Legal
Privacy Policy
Effective date: March 21, 2026 — Ubiquitous LLC
1. Overview
TheReconciliator is a suite of forensic accounting analysis tools operated by Ubiquitous LLC, a Connecticut limited liability company (“we,” “us,” or “our”). The suite includes FullClarity, TimelineClarity, MigrationClarity, CustomerClarity, and ClassClarity. This Privacy Policy applies to all sub-products and explains how we collect, use, store, and protect your information.
2. Information we collect
We may collect the following types of information when you use the Service:
- Account information: Your name, email address, and user ID when you sign up or log in.
- Uploaded file data: When you upload a CSV or accounting export file, we process its contents in memory to produce your analysis. This data is never written to a persistent database.
- Live accounting data: When you connect QuickBooks Online or Xero, we access transaction data, account balances, journal entries, and related records only as necessary to perform the requested analysis.
- OAuth tokens: Secure credentials issued by QuickBooks Online, Xero, or other providers to authorise access. We store these tokens in encrypted form only while your account is active.
- Usage data: Logs and technical data (e.g. record counts, error types) used for debugging, security, and service improvement. This data contains no personally identifiable information from your uploaded files.
3. How we use information
We use your information solely to:
- Process and analyse the data you upload or connect
- Display results, reports, and analysis output in your browser
- Generate downloadable PDF and HTML report files
- Maintain and improve the reliability, performance, and security of the Service
- Comply with legal obligations and prevent fraud or abuse
4. Data handling
We take your data seriously:
- Uploaded files are processed in memory and are never written to a persistent database or storage system.
- Your uploaded data is retained in server memory for up to one hour after upload, after which it is discarded.
- For live accounting connections, API data is fetched on demand and not stored beyond the active session.
- Generated reports (PDF and HTML drilldown files) are stored temporarily and are accessible only via a private, unguessable URL. These files are automatically deleted within 30 days of generation.
- We do not share, sell, rent, or transfer your data to any third party.
5. Third-party integrations
When you connect a live accounting data source, the following applies:
- QuickBooks Online: We use Intuit’s OAuth 2.0 authorisation system. Access is limited to the scopes you approve during the consent process.
- Xero: We use Xero’s OAuth 2.0 authorisation system. Access is limited to the scopes you approve during the consent process.
In all cases, we use connected data solely to provide the requested analysis. We do not use it for advertising, profiling, or any purpose beyond the Service.
6. Data security
We take appropriate technical and organisational measures to protect your data, including:
- Using HTTPS/TLS for all communication with our servers
- Encrypting OAuth tokens and other sensitive data at rest
- Restricting access to production systems to authorised personnel only
- Monitoring systems for suspicious or unauthorised activity
7. Data retention and deletion
- Uploaded file data is discarded from memory within one hour of processing.
- Generated report files are automatically deleted within 30 days of generation.
- OAuth tokens and session data are retained only while your account is active and necessary to provide the Service.
- You may disconnect a linked accounting account at any time via the Service settings, which immediately revokes our access.
- You may request deletion of your account and all associated data by contacting us at privacy@thereconciliator.com. We will process deletion requests within 30 days, subject to any legal obligations to retain limited records.
8. Your rights
Depending on your location, you may have the right to:
- Access a copy of the personal data we hold about you
- Request correction of inaccurate or incomplete information
- Request deletion of your data, subject to applicable law
- Withdraw consent by disconnecting linked accounts at any time
9. Children’s privacy
TheReconciliator is not intended for children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information promptly.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the effective date at the top of this page when we do. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
11. Contact us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
privacy@thereconciliator.com
