myClerkBook is operated by miisodev (Kevin Ncamiso Novo), a sole proprietorship registered in South Africa. References to “we”, “us”, or “myClerkBook” in this policy refer to miisodev.
Contact: legal@myclerkbook.com
myClerkBook is built on a simple architectural principle: we never access your bank accounts. We do not integrate with Plaid, Finicity, MX, or any financial data aggregator. All financial data in myClerkBook is entered manually by you or extracted from documents you upload. We cannot see your bank balance, transaction history, or credentials — because we never ask for them.
Privacy is enforced at three independent layers simultaneously:
sanitizeForAI() function strips all personally identifiable information from document content before it is sent to our AI provider. Claude (Anthropic) never receives your name, email, account numbers, or identity — only the financial content of the document.When you create an account, our authentication provider (Clerk) collects your name, email address, and optionally your username. If you sign in via Google, Google provides your name, email, and profile picture. We store your Clerk user ID in our database as the root of your data ownership.
All transaction data in myClerkBook — income records, expense records, trial tracking entries, recurring transaction settings, and category groups — is created by you. We store it in our database to provide the service. We do not analyse, aggregate, sell, or share this data with any third party.
When you use the AI document parsing feature, the file you upload is stored temporarily in Supabase Storage under your user ID. After you approve or dismiss the parsed result, the file is deleted. A SHA-256 hash of the file is cached for 30 days to prevent duplicate processing. Before any document content is sent to our AI provider (Anthropic), all personally identifiable information is stripped by our sanitizeForAI() function.
We use PostHog for product analytics. PostHog records events such as page views, feature interactions, and session replays. Analytics data is anonymised and aggregated. We do not sell analytics data. PostHog event data is retained for 90 days.
We also use Vercel Analytics (Core Web Vitals, page performance) and Google Analytics 4 (traffic analysis) on the production environment. These are standard analytics tools subject to their respective privacy policies.
Subscription management and payments are handled by Polar, which acts as our Merchant of Record. Polar collects your name, email address, and payment card details directly. myClerkBook stores your subscription tier (basic, premium) and add-on status. We do not store your full payment card details.
If you enable SMS or WhatsApp notifications, your phone number is stored and shared with Twilio to deliver those notifications. Your email address (from your Clerk account) is used to deliver email notifications via Resend.
We do not use your financial transaction data for any purpose other than providing you with the service. We do not use your data to train AI models. We do not sell your data.
We use the following third-party services to operate myClerkBook:
| Processor | Data Processed | Purpose |
|---|---|---|
| Supabase | All user and transaction data | Database and file storage |
| Clerk | User identity and session data | Authentication |
| Anthropic | Sanitised document text (no PII) | AI document parsing |
| Polar | Billing name, email, payment metadata | Subscription management and payments |
| Resend | Email address and notification content | Transactional email notifications |
| Twilio | Phone number and SMS/WhatsApp content | SMS and WhatsApp notifications (Premium) |
| Loops | Email address and engagement data | Marketing and lifecycle email |
| PostHog | Anonymised usage events | Product analytics |
| Vercel | Request logs, performance metrics | Hosting and infrastructure |
| ExchangeRate-API | No user data transmitted | Currency exchange rates (cron only) |
Each processor has a Data Processing Agreement (DPA) in place. Anthropic’s commercial API terms include zero data retention (ZDR) provisions — API logs are retained for a maximum of 7 days and your data is never used for model training.
| Data Type | Retention Period |
|---|---|
| Transaction data | Until you delete the transaction or your account |
| User account data | Until you delete your account (immediate hard delete) |
| Uploaded documents | Deleted after you approve or dismiss the parse result |
| Document parse cache (hash only) | 30 days |
| Analytics events (PostHog) | 90 days |
| Exchange rate cache | 7 days (refreshed daily) |
| Anthropic API logs | Maximum 7 days (Anthropic commercial API terms) |
When you delete your myClerkBook account, all your data is removed immediately and permanently. This includes all transactions, dashboards, groups, notification preferences, AI usage records, and document parse cache entries. There is no soft delete, no archiving, and no backup retention of your personal data beyond the database’s point-in-time recovery window (used only for disaster recovery, not for individual data requests).
Hard delete is not a legal obligation for us — it is a product commitment. We believe you should be able to leave myClerkBook and have complete confidence that your financial data is gone.
If you are located in South Africa, you have the right to access, correct, or delete your personal information. You may also object to our processing of your information or request restriction of processing. Contact us at legal@myclerkbook.com to exercise these rights. Complaints may be lodged with the Information Regulator of South Africa.
If you are located in the EU, you have rights of access, rectification, erasure, portability, restriction, and objection. You may also withdraw consent at any time where processing is based on consent. To exercise your rights, contact us at legal@myclerkbook.com. You also have the right to lodge a complaint with your national data protection authority.
You can export all your transaction data as a CSV file at any time from your dashboard settings. No advance notice or approval required.
All data is encrypted in transit (TLS) and at rest (Supabase AES-256 encryption). Row Level Security on every database table ensures your data cannot be accessed by other users — this is enforced at the PostgreSQL level, not just in application code. We conduct security reviews before shipping features that touch your financial data.
We will notify you of material changes to this Privacy Policy by email and by posting a notice in the application at least 14 days before the changes take effect. Minor clarifications may be made without notice.
For privacy questions, data requests, or complaints, contact us at: legal@myclerkbook.com
miisodev · South Africa · myclerkbook.com