410 Atlantic Ave

Brooklyn NY 11217

Notice to Europeans

Controller. For purposes of European data protection legislation, we are the controller of the personal data that we process on our own behalf. You can contact us using the information listed in the How to Contact Us section above.

Representative. Our representatives in Europe are:

EEA and Switzerland: VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23AT2P, Ireland.
UK: VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE1 7TL, United Kingdom.

You may contact these representatives at https://verasafe.com/public-resources/contact-data-protection-representative.

Legal basis for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal data we process as a controller are described in the table below.

Processing Purpose	Personal Data	GDPR Legal Basis
· Service delivery	· Contact and account data · Payment and transaction data · Feedback or correspondence · Automatic data collection · Other data · Third parties · Integrated services · Public sources	· Processing is necessary to perform the contract governing our provision of our Services or to take steps that you request prior to signing up for the Services. · Consent for using analytics cookies.
· Marketing and advertising	· Contact and account data · Marketing data · Automatic data collection · Third parties	· Legitimate interests in (i) sending you information regarding products and services that may be of interest to you and (ii) informing our marketing strategy. · Consent for sending marketing communications regarding other products and services that may be of interest to you. · Consent for using third-party advertising cookies.
· Compliance and protection	· Contact and account data · Payment and transaction data · Feedback or correspondence · Automatic data collection · Other data · Third parties · Integrated services · Public sources	· Legitimate interests in keeping our Services, network and information systems secure. · Complying with law

Processing Purpose

Personal Data

GDPR Legal Basis

· Service delivery

· Contact and account data

· Payment and transaction data

· Feedback or correspondence

· Automatic data collection

· Other data

· Third parties

· Integrated services

· Public sources

· Processing is necessary to perform the contract governing our provision of our Services or to take steps that you request prior to signing up for the Services.

· Consent for using analytics cookies.

· Marketing and advertising

· Contact and account data

· Marketing data

· Automatic data collection

· Third parties

· Legitimate interests in (i) sending you information regarding products and services that may be of interest to you and (ii) informing our marketing strategy.

· Consent for sending marketing communications regarding other products and services that may be of interest to you.

· Consent for using third-party advertising cookies.

· Compliance and protection

· Contact and account data

· Payment and transaction data

· Feedback or correspondence

· Automatic data collection

· Other data

· Third parties

· Integrated services

· Public sources

· Legitimate interests in keeping our Services, network and information systems secure.

· Complying with law

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and where the reason is compatible with the purpose for which we collected it. If we need to use your personal data for another purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We ask you not to provide any sensitive personal information to us because we do not have the ability to identify or offer enhanced protections for sensitive personal information. If you choose to provide us with any sensitive personal information, we will process it as “personal information” in accordance with this Privacy Policy.

Your rights. Data protection laws give you certain rights regarding your personal data. If you are located in Europe, you may ask us to take the following actions in relation to your personal data that we process as a controller:

Provide you with information about our processing of your personal information and give you access to your personal information.

Update or correct inaccuracies in your personal information.

Delete your personal information.

Transfer a machine-readable copy of your personal information to you or a third party of your choice.

Restrict the processing of your personal information.

Object to our reliance on legitimate interests as the basis of our processing of your personal data that impacts your rights, or object to our processing of your personal data for direct marketing purposes.

Withdraw your consent in the manner indicated when you consent or by contacting us as described in this Privacy Policy.

You may submit these requests by email or our postal address provided above.

We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here. If you are located in the UK, you may submit a complaint to the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/your-personal-information-concerns/.

Processing of personal information in the United States. To provide our services we will process your personal information in the United States for the purposes we have set out in this Privacy Policy. If such processing involves the transfer of personal information to the United States in a manner governed by European data protection law, the transfer will be performed pursuant to the applicable requirements of the law, such as standard contractual clauses, the individual’s consent, or in other circumstances permitted by European data protection law.

Data retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.