Privacy Policy

Please read these privacy policy carefully before using Prunr.app

Prunr (“we,” “us,” or “our”) is a cloud-based SaaS platform that helps CPA firms streamline their financial statement review process. This policy explains how we collect, use, store, and protect data on our platform.

1. How Prunr Works

  1. User creates an account
  2. User selects the type of financial statement
  3. User uploads a PDF copy of the financial statement
  4. Prunr extracts text from the PDF and generates a reviewed output
  5. PDF is not stored; only the extracted text is retained for 14 days
  6. All text data is automatically deleted after 14 days

2. What We Collect

  • Uploaded Data: We extract and process only the text content of uploaded PDFs.
  • User Data: Includes email address, firm name, and login credentials.
  • Payment Information: Handled entirely through Stripe. We do not store any payment data.

3. How Data Is Stored and Protected

  • All client data is stored in Supabase (AWS) and encrypted at rest and in transit.
  • Data is automatically deleted after 14 days of upload.
  • Uploaded PDF files are never stored — only the extracted text is temporarily retained.
  • CPA firm data is fully isolated. Users cannot view others’ uploads, even within the same firm.

4. Access and Permissions

Role Access Scope
Founder, Lead Developer, Junior Developer Supabase backend (text data only)
Lead Developer only Individual firm Prunr instances
Users Only their own firm's data; cannot view other users' uploads

5. Third-Party Services

Service Purpose Access
OpenAI API (o3 mini) Document analysis Data not shared; accessed only by dev team
Supabase (AWS) Backend storage & database 14-day retention; secure access
Stripe Payment processing No payment data stored on Prunr
Resend Transactional emails Basic metadata only (e.g., email address)

6. Cybersecurity and Insurance

We maintain a Cyber Insurance Policy through Corvus with:

  • Coverage: $1,000,000
  • Retention: $5,000
  • Policy Features: 24/7 incident response, PCI fines coverage, global coverage, and protection against state actor cyber events.

7. Your Rights

  • You own all data you upload.
  • You may request account and data deletion at any time via [email protected].
  • You are responsible for managing access to your Prunr account within your firm.

8. Policy Updates

We may revise this policy as needed. Any material updates will be communicated via email and posted on our website.

9. Contact

Prunr
164 Ardmore Crossing Dr.
Shelbyville, KY 40065
Email: [email protected]