Privacy Policy

This policy covers the ReconcileCDR web application and any reconciliation services we provide under the same brand. It applies to account holders, organization members, and visitors to our marketing site.

We collect only what is needed to operate the service:

• Account data. Email address, hashed password, organization name, role, and authentication metadata.
• Uploaded files. CDR files you upload for reconciliation, along with the mappings you configure for them.
• Generated artifacts. Reports, job history, and downloads produced from your reconciliations.
• Operational logs. Request logs, error traces, and aggregate usage metrics needed to run and improve the service.
• Billing data. If you are on a paid plan, billing identifiers from our payment processor (we do not store full card numbers).

We use this data to:

• Authenticate users and enforce organization access controls.
• Process uploaded files and produce reconciliation reports.
• Maintain history, persistent reports, and downloads for your organization.
• Investigate errors, monitor abuse, and keep the service secure.
• Communicate service notices, billing updates, and material changes.

We do not sell your data. We do not use the contents of your CDR files to train third-party models, and we do not share them across organizations.

Reconciliations run inside authenticated organization workspaces. Files, jobs, and reports are scoped to the organization that created them. Members only see data within organizations they belong to. Access is enforced both at the application layer and at the storage layer.

We use a small set of vetted infrastructure providers to host the application, store files, send transactional email, and process payments. Each provider receives only the data needed for its function and is bound by contractual confidentiality and security obligations. A current list is available on request from support@reconcilecdr.com.

Account, file, and report data is retained while your organization is active. You can delete projects, files, and reports from inside the application. After account closure or deletion request, we remove your data from active systems within a reasonable wind-down period and from backups in the normal backup rotation.

Operational logs are retained for a limited period for security and debugging, then rotated out.

Data is encrypted in transit. Files and database content are stored on managed infrastructure with access controls and audit logging. Production access is limited to a small number of operators with multi-factor authentication. We monitor for anomalous activity and patch known vulnerabilities on a defined schedule.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify the affected organization owner without undue delay.

Depending on where you live, you may have rights to access, correct, export, or delete personal data we hold about you. Most of these are available directly from organization settings inside the app. For requests we cannot fulfill from the UI, email support@reconcilecdr.com and we will respond within a reasonable period.

We use a small number of strictly necessary cookies for authentication and session management. We do not use third-party advertising trackers on the application. The marketing site may use minimal aggregate analytics that do not identify individual users.

Our infrastructure may process data outside your country of residence. Where data is transferred internationally, we rely on standard contractual safeguards with our sub-processors.

We will post updates to this page with a new “last updated” date. Material changes that affect how your data is handled will be communicated to organization owners before they take effect.

Privacy questions, data requests, or security reports go to support@reconcilecdr.com.